F5 101 - Application Delivery Fundamentals
What are the purposes, advantages and challenges associated with hardware based application delivery platform solutions?
ADC appliances can help you simplify your network by offloading servers and consolidating devices, saving management costs as well as power, space, and cooling in the data center. It can take longer to acquire for implementations which can add to timelines in projects and some public cloud environments don't let you run your own hardware since it's a virtualized environment.
What is the USB port on BIG-IP used for?
Importing a hotfix or other file
What are some benefits of TTL?
Improving performance of a network, improving load balancing performance or to improve privacy (DNS spoofing)
The Ratio load balancing method can be useful in situations where server capacity is unequal. T/F?
True
The purpose of APM is to create a secure access to internal apps by using a single authentication and provide control using a single management interface. T/F?
True
To enable proper state reporting and mirroring, F5 recommends that you configure network failover in addition to hardwired failover. T/F?
True
Unlicensed modules can be provisioned but will not work. T/F?
True
You can use the Setup utility to create an Active/Standby DSC config. T/F?
True
In order to creater a SIP persistence profile, you must always create and use a SIP services profile. T/F?
True Create both profiles, then assign them to the same vServer.
Explain the method of Dynamic Ratio load balancing and when to use it.
Similar to Ratio however, ratio weights are system-generated not static and based on real-time server performance analysis. Use on RealNetworks RealSystem Server, Windows platforms equipped w/ WMI or any server equipped w/ an SNMP agent such as UC Davis SNMP or Windows 2000 Server SNMP agent.
What are the elements that create a socket pair?
Source IP address and port Destination IP address and port
What are the different IPv6 Address types and define them?
Unicast: One-to-one Multicast: One-to-many Anycast: An address configured in multiple locations
What is the purpose and functionality of a URL?
Uniform Resource Locator; formatted text string used by web browsers, email clients and other software to allow a resource such as a document, graphical image or multimedia file to be uniquely addressed by specifying the host name, directory path and file name where it is located on the Internet. Consists of Network Protocol, Host name and File/Resource location.
What is the bigip.conf file?
Stores all configuration objects for managing local application traffic, such as virtual servers, load balancing pools, profiles, monitors and SNATs. When you perform a configuration synchronization of a redundant system, this file is synchronized to the other unit.
What is caching and why is it beneficial?
Stores recently retrieved resources so they can be quickly supplied in reply to a request. Clients will cache recently accessed web resources if a user asks for them they're displayed without needing to make a request to a server. Any intermediary device can satisfy a request for a file if it's in its cache. Acceleration solution.
What is "Asymmetric Acceleration" caching
The acceleration device caches objects from web servers onto itself and delivers them directly to users, offloading the web servers. It can both assemble the objects from instructions in the HTTP response and deliver them using fewer objects and fewer transactions. Can dramatically reduce server TCP and app processing, improve web page loading time reducing the need to regularly expand the # of web servers required to service an app. Can improve any sized environment however, due to the expense of the equipment this setup is typically utilized in larger enterprises.
Where is the license stored on a Viprion?
The annunciator card that resides in the chassis which gets associated with the serial # of the blades upon initial license setup.
What is the concept of persistence?
The ability of a load balancer or other traffic management solution to maintain a virtual connection between a client and a specific server. Ensures that once a client has made a connection to a specific server that subsequent requests are sent to the same server. In the first request a server is chosen. Upon subsequent requests the load balancer will auto select the same server to ensure continuity of the app or to avoid the intensive process of renegotiation (SSL).
PC1 and PC2 reside on the same VLAN and both use IPv6. When PC1 pings PC2's IPv6 address, PC1 doesn't know PC2's MAC address. How does PC1 learn PC2's MAC address? a. DHCP b. stateless autoconfiguration c. ARP d. NDP
d. Neighbor Discovery Protocol (NDP) acts as a replacement for several IPv4 protocols, including ARP, as well as providing several new functions for IPv6. ARP does not exist in IPv6.
Which of the following IPv4-to-IPv6 transition methods allows an IPv4-only host to communciate with an IPv6-only host? a. 6to4 tunneling b. Dual-stack c. ISATAP tunneling d. NAT-PT
d. Network Address Translation-Protocol Translation translates between IPv4 and IPv6 and vice versa. The two tunneling methods allow IPv6 hosts to communicate with other IPv6 hosts, sending the packets through an IPv4 network. Dual-stack allows a host or router to concurrently support both protocols.
When removing and replacing a blade in a Viprion, which of the following apply? a. The blade must be re-configured prior to this procedure? b. The entire chassis needs to be shutdown prior to this procedure c. A blade license must be procured prior to this procedure d. The blade is hot-swappable
d. The blade is hot-swappable
When you provision the Viprion for vCMP, which of the following apply? a. vCMP is set to Dedicated, and all other provisioning settings are not changed b. vCMP is set to Nominal, and all other provisioning settings are not changed c. vCMP is auto selected if you select LTM d. vCMP is set to Dedicated, and all other provisioning settings are set to none
d. vCMP is set to Dedicated, and all other provisioning settings are set to none
If the hardware card is too busy or if no hardware card is installed, the system uses __ to compress data.
zlib
What is the purpose and functionality of SIP?
Session Initiation Protocol; application level sessions. Provides setup, maintaining, and teardown of multimedia/unified communications on port 5060.
What factors determine how much data can be sent in a TCP segment?
The current size/status of the sliding window mechanism on the part of the receiver and the MSS which is largely determined by the MTU.
How is the TCP checksum algorithm run?
The device sending the segment runs the calculation; the same algorithm is then employed by the recipient to check the data it received and ensure that there were no errors.
What is the purpose and functionality of MAC addresses?
The unique 48 bit (6 byte) physical/hardware/ethernet address assigned to each devices NIC allowing them to communicate via Layer 2 frames.
Which port is assigned to LDAPS?
636 LDAP over SSL
Which port is assigned to DHCP?
67 TCP/UDP
Which port is assigned to TFTP?
69 TCP/UDP
Which port is assigned to ICMP/ECHO?
7
Which port is assigned to HTTP? HTTPS?
80, 443
Which port is assigned to HTTP Proxy?
8080
What is the default route address in IPv6?
::/0
Describe symmetric encryption
A clear text message is sent, the shared private key is inserted, the now encrypted message goes through a VPN encrypted tunnel and the shared secret key on the receiving end decrypts the message displaying a clear text message to the recipient. Encrypted messages can be cracked via brute force and enough time. If a hacker breaks through s/he will be able to view encrypted data until the shared private key is changed.
What is a Traffic Group?
A collection of related config objects, aka failover objects, such as floating self IP, virtual IP and SNAT translation addresses. If a device becomes unavailable, responsibility for processing these traffic objects floats (fails over) to another device in the device group. Prior to failing over, each of the devices in the device group must have all of the config data that supports those objects-vServers, pools, nodes, monitors, profiles, etc via configsync function.
What is the purpose and functionality of a collision domain?
A collision domain is anywhere on the network that packets can collide. Each entire hub/repeater represents a collision domain. Collisions have been resolved by modern switches with the use of CSMA/CD where collided packets are discarded and resent at random intervals. Each port on a switch/router represents a collision domain.
What does HTTP status code 500 mean?
INTERNAL SERVER ERROR. Most commonly a server-side script with bad syntax.
What must be included in the status line of every HTTP response message?
<HTTP-VERSION> <status-code> <reason-phrase> HTTP/1.1 200 OK
What is the HTTP/1.1 Header and value used to close an HTTP connection?
"Connection: Close" HTTP/1.1 defines the "close" connection option for the sender to signal that the connection will be closed after completion of the response signifying the connection is no longer "persistent."
What is the HTTP header that specifies caching directives?
"cache-control: <cache-directive>" cache-control: public, max-age=30 Note that HTTP/1.0 caches might not implement Cache-Control and might only implement "Pragma: no-cache"
What is the purpose of the various address types found on each layer of the OSI model?
-Application-Datagram -Presentation-Datagram -Session-Datagram -Transport-Segment -Network-Packet PDU. Packet sequencing, congestion control. IP address routing & switching. Router, L3 Switch. -Data Link-Frame. MAC address, assigned to NIC; forward, filter, flood. Switch/Bridge. -Physical-Bits on wire. Cables, Nics, Hubs.
Which HTTP request methods were defined in HTTP 1.0?
-GET: GET /path/to/file/index.html HTTP/1.0 -HEAD: HEAD /path/to/file/index.html HTTP/1.0 -POST: POST /path/script.cgi HTTP/1.0
What is the purpose and functionality of IP addressing and subnetting?
-IP Address: used to uniquely ID a device on an IP network, 32 bits, dotted decimal divisible into a network portion & host portion w/ addition of subnet mask. -Subnetting: Allows for multiple logical networks that exist within a single Class A, B or C network.
Compare/Contrast purpose and functionality of MTU and MSS
-Maximum Transmission Unit: Contains the IP & TCP Headers and the MSS. The max size of a single data unit (ie frame) for Ethernet is 1500 bytes - can be manually config in the Registry. If too low, streams of traffic will break into a large # of small packets adversely affecting performance. -Maximum Segment Size: Inside the MTU containing the Data field of a TCP segment, value set during a session connection establishment and largely determined by the MTU. Based on the MSS option val set in the TCP SYN packets that peers exchange during session negotiation.
What are the benefits of a positive security model?
0-day attacks and developer related shortcomings will be prevented. Susceptible to false positives - unaccounted for functions possibly being blocked.
What are the 2 options for installing a device certificate on the BIG-IP?
1. BIG-IP self-signed certificate (default) 2. Import CA-signed certificate (optional)
How do you configure initial setup on a BIG-IP device?
1. Config Mgmt port IP address, netmask, default gateway 2. License the system to activate software 3. Provision: Nominal (recommended), Minimum, Dedicated, None 4. Install device cert 5. Config platform: IP Address, Netmask, Hostname, Host IP address, Time Zone, Root & Admin accounts, SSH Access 6. Config Network & HA
What were some of the objectives to designing DNS?
1. Creating a global, scalable, consistent namespace 2. Local control over local resources 3. Distributed design to avoid bottlenecks 4. Application universality 5. Multiple underlying protocol support 6. Hardware universality
What are the 3 basic phases of an SMTP session?
1. Establish: HELO command 2. Mail Transactions 3. Terminate: QUIT command
What are the 3 most essential components that make up the WWW?
1. HTML: A text language used to define hypertext documents. 2. HTTP: The TCP/IP application-layer protocol that implements the World Wide Web, by enabling the transfer of hypertext documents and other files between a client and server. 3. URIs/URLs: A method of defining labels that identify resources on an internet so that they can be easily found and referenced.
When is it useful to enable the RAM cache feature on a BIG-IP system?
1. High-demand objects: content server only has to serve content to BIG-IP system once per expiration period 2. Static Content: useful if site consists of CSS files, javascript files, or images/logos 3. Content Compression: RAM cache takes stress of BIG-IP system and the content servers
When are some instances that can cause an HTTP redirection to occur?
1. LB_FAILED iRule event 2. The selected node sends an RST after a TCP 3WHS has completed but before the node has sent at least a full response header 3. LTM finds the selected node is unreachable while receiving the body portion of a request or a pipelined request
What are the 2 sets of BIG-IP system routing tables?
1. Linux routing table, for routing admin traffic through the MGMT interface 2. TMM routing table, for routing app and admin traffic through the TMM interfaces
In order for failover to be successful in a DSC setup for HA, you must have what 3 types of IP addresses specified on each device?
1. Local, static self IP address for VLAN HA 2. Local MGMT IP address 3. 1+ floating IP addresses associated w/ a traffic group
What are the 2 kinds of BIG-IP system routes?
1. Management Routes: used to forward traffic through the special management interface. Stored in the Linux routing table. 2. TMM Routes: used to forward traffic through the TMM interfaces instead of through the management interface. Stored in both the TMM and kernel routing tables.
What are some important improvements in HTTP 1.1?
1. Multiple Host Name Support: allows 1 web server to handle requests for dozens-hundreds of different virtual hosts 2. Persistent Connections: client can send multiple requests for related docs to a server in a single TCP session 3. Partial Resource Selection: client can request part of a resource rather then the entirety 4. Better Caching and Proxying Support: providing clients w/ faster replies to requests while reducing server load 5. Content Negotiation: allows the client and server to exchange info to help select the best resource or version when multiple variants are available 6. Better Security: defines authentication methods
What are the 3 basic name system functions of DNS?
1. Name Space: hierarchical and organized using a multi-level structure with particular naming rules 2. Name Registration System: based on the idea of a hierarchy of domains and registration authorities responsible for them. 3. Name Resolution: similarly hierarchical, and designed around interaction between name resolver and name server software components that consult databases of DNS resource records and communicate using a special messaging protocol to answer client queries.
What are the 4 constructs that makeup an iRule?
1. Operators (==, >, <) 2. Functions (findstr, getfield, substr) 3. Statements (if, switch, log, pool) 4. Commands (HTTP::uri, AES::encrypt)
What are the states of ARP entries in the BIG-IP system?
1. Resolved: successfully received an ARP response which remains in the ARP cache until timeout 2. Incomplete: 1 or more ARP requests made within the max # of requests allowed without a response 3. Down: the system has made the max # of requests allowed without a response, discards the packet and sends an ICMP host unreachable
What are are some of the general categories that cache-control directives cover?
1. Restrictions on what is cacheable; only imposed by the origin server. 2. Restrictions on what may be stored by a cache; imposed by either the origin server or the user agent. 3. Modifications of the basic expiration mechanism; imposed by either the origin server or the user agent. 4. Controls over cache revalidation and reload; imposed by a user agent. 5. Control over transformation of entities. 6. Extensions to the caching system.
What are 3 Fragmentation Issues and Concerns to be aware of?
1. Sequencing and Placement: The receiving device must be able to determine the sequence of the fragments to reassemble them in the correct order. 2. Separation of Fragmented Messages: The destination may be receiving multiple sets of fragments that must be put back together. 3. Completion: The destination device has to be able to tell when it has received all of the fragments so it knows when to start reassembly
What are the 4 algorithms used in TCP Congestion Handling?
1. Slow-start 2. Congestion Avoidance 3. Fast Retransmit 4. Fast Recovery
What is the manual licensing process for a BIG-IP device?
1. Start w/ base registration key 2. Generate dossier 3. Copy dossier to F5 license server 4. Generate license 5. Copy license to BIG-IP 6. Finish licensing process on BIG-IP
What are the 2 types of self IP addresses that you can create?
1. Static or non-floating: not shared with another BIG-IP system 2. Floating: shared in an HA device group Both exist on TMM interfaces and are processed by TMM
Network failover is required for which types of deployments?
1. Sync-Failover device groups of 3+ devices 2. Active-active configs 3. Viprion platforms 4. VE
What are the 2 approaches senders can use to decide the size of IP datagrams to send over the network?
1. The sending host sends an IP datagram of size equal to the MTU of the first hop of the source destination pair. 2. Run the path MTU discovery algorithm described in RFC 1191 to determine the path MTU between 2 IP hosts.
Given a fragment, identify what information is needed for reassembly.
1. Total Length: of each fragment 2. Identification: unique identifiers in the IP header of each fragment sent. 3. More Fragments: set to 1 for all fragments except for last one 4. Fragment Offset: solves the problem of sequencing fragments by indicating to the recipient device where in the overall message each particular fragment should be placed according to the original datagram.
What are the 3 steps to an SMTP mail transaction?
1. Transaction initiation and sender ID 2. Recipient ID 3. Mail transfer
What are some of the vulnerabilities cookies share?
1. Transmission of sensitive info 2. Undesirable use (theft/hijacking) 3. Third-party or unintentional cookies
Given a situation in which a client connects to a remote host, explain how the name resolution process occurs
1. User system checks local host file for matching entry 2. Check local name cache for matching entry 3. Request the IP address from local DNS server for the site 4. If entry located it gets added to local cache and connects 5. Local DNS server calls root servers in its DNS config for IP address of Authoritative Name Server for the .com domain & queries for A record (IPv4 address)
Which port is assigned to NTP?
123
Which port is assigned to IMAP4?
143
Which port is assigned to SNMP?
161-162 TCP/UDP
Which port is assigned to RADIUS Authentication?
1812-1813
What are the general categories for HTTP status codes? 1xx 2xx 3xx 4xx 5xx
1xx: Informational 2xx: Success 3xx: Redirect 4xx: Client-side Error 5xx: Server-side Error
Which port is assigned to FTP?
20 (data) 21 (connection)
Which port is assigned to NFS?
2049
What are these HTTP status codes? 206 300 304 403 505 550
206: Partial Content 300: MULTIPLE choices 304: NOT MODified. Cached. 403: FORBIDDEN. Valid request but server refused to respond to it. 505: HTTP Version Unsupported 550: PERMISSION DENIED
Which port is assigned to SSH?
22
Which port is assigned to SMTP?
25
Which port is assigned to RDP?
3389 Terminal Server
Which port is assigned to LDAP?
389
Which port is assigned to SIP?
5060
Which port is assigned to DNS?
53 TCP/UDP
What is the difference between A and AAAA records in DNS?
A = IPv4 address record for a host AAAA = IPv6 address record for a host
What is the purpose of signing?
A digital signature is a mathematical cryptographically based scheme for demonstrating the authenticity of a digital message or document. It gives a recipient trust that the message was created by a known sender, that the sender can't deny having sent the message (auth and non-repudiation) and the message was not altered in transit (integrity). Provides a layer of validation and security to messages sent via non-secure channels. Asymmetric cryptography.
What is the ConfigSync function used for?
A high availability feature that synchronizes configuration changes from one BIG-IP device to other devices in a device group. This feature ensures that the BIG-IP device group members maintain the same config data and work in tandem to more efficiently process application traffic.
What is a trunk?
A logical grouping of interfaces on the BIG-IP system that acts as a single interface. It's used to distribute traffic across multiple links in a process known as Link Aggregation.
What is a VLAN?
A logical subset of hosts on a LAN that operate in the same address space
Given a list of scenarios, identify which is a positive security model
A mostly static environment with little change to apps. This environment will require delivery of only known requests and results and would fit the granularity of the security model in place with the static management of the environment which is typical for critical assets. It would also be considered a higher level of security.
What is the purpose and functionality of a cookie?
A piece of text that a web server can store on a user's hard drive which allows a site to retrieve it later. Sites can determine # of visitors, new and repeat and how often visited. Authentication cookies are the most common method used by web servers to know whether the user is logged in or not and which account they are logged in with. Vulnerable to XSS allowing a cookie's data to be read by a hacker.
What is a proxy and how does it function in the Client/Server relationship?
A proxy is an intermediary device that functions as a "middleman" in the communication between client/server. Requests get passed from client>proxy>server and vice versa in what's called a request/response chain.
What is the purpose of iRules?
A script written in the bigip.conf file to activate extended capabilities of the BIG-IP not available via the CLI or GUI. Send traffic to pools, pool members, ports or URIs. Commands are processed by TMM.
What is the purpose and functionality of Routing protocols?
A standard or set of rules which determine how routers on a network communicate/exchange info w/ each other allowing for best routes to remote networks to be selected. Perform network discovery & update/maintain routing tables.
Define "Certificate Authority"
A third party Registration Authority (e.g. Verisign) runs a CA process against all digital certificate requests by checking the public key, private key and running 2 checksum verification's for authenticity.
What are the differences between "Acceleration" solutions and "Optimization" solutions?
Acceleration: Caching, typically asymmetric, improve efficiency of servers and applications Optimization: Focused on the WAN (the network/client-side), improve utilization of bandwidth, QoS, data deduplication
What is APM?
Access Policy Manager; Centralized AAA Authentication, Authorization, Accounting and SSL VPNs
What are the differences between root vs admin login creds?
Admin: No CLI Access, GUI only. A special standard user account Root: No GUI Access, CLI only. The system maintenance account using the Setup utility. Grants full access to BIG-IP system resources. Auto assigned the Admin user role.
At what point of a connection can an iRule be triggered?
After the 3-way handshake of a TCP connection between a client, server and/or virtual server.
What is the function of the Application Layer?
Allows access to network services that support applications. Handles network access, flow control and error recovery. DHCP, DNS, FTP, HTTP, Telnet, SMTP, POP3, SNMP, SSH, IMAP4, NNTP, NTP.
When is it appropriate to use a full proxy architecture?
Always. Load balancing to enable scale, reliability and performance for apps; log data, act as a gatekeeper (authentication/authorization), scan inbound/outbound traffic for malicious content; perform app layer services. This is the architecture F5 devices use.
What is a self IP address and what is it used for?
An IP address on the BIG-IP system associated with a VLAN (internal/external) to access hosts on that VLAN. It represents a range of IP addresses spanning the hosts in the VLAN rather than a single host address.
Given a list of scenarios, identify which is a negative security model
An environment with high variability in apps. Since constant changes would be occurring, it would be difficult and very time consuming to keep up with the management of allowing specific traffic in as opposed to allowing all traffic and blocking specific traffic that is known to be untrustworthy.
What is a MAC masquerade address and what is its purpose?
An optional, locally administered or custom MAC address overriding the burned-in address and signified by adding 02h to the first byte of the pre-assigned MAC address.
What is AFM?
Application Firewall Manager; High performance, stateful, full-proxy network firewall. Looks for concerns for high-volume network attacks flooding resources until servers/networks are overwhelmed. Ideal for protecting internet-facing data centers wherever they reside.
What is iControl?
Application Programming Interface (API): an open API for management of the BIG-IP. REST/SOAP-based using XML info set for message format and relies on other app layer protocols (ie HTTP and SMTP) for message negotiation and transmission defined by base URI.
What is ASM?
Application Security Manager; Defend against attacks. IPS, typically a negative security model.
What is iSession?
Create an encrypted, optimized secure tunnel over the WAN between two BIG-IP systems to share in load-balancing and failover. The BIG-IPs can and should be geographically remote.
What is active/active high availability?
Both units are in an active state simultaneously. If 1 unit goes down, the other unit begins processing that traffic in addition to its own.
You can manually force a traffic group to standby from any device in a device group. T/F?
False You can only manually force standby on a currently active device.
When is a virtual machine solution appropriate?
Critical to maintaining an adaptable, consolidated, scalable network and accomplishing the business continuity demanded by today's advanced app infrastructures.
What is the function of the Presentation Layer?
Compression, decompression, encryption and decryption. Translates from application to network format and vice versa. SSL, WEP, WPA, Kerberos, JPEG, GIF, MPEG, ASCII.
What is contained in a cookie?
Customer name, shopping cart items, username and password.
What is the purpose and functionality of HTTP?
Application protocol used to deliver all files/data on the internet whether HTML, image, query results, etc. Takes place via TCP/IP sockets. Browser is the client which sends requests to HTTP/Web Server and listens on port 80. Stateless - doesn't maintain any connection info between transactions.
What layers are in the TCP/IP model and how do they compare to the OSI model?
Application: Application, Presentation, Session Transport: Transport Internet: Network Network Access: Data Link, Physical
At which layer of the OSI Model would you use/find HTTP?
Application
At which layer of the OSI Model would you use/find SSH?
Application
What is the AAM?
Application Acceleration Manager; combines the app delivery features of WOM and WebAccelerator.
What is the Self-IP? Describe floating vs non-floating.
Assigned to a specific VLAN to provide direct access to the LTM system. Distinct from vServer addresses, and do not process load balanced traffic. May be used for administration and/or routing or to provide egress addresses for some outbound traffic. Netmask represents an IP Address space/range spanning the hosts in the VLAN rather than a single host address. ○ Static/Non-floating IP Address: configured on each VLAN to provide L3 presence specific to each device. ○ Floating IP Address: configured on each VLAN to provide L3 presence specific to each redundant pair, and are "owned" by the Active unit in an Active/Standby redundant pair, or by the assigned unit in an Active/Active pair. ○ Automap: Allows the address to be used in SNAT-based address translations
Is the typical website Certificate/Key symmetric or asymmetric?
Asymmetric
What does AAA stand for?
Authentication, Authorization, Accounting
What are the different TMOS resource provisioning levels?
Available in the System section on the Main tab of the navigation pane: ○Dedicated: specifies that this is the only active module, all others will be set to None (Disabled). ○Nominal: allocates CPU, memory, and disk space in a way that is applicable for most typical configurations. ○Minimum: allocates the smallest amount of CPU, memory, and disk space to the corresponding module. ○None (Disabled): indicates that there is no allocated CPU, memory, or disk space. Typical for unlicensed mods.
What does HTTP status code 400 mean?
BAD REQuest
Which dynamic routing protocols does the BIG-IP system support?
BGP4: external networks, distance-vector, IPv4/IPv6 IS-IS: internal networks, link-state, IPv4/IPv6 OSPFv2: internal networks, link-state, IPv4 OSPFv3: enhanced version, IPv6 RIPv1/RIPv2: internal networks, distance-vector (# of hops), IPv4 RIPng: enhanced version of RIPv2, IPv6
What is the default IP address on the Mgmt Int on a BIG-IP device? VIPRION?
BIG-IP: 192.168.1.245 VIPRION: 192.168.1.246 Seen as eth0 by Linux
Explain the method of Observed load balancing and when to use it.
Based on the # of L4 connections last observed for each pool member by assigning ratio values. Prefers the pool member with the greatest ratio value. Rare and not recommended for large pools.
Explain the method of Fastest load balancing and when to use it.
Based on the # of outstanding L7 requests to a pool member and the number of open L4 connections. Server selected based on least # of current sessions. Useful in environments where nodes are distributed across separate logical networks. Must have L7 Services profile and TCP profile configured in order to function properly.
What are the purposes, advantages and challenges associated with IPsec?
Best solution for tunneling traffic between 2 business locations. Protocol suite for securing IP communications by authenticating and encrypting each IP packet of a communication session. Can be used in protecting data flows between a pair of hosts (host-to-host), a pair of security gateways (network-to-network) or between a security gateway and a host (network-to-host). Supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption) and replay protection. Endpoint control is a key risk factor. Doesn't provide granular access controls down to the app layer, essentially allowing the remote device to be a node on the network.
What is the BPSH?
BigPipe Shell; 9.x-10.x
Define trunking according to F5
Bonding 2 interfaces together.
How does TCP address error correction?
By running the checksum algorithm to ensure that the sender/receiver data stream sums are equal. Packets w/ incorrect checksums are discarded and eventually retransmitted using Automatic Repeat Request (ARQ).
How does an acceleration device increase client-side TCP connections?
By spoofing a browser and modifying the URLs in an HTTP response to speed page downloading. The modified names appear to the browser to be different servers, so the browser opens parallel connections to these altered URLs rather than serially downloading the objects from 1 URL.
How does SIP handle persistence for SIP sessions?
By using Call-ID, a globally unique identifier that groups together a series of messages, which are sent between communicating apps.
What does CRLF represent and where is it inserted in an HTTP message?
CR and LF are ASCII vals 13 and 10. All text, initial lines and headers should end in CRLF.
What is "Symmetric Acceleration" caching
Cache and serve content to users at the remote site. The remote acceleration device serves content locally whenever possible, which reduces both response time and network utilization.
What are the benefits of a negative security model?
Can be deployed rapidly; blocking any known bad attacks that could happen; vulnerable to unknown 0-day attacks.
What is the purpose of ihealth?
Can determine when your system is operating outside of normal levels so you can take the steps to improve performance, checks for security issues and recommends patches.
Explain the method of Ratio Least Connections load balancing and when to use it.
Causes the system to select the pool members according to the ratio of the # of connections that each pool member has active.
What is Active FTP?
Client connects from a random unprivileged port (N > 1026) to port 21 on the FTP server. Next, client listens to port N+1, or 1027, and sends the FTP command PORT N+1 to the FTP Server. The server connects back to the client's specified data port from its local data port 20. The problem is that the FTP relies on the server to connect back to the specified port the client said it was listening on. This appears to be an outside system initiating a connection to an internal client-something usually blocked by firewall.
What is Passive FTP?
Client initiates both connections to server and opens 2 random unprivileged ports locally (N > 1026 and N + 1), issues a PASV command. Next, server opens a random unprivileged port (P > 1026) back to the client in response to PASV. Client initiates the connection from port N+1 to port P on the server to xfer data. Solves the problem of firewalls filtering incoming data port connection to the client from the server.
Describe how to connect to a BIG-IP device via serial console
Connect cables: F5 RJ45 or DB9 serial; Launch PuTTY using F5 settings: Serial, 19200 speed 8-N-1; Upon CLI window: root default config OK NO to manually config IP addresses... Confirm settings tmsh list sys management-ip Access the GUI via web browser
What are the advantages of iApps? In which situations would they be appropriately used?
Customizable, easy editing of configs and cleanup, reentrancy, config encapsulation, copy/import/export capability, community support for DevCentral hosted templates. Deploying services-based, template-driven configs on BIG-IP systems running TMOS 11.0.0 and later. Can be used to deploy WAN-optimized acceleration for FTP traffic between two BIG-IP systems running the Application Acceleration Manager (AAM).
At which layer of the OSI Model would you use/find Ethernet protocol?
Data Link
At which layer of the OSI Model would you use/find a Network Switch?
Data Link
Explain the method of Round Robin load balancing and when to use it.
Default option. Passes each new connection request to the next server in line distributing connections evenly across the array of machines being load balanced. Works well in most configs especially when machines are of approximately equal processing speed and memory (homogeneous).
What is the purpose and functionality of HTTP headers?
Define the operating params of an HTTP transaction. Colon-separated name-value pairs in clear-text string format, terminated by a carriage return (CR) and line feed (LF) char sequence."Host: www.host1.com:80" where Host: is the only required header in an HTTP 1.1 request. Without it, each hostname requires a unique IP address. The port ":80" isn't required since it's the default HTTP port.
What is a profile in F5?
Defines the way that you want the BIG-IP system to manage a certain type of traffic using a group of settings, with values, that correspond to that traffic type, such as HTTP traffic.
Multiple devices that trust each other and can synchronize config data and failover to one another are called __?
Device Group
What is the purpose and functionality of a broadcast domain?
Devices on the same subnet, VLAN and shared gateway transmit frames to locate a destination IP address by broadcasting for it out all ports of a switch except the one it was received on. Divided by routers, L3 switches or VLAN's.
What are some examples of asymmetric key techniques/algorithms?
Diffie-Hellman key exchange Various elliptic curve techniques RSA encryption algorithm
What is the source address affinity persistence? How is this option enabled on BIG-IP?
Directs session requests to the same server based solely on the source IP address of a packet. You must create an HTTP load balancing pool and a vServer prior to customizing the default HTTP profile or implementing the default persistence profile.
Which port is assigned to IPSEC?
Doesn't reside on its own port. Network Layer protocol suite for securing IP communications by authenticating and encrypting each IP packet in a session. Exists in tunnel and transport modes.
What is the purpose and functionality of DNS?
Domain Name System; resolves domain names to IP addresses using a hierarchical name space so we don't need to memorize IP addresses. Domain names and associated IP addresses are mapped on a DNS server. The nslookup command allows you to manually query the name servers to resolve a given host name.
What is the purpose fragmentation?
Each router must be able to fragment as needed to handle IP datagrams up to the size of the largest MTU used by networks to which they attach.
What are the advantages of SSO?
Enables users to not have to use/remember multiple IDs and passwords. Requires stronger forms of authentication for higher risk info and apps.
What is the function of the Transport Layer?
End-to-end error recovery, buffering, windowing and flow control between hosts across the network. TCP, UDP, SPX (Sequenced Packet Exchange - Novell NetWare).
What is the purpose, use and benefits of EM?
Enterprise Manager; Centralized management platform for device inventory, software installs, config backup, ASM policy synch and attack signatures, SSL cert monitor, Performance monitor, Enable/Disable objects
Name 3 attributes/features of TCP
Error-free transfers, Sequenced data transfer, Lost packets are retransmitted.
What is the function of the Session Layer?
Establish, maintain and terminate remote sessions. Manages who can transmit data at a certain time and for how long. NetBIOS, RPC (Remote Procedure Call), Sockets, SQL, Logical ports: 21, 22, 23, 80.
An iRule is unable to create an event that can manipulate egress traffic. T/F?
False To manipulate egress traffic, define a virtual server-targeting-virtual server config and reference the iRule
What are the default VLANs? How can different VLANs pass traffic?
External: conceptual external network Internal: conceptual internal network Traffic passed via trunking/VLAN tagging using Link Aggregation
What is the TCP Connection Termination Procedure?
FIN>ACK/FIN>ACK
What does HTTP status code 302 mean?
FOUND. Moved Temporarily
It's acceptable if the server returns an HTTP version # that is greater than the client sent in its request. T/F?
False
If a datagram is passed from a network with a high MTU to one with a low MTU, it will not need to be fragmented to fit the network with the smaller MTU. T/F?
False All high MTU's must be fragmented to fit onto networks with lower MTU's. This is the job of the Internet Protocol.
A network failover config has precedence over a hardwired failover config. T/F?
False If network failover traffic is compromised, a hardwired failover cable config will have precedence.
SMTP servers only send e-mail, they do not receive it. T/F?
False The device sending mail acts as a client for that transaction; the one receiving it acts as a server. To avoid confusion, it is easier to refer to the device sending e-mail as the SMTP sender and the one receiving as the SMTP receiver; these were the terms used when SMTP was originally created.
The header of the original datagram does not change when fragmented. T/F?
False The header of the original datagram is changed into the header of the first fragment, and new headers are created for the other fragments. Each is set to the same Identification value to mark them as part of the same original datagram.
In dynamic ratio load balancing, the weight assigned to an individual pool member does not determine how much traffic the pool member receives. T/F?
False The higher the value of the weight, the more traffic is directed to the pool member. Conversely for a lower value of weight (less traffic directed).
The only purpose of the Local Traffic Manager is to load balance applications. T/F?
False The purpose of the LTM is to load balance applications in your environment by using advanced TCP connection management, TCP optimization and server offloading and also provides a high security solution.
In HTTP/1.1 TCP connections are closed after each request/response, so each resource to be retrieved requires its own connection taking up CPU, bandwidth & Memory. T/F?
False, statement is referring to HTTP/1.0 HTTP/1.1: Persistent connections are default. Faster response, multiple transactions over single persistent connections, more bandwidth by adding cache support, chunked encoding supported for faster dynamically-generated pages, multiple domains to be served from single IP address. Added 5 more HTTP request methods: OPTIONS, PUT, DELETE, TRACE, CONNECT.
Which applications require the reliable data delivery services that TCP offers?
For applications such as file transfers, database services, transaction processing, and other mission-critical applications in which every packet must be delivered-guaranteed.
What is the purpose and functionality of SMTP?
For email; Outlook connects to SMTP server at mail.example.com using port 25 telling it the sender and recipient's address and message body. Once the server recognizes the domain name of the sender it passes the message to its POP3 server.
When is it appropriate to use IPsec as a VPN solution?
For tunneling traffic between 2 business locations, for a permanent connection between 2 specific locations (ie branch or remote office and corporate headquarters). To provide access to a small finite # of remote workers using tightly controlled corporate-issued laptops. No longer an effective remote access solution when comparing costs of IT overhead and the desire for granular access controls for highly portable devices considering the demands of an increasingly BYOD workforce.
What does FQDN stand for and how is it used?
Fully-Qualified Domain Name; complete domain name uniquely identifies a node in the DNS name space by giving the full path of labels from the root of the tree down to that node.
Give some examples of profile types that are used to manage application layer traffic
HTTP FTP SIP RTSP Diameter RADIUS iSession (available w/ WAN optimization module) SMTP (when Protocol Security Module is licensed)
What profile types are offered to manage HTTP traffic?
HTTP HTTP Compression Web Acceleration
Describe the purpose of Compression
GZIP, the most common/default algorithm, in web browsers and servers, finds small, repeating patterns and reduces the chars required to send them. Used to offload overhead from web servers and enable the acceleration device to perform other optimizations that improve performance for an HTTP/HTTPS stream. Optimization feature.
What is GTM?
Global Traffic Manager; Global application delivery with DNS
Describe the purpose of HTTP Keepalives
HTTP 1.1 resolves the issue of needing 1 TCP connection for every object on a page in HTTP 1.0. Tells the server not to close the TCP connection until the browser said to or it didn't hear from the browser for X # of seconds (a time out). Aka persistent connection.
What is Pipelining and when/why was it introduced?
HTTP 1.1; Along with persistent connections came pipelining which allows the browser to send multiple requests in "rapid-fire" to a server without waiting for a response. Once all requests have been sent the browser begins listening for a reply. With the high bandwidth speeds available, the RTT (Round Trip Time) impact is relatively low making this capability obsolete. Because the server must return responses to requests in order, the server has to do extra processing to ensure compliance with this part of the HTTP 1.1 spec which inhibits a boost of performance making it more of a security risk than performance enhancement.
What are persistent connections, why are they used and when were they introduced?
HTTP 1.1; Once a TCP connection is established, the client can send many requests to the server and receive replies to each in turn. This allows files to be retrieved more quickly, and conserves server resources and Internet bandwidth.
What is the name of the HTTP Header and the value used w/ HTTP 1.0 to hold the connection open as opposed to closing immediately after the HTTP Response?
HTTP Header "Connection: Keep-alive" HTTP value to hold connection open = "timeout" represented by an integer in sec KA are TCP optional, used in a persistent "connection" header, to maintain a connection between devices. If a reply isn't received by the "timeout" time the connection gets dropped.
Which feature in an HTTP profile allows you to manipulate traffic to another protocol identifier, host name, port number or URI path?
HTTP Redirection Redirection to a fallback host occurs if all members of the targeted pool are unavailable or if a selected pool member is unavailable.
Why are the specifications in a client request message named HTTP "Methods?"
HTTP is considered a generic, stateless, object-oriented protocol. Object-oriented programming is a technique where software modules are described as objects. The procedures each object can perform are called methods.
What are the differences between BIG-IP hardware vs the Virtual Edition (VE)?
HW: To significantly reduce the # of application servers needed by offloading computationally intense processes to a BIG-IP ADC appliance. VE: Critical to maintaining an adaptable network and accomplishing the scale, consolidation and business continuity demanded by today's advanced app infrastructures. Quick cloud deployment.
__ is used to encrypt and decrypt digital signatures.
Hashing The digital signature is transformed with the hash function and then both the hashed value (known as a message-digest) and the signature are sent in separate transmissions to the receiver.
In addition to profiles, what other LTM features can help you manage application traffic?
Health Monitors: checking health of HTTP/HTTPS services iRules: querying or manipulating header or content data
Given a packet traversing a topology, document the source/destination IP address/MAC address changes at each hop
IP S/D never change. L2 switches/bridges do not modify S/D MAC address. A router will modify the S MAC by substituting the original S MAC w/ its gateway.
Is it ideal to use a larger MTU size or smaller when sending IP datagrams?
Ideally, we want to use as large an MTU as possible without fragmentation occurring. Determining the optimal MTU to use for a route between two devices requires knowing the MTU of every link on that route.
What is a network gateway?
In an internetwork of systems the network gateway is a router that provides an entry point to systems located in another network.
When is a hardware based application delivery platform solution appropriate?
In order to significantly reduce the # of application servers needed by offloading computationally intense processes to a BIG-IP ADC appliance.
Where is the TCP profile located in the BIG-IP system?
In the Configuration utility, under Local Traffic > Profiles > TCP
What is a TCP checksum error?
Indicates a corrupt file by using an algorithm providing basic protection against errors in transmission via a 16-bit Checksum field in the TCP segment header.
What are some of the features offered in an HTTP profile?
Insertion of headers into HTTP requests Compression of HTTP server responses
What are the benefits of deploying BIG-IP devices in a redundant configuration?
Interruption of services will not occur. Users would never know if a unit was down.
What characteristic in networking eliminates the concern for single point of failure?
Introducing device service clustering (DSC) in a High Availability (HA) environment
How does an acceleration device decrease server-side TCP connections?
It can aggregate, or "pool," TCP server-side connections by combining many separate transactions from many users through fewer (or one) TCP connections.
What are some key optimization benefits to deploying AAM?
It can quickly support and optimize legacy and emerging protocols such as HTTP 2.0, FTP, UDP. Reduce the application load from servers and the network by offloading CPU-intensive processing tasks.
What is a packet forwarding/packet-based architecture?
Located in the middle of a stream of communications; not an endpoint - only passes packets through. Less complex & faster than traditional proxy-based designs. Referred to as flow-based processing.
What is the purpose of the Application layer?
It provides the first step of getting data onto the network. A user/client will initiate the data flow via a software application (browser, e-mail, file sharing) which sends the data encapsulated down the framework to be packaged and sent across the network where it's received and de-encapsulated as it's unpacked up the framework into a readable form presented to the recipient.
Why would you want to enable HTTP compression?
It reduces the amount of data to be transmitted, significantly reducing bandwidth usage. Browsers and servers can be configured to compress and uncompress HTTP content. The headers used in an HTTP Request are represented as "Accept-Encoding: gzip, deflate" and in HTTP Response "Content-Encoding: gzip"
What is the reply code structure for SMTP?
It uses the form "xyz", where "x" is the first digit, "y" the second and "z" the third.
Given a routing table and a destination IP address, identify which routing table entry the destination IP address will match
It will choose the entry that most closely matches the destination IP address, the default route if no other host/network route matches or the IP default-gateway address to a router's network gateway.
What is the RAM cache feature on the BIG-IP system and why is it useful?
It's a cache of HTTP objects stored on the BIG-IP systems RAM that are reused by subsequent connections to reduce the amount of load on the back-end servers.
What is the function of the HTTP Response Chunking feature?
LTM can unchunk a chunked response and process the HTTP content.
Explain the method of Ratio load balancing and when to use it.
LTM distributes connections among pool members or nodes in a static rotation according to defined ratio weights. Static method based on user-specified ratio weights proportional to capacity of servers (non-homogeneous).
Explain the method of Least Connections load balancing and when to use it.
LTM passes a new connection to the pool member or node that has the fewest open connections at the time the new connection request is received. Best when servers have similar capabilities (homogeneous). If servers have varying connection limits (non-homogeneous), this can cause issues and it's recommended to use the Weighted Least Connections method instead. Use w/ HTTP, SMTP servers
What is LACP and what can it do?
Link Aggregation Control Protocol 802.3ad, EtherChannel, teaming or trunking; detects error conditions on member links and redistributes traffic to other member links, preventing any loss of traffic on the failed link.
What type of IPv6 address is FE80::/10?
Link-local unicast akin to the private, non-routable IPv4 addresses
What is LTM?
Local Traffic Manager; Intelligent application delivery
How do you remove an SSL Certificate from a BIG-IP device?
Log into the Configuration Utility and navigate to: System > File Management > SSL Certificates List Select the box next to the cert and choose delete.
What type of address should be configured in an HA environment where 1+ traffic groups are operating?
MAC Masquerade; can be assigned to each traffic group and associates that address w/ any floating IP addresses associated w/ the traffic group causing a VLAN to carry traffic/services for multiple traffic groups.
What are the concepts of multifactor authentication?
MFA; a security system in which 2 or more forms of authentication are implemented to verify the legitimacy of a transaction. Its goal is to create a layered defense making it more difficult for unauthorized personnel to access a computer system/network. Achieved by combining 2-3 credentials based on something the user knows (password, PIN), something the user has (virtual/hardware token, smart card) or something the user is (biometric, retna).
What does HTTP status code 301 mean?
MOVED Permanently
Describe some of the different TCP options that are available.
MSS, Window Scale, SACK, Timestamp
What is a full proxy architecture?
Maintains separate connections or session tables, one between itself and the client-side and one between itself and the destination server-side. A single flow connection from end-to-end that chooses which characteristics of the connection to focus on (client/server) as it can't simultaneously optimize for both. Establishes completely separate transport layer connections to apps. This has been expanded by F5 outward to the architecture creating an "application delivery tier."
What preparations should be carried out prior to configuring DSC for HA?
Management interface configured Same modules licensed, provisioned Valid device certificates Host name (FQDN) System clocks synchronized (NTP) VLANs and self IPs Admin username/password Backups for clean restore points
How does TCP flow control occur?
Manages the basic data transfer process so that the flow of data between devices is transferred efficiently and reliably without either devices sending data faster than the other can receive it via the sliding window mechanism.
Explain the advantages of dedicated hardware (SSL card, compression card)
Max SSL: 2,000-240,000 vs 900-12,000 SSL Throughput: 4Gbps-40Gbps vs 23Mbps-4Gbps Max Compression Throughput: NA-40Gbps vs 20Mbps-4Gbps
What is active/standby high availability?
Most common HA setup. One device is actively processing traffic while the other device remains ready (idle/standby) to take over if failover occurs. Upon failover, the standby unit becomes active. Most common type of redundant system.
What are the purposes, advantages and challenges associated with SSL VPN?
Most common today. Higher layer security protocol than IPsec, working on App layer, included in all modern browsers. Can provide highly granular policy and access control required for secure remote access. Reduce IT support costs, minimizes IT overhead involved in provisioning, configuring and maintaining an enterprise remote access solution, streamline administration costs by controlling all access to enterprise resources via a single centralized gateway, greater security of application based remote access compared to Ipsec. Requires explicit permission to access specific network resources.
What type of IPv6 address is FF00::/8?
Multicast
What does HTTP status code 404 mean?
NOT FOUND. Requested resource doesn't exist.
What is the purpose of distribution of load across multiple servers?
Needed due to the amount of connections and utilization that an app may have coming in from its core base of users which can often far exceed the throughput capacity of a single server hosting the app.
At which layer of the OSI Model would you use/find ARP?
Network
At which layer of the OSI Model would you use/find IP?
Network
Which HTTP request methods were added to HTTP 1.1?
OPTIONS PUT DELETE TRACE CONNECT
What is the network and broadcast address for the following IP address and net mask: 10.61.73.51/22
Network: 10.61.72.0 Broadcast: 10.61.75.255
When is it appropriate to use a packet-based architecture?
Never. Only makes decisions below L4 and can't interact with application layer data. Performance restrictions and increased intelligence have made it obsolete.
What does HTTP status code 200 mean?
OK Successful request
How do you connect to the Serial Console on an older BIG-IP device? A newer device? What settings are needed?
Older: DE9F-DE9F or DE9F-USB, aka "null modem cable" or RS232 Newer: RJ45M-RJ45F Connect the RJ45F to RJ45M rolled serial adapter to the console port if you are connecting the system to a serial console server with a standard CAT5 cable, and then connect the CAT5 cable to the adapter. Terminal Emulator (PuTTY) Settings: COM1, 19200, 8-N-1
What types of situations might cause a Reset Function to occur?
One device had a software crash and was restarted in the middle of a connection; some sort of glitch caused the states of the two devices to become unsynchronized; one device closes/aborts the connection without the other one knowing about it meaning one device is in the ESTABLISHED state and the other is in the CLOSED state.
What are some examples of protocols/services using asymmetric key algorithms?
PGP Internet Key Exchange SSL/TLS SSH Bitcoin
What is the function of the Data Link Layer?
Passes frames between network and physical layers. LLC and MAC sublayers provide data framing, addressing error detection and handling. 802.11/Wi-Fi, Ethernet, Frame Relay, ATM.
What is a POST request method used for?
Passes info to the server. Commonly used to enable a client to submit info such as an interactive HTML form to a program on the server, which takes action based on that input and sends a response. It allows clients to send messages to forums or update databases.
At which layer of the OSI Model would you use/find Ethernet cable?
Physical
At which layer of the OSI Model would you use/find a Network Hub?
Physical
Explain the method of Weighted Least Connections load balancing and when to use it.
Pool members/nodes are selected based on the # of active connections held while also considering the server capacity. Allows you to specify the Connection Limit to establish a proportional algorithm for each pool member. It requires all pool members to have a non-zero connection limit specified. Works best in environments where servers have differing capacities.
Which port on a BIG-IP device is used for hardwire failover?
Port below the console port. Use DE9 Serial or the F5 variation of RJ45M-RJ45F dongle w/ a standard Cat5 Ethernet cable.
Given a list of situations, determine which is appropriate for an SSL VPN solution
Preferred solution today. Best solution for remote users to access business resources remotely. Home PCs, kiosks, PDAs and unmanaged devices over wired and wireless networks. Lower costs, broadened security. Ideal for inverted networks w/ granular access control.
At which layer of the OSI Model would you use/find Encryption?
Presentation
At which layer of the OSI Model would you use/find SSL/TLS?
Presentation
What is the PSM?
Protocol Security Module; Provides powerful security services for HTTP/S, SMTP, and FTP at BIG-IP system speed.
Which protocol provides AAA management on the network? How are Authentication methods defined over it? Which BIG-IP module offers AAA?
RADIUS Authentication methods are defined for PPP over RADIUS using either PAP or CHAP (most secure). APM
Explain the method of Predictive load balancing and when to use it.
Ranks server performance over time and prefers pool members that exhibit an improvement in performance over those that decline. Similar to Observed but increases/decreases ratio values over time depending on performance. Rare and not recommended for large pools.
What are the purposes, advantages and challenges associated with VM's?
Rapidly provision consistent app services across the data center and into the cloud. Deploy w/ increased agility, achieve automation and orchestration in cloud architectures, optimize app services more efficiently, flexibility. Throughput speeds and volumetric processing of SSL transactions per second doesn't compare with anything above a 4000 series in hardware.
Where does reassembly occur in the fragmentation process?
Reassembly is done only by the recipient device.
What is the purpose and functionality of ARP?
Resolves IP addresses into MAC addresses - locates the Ethernet address associated with a desired IP address. Works to glue the IP and Ethernet layers together. Network Layer.
What is a GET request method used for?
Retrieve a resource from a server. If the request cannot be processed properly, an error message may result.
What is a HEAD request method used for?
Returns the HTTP Response Headers. Allows a client to check for the existence, status or size of a file before deciding whether or not to retrieve the whole thing. Headers in the request/response are the same as when a GET is used but the server doesn't return any data or message body.
What is the function of the Network Layer?
Routing and packet-switching via logical paths (virtual circuits) for data transmission. Addressing, internetworking, error handling, congestion control and packet sequencing. IP, IPv4, IPv6, OSPF, ICMP, IGMP, ARP.
Define VLAN tagging according to F5
Running multiple VLANs across a wire (trunking).
What are the 3 Transport layer protocols that SIP runs through?
SCTP, TCP or UDP. If one of these is not assigned the system auto selects for you
What does HTTP status code 303 mean?
SEE OTHER. Often used by CGI script to redirect the browser to an existing file.
What does HTTP status code 503 mean?
SERVICE UNAVAILABLE. Overloaded or down for maintenance, generally temp.
What is the difference between Telnet and SSH? Why are F5 devices only access remotely via SSH?
SSH uses encryption on port 22 while Telnet (port 23) does not. SSH secures the traffic from being readable as it traverses the network.
What is the recommended VPN solution for a mobile/changing business environment (IPSec or SSL)?
SSL VPN as it requires the least amount of administration, easy connectivity from non-company devices (home desktops, laptops) and minimum software maintenance.
Which port is assigned to SSL?
SSL/TLS doesn't reside on its own port but runs over protocols on separate ports such as HTTPS on 443, SMTPS on 465, NNTPS on 563, and LDAPS on 636 for example.
What is SAML and what is its purpose?
Security Assertion Markup Language; XML-based solution for exchanging user security info between an enterprise and a service provider. Used to enable Single Sign-On (SSO) for web apps across various domains.
What type of TCP option is sent by the host to indicate usability?
Selective Acknowledgements (SACK) is sent during the 3 way handshake and notifies the machine to resend any missing bytes.
Explain the method of Least Sessions load balancing and when to use it.
Selects the server that currently has the least # of entries in the persistence table. The pool must be assigned to a vServer that uses a persistence profile. Works best in environments where the servers or other equipment that you're load balancing have similar capabilities (homogeneous).
What is the role of a client?
Sends an HTTP Request message to the server for a service. Used by employee to perform day-to-day tasks using apps and accessing files stored on a server. In the WWW, the client is the browser installed and the user's machine while the info on the different pages is stored on the server.
What is the role of a server?
Sends an HTTP Response message to the client requesting the service and provides the service. Large capacity computer, acts as the "brains" of the business. Apps and data files stored on the server. Acts as a processing power source.
Name some of the attributes that Acceleration provides
Server load balancing, SSL Offloading, Optimize TCP, Compression, Caching, Optimize HTTP, Data deduplication.
Are bulk encryption keys symmetric or asymmetric?
Symmetric as it can be up to 100-1,000x faster. Used in persistent data (emails, files), TLS, IPSec
What is the purpose and functionality of FTP?
TCP-based service used to transfer files from host to host over a network built on client-server architecture. Connect anonymously or w/ username/password. Ports 20/21. For secure transmission to hide/encrypt username/password and content use SSL/TLS FTPS or SSH SFTP.
What's the difference between TMOS and tmsh?
TMOS is the operating system that encompasses TMM, LTM, and Host Management Subsystem (HMS) where the tmsh shell resides within the Linux OS.
What is the difference between TMOS and Linux Administration?
TMOS: Traffic Manager Operating System; manages the Application Delivery Services Modules (LTM, GTM, APM, ASM, etc), iRules, iApp, SSL and Compression. Linux: TMSH, GUI and CLI for administering the system
What does HTTP status code 307 mean?
Temp Redirect
What must be verified prior to enabling a dynamic routing protocol?
That the Port Lockdown setting on all self IP addresses has been configured.
The BIG-IP system utilizes __ __ to compress HTTP server responses. The __ __ are either __ cards or __ programs that you can install on multiprocessor BIG-IP systems to perform HTTP data compression.
The BIG-IP system utilizes compression providers to compress HTTP server responses. The compression providers are either hardware cards or software programs that you can install on multiprocessor BIG-IP systems to perform HTTP data compression.
Which system controls the BIG-IP management interface and what type of traffic does it process?
The Linux OS controls it and only administrative traffic gets processed.
Which layer of the OSI model converts bits to bytes and bytes to frames?
The MAC sublayer of the Data Link layer converts frames into bits to be sent on the Physical Layer and vice versa. Data Link layer addresses are represented by 48-bit (6 byte) MAC/physical/hardware/ethernet addresses.
What is the MTU for an Ethernet frame and what does this mean for IP datagrams?
The MTU for an Ethernet frame is 1500 bytes which means Ethernet can't handle PDUs greater than 1500 bytes. Requires matching the size of the IP datagram to the size of the underlying data link layer frame size.
What appears as an Option in the Flags portion of the TCP Header to indicate a Reset has occurred?
The RST flag is set to 1
Which field and size does the MSS specify?
The TCP maximum segment size (MSS) specifies the maximum number of bytes in the TCP segment's Data field, regardless of any other factors that influence segment size. The default MSS for TCP is 536, which results from taking the minimum IP MTU of 576 and subtracting 20 bytes each for the IP and TCP headers.
Why is the bulk encryption that occurs after the SSL handshake so much less processor-intensive? Why isn't this a risk?
The cert and master key have been verified confirming a secure SSL connection. No risk because the CA's job is to verify the validity of the cert. When a client accepts a cert that hasn't been issued by a trusted CA, the risk for breach increases.
The initial SSL Handshake is very processing intensive when using typical cert/key config. Why?
The client and server must each exchange a series of info via Hello messages, including verification of a digital cert and numeric vals used to generate a master key for SSL encryption. If the servers cert is missing the private key, it's broken/corrupt, the CA is not the trusted root, the SSL/TLS protocol is disabled or there's a corrupt reg val the processing can be affected.
What is another name for a floating IP address?
The cluster IP address is a floating management IP address used to access the primary blade of a Viprion to configure the system with a default IP address of 192.168.1.246/24
Explain what is occurring in a man-in-the-middle attack
The communication of public keys is intercepted by a third party (the "man in the middle") and then modified to provide different public keys instead. These attacks are prevented by the Certificate Authority who verifies the user of a system by their unique digital signature.
In routing, what is a metric?
The cost of using a route which is typically the number of hops to the IP destination. Anything on a local subnet is 1 hop and each router crossed after that is an additional hop.
What is the purpose and process of a reset?
The option in the Flags portion of the TCP header. It allows a station to abort the TCP connection with another station during an established connection. When a machine isn't receiving ACKs a RST should be sent. RST packets are a sign that the TCP connections are half open-only 1 side is involved in the TCP session.
What is the pupose of certificates and certificate chains?
The root certificate is generated by a CA and embedded into software applications in order to establish a digital chain of trust. The purpose of the issuing CA is to isolate certificate policy from the root. In the case of an SSL certificate, the end entity certificate represents the linkage between a website owner and the website domain name.
What is a network default gateway?
This instructs the router/workstation/node to send all traffic that doesn't match a route in its routing table to a defined default route or static IP address on the network which typically ends up being a router.
What is occurring when a TCP window size drops to Zero?
This means that the receiving host is having trouble processing incoming data fast enough. It could also be a Reset-Packet which usually have a window size of 0. To TSHOOT, check your Windows Scaling option and TCP Window size.
What is the purpose of the TTL functionality?
Time To Live; Default value of 128 is embedded inside the IP packet header. Used to stop a packet with an invalid IP address from looping infinitely on a network, eventually slowing traffic. The TTL decrements upon each hop accross a router/L3 device. Once the TTL = 1, packet dropped and ICMP destination unreachable sent.
What is the TCP option used to accurately set the timer threshold value for a virtual circuit?
Timestamps which measure the round trip delivery times for various segments and monitor additional segments throughout the connection's lifetime to acclimate changes to the network.
What is the purpose and functionality of VLANs?
To conserve physical space by creating virtual networks, separate subnets, each being it's own broadcast domain using a switch (instead of a router). They help to limit broadcast traffic & configure security settings on a per user basis.
Why is it helpful to include a client IP address in an HTTP header of a SNAT connection?
To preserve the original client IP address.
What is the purpose and functionality of ports in general?
To provide a service. Ports and sockets are the addressing scheme of TCP/IP on the Transport Layer. Clients connect to a service at a specific IP address on a specific port #.
What occurs if the MSS is set too low? Too high?
Too low: results in very inefficient use of bandwidth. Too large: results in an IP datagram being too large to be sent without fragmentation. To diminish the likelihood of fragmentation and to protect against packet loss, you can decrease the TCP MSS.
SMTP determines the server that handles the user's mail using the Domain Name System (DNS) and sends the mail to that server directly. T/F?
True
What are TMM switch interfaces used for?
Traffic Management MicroKernal; Provides network entry connection points into the BIG-IP system for routers and switches and controlled by TMOS while Linux controls the BIG-IP Mgmt interface only.
What is the TMOS?
Traffic Management Operating System TMOS is the first, completely purpose-built, modular, self-contained, real-time, event-driven F5 proxy architecture with the ability to transparently utilize hardware and software unilaterally to achieve the best performance and intelligence.
What is the TMSH?
Traffic Management Shell; 11.x and later versions
What is the purpose and functionality of TCP?
Transmission Control Protocol: a connection-oriented, acknowledged, reliable, fully-featured protocol designed to provide applications with a reliable way to send data using the unreliable Internet Protocol. It provides flow controls and reliable data delivery services (error checking/checksum) by managing end-to-end connections across a series of point-to-point connections, aka virtual circuits. FTP, Telnet, SMTP, DNS, HTTP, POP3, NNTP, IMAP, BGP, NFS.
What is the function of the Physical Layer?
Transmits raw bit stream over physical cable. Cables, Hubs, NICs.
At which layer of the OSI Model would you use/find TCP?
Transport
At which layer of the OSI Model would you use/find UDP? What characteristics describe UDP?
Transport Uses best effort delivery, connectionless and fast. The main security flaw is susceptibility to spoofing and DOS attacks.
All of these objects are interrelated and changes in 1 can possibly break an application: vServers, Pools, Members, Nodes, Profiles, Monitors, iRules. T/F?
True
HTTP state info can be maintained indefinitely with the use of a cookie allowing the client and server to have a "memory" that persists over a period of time. T/F?
True
IP is an unreliable, connectionless protocol. T/F?
True
In pipelining, each initiated request is still processed sequentially, ie a request in the queue is not processed until the previous request has received a response. T/F?
True
RAM cache does not cache: Private data specified by cache control headers; HEAD, PUT, DELETE, TRACE and CONNECT methods (default). T/F?
True
Implementing SSL processing on an acceleration device in the DC rather than a server can improve application response because the device can perform all optimization functions on the packets in clear text. T/F?
True Implementing SSL in an acceleration device also reduces SSL overhead and management because SSL processing is offloaded from the servers.
At the TCP level, there is no way to directly comprehend what is causing congestion or why. T/F?
True It's perceived as inefficiencies in moving data from one device to another, by needing some segments to be retransmitted. The segments don't reach their destination, and are therefore left unacknowledged and will eventually expire and be retransmitted.
SSL-encrypted traffic cannot be accelerated by an external device because acceleration devices cannot understand the content of encrypted packets. T/F?
True Once encrypted, the only thing that can be done is to implement QoS to prioritize the traffic.
Sometimes iRules are profile specific, meaning that the connection state is only reached if a certain profile is also assigned to the virtual server. T/F?
True The key take away is that events allow iRules to be broken down into logical pieces and then executed only when that particular event occurs.
The management port IP address must be on a separate network from the self IP address. T/F?
True The management port is simply a NIC that uses an address hosted by the Linux kernel; it is not part of the switch fabric. The rest of the ports are controlled by the TMM kernel, so they cannot share address space.
While TCP provides reliable services, it depends on the unreliable or best effort service of IP to delivery packets. T/F?
True The original Internet architects wanted to remove as many services from the network itself to support fast packet delivery rather than reliability. Routers don't keep track of packets or ensure delivery, they just forward them relying on the end device to handle reliability.
In order for an HTTP_REQUEST event to trigger in the HTTP Request Header, the server must also have an HTTP profile attached to it prior to attaching the iRule. T/F?
True The profile makes examination of HTTP headers possible.
The persistent connection feature of HTTP/1.1 does not change the stateless nature of the protocol. Even though multiple requests and responses can be sent on a single TCP connection, they are still not treated as being related in any way. T/F?
True This is why HTTP State Management using "Cookies" is necessary.
Scenario of BIGIP1 and BIGIP2, an active/standby pair: BIGIP1 (standby) continually checks the health of BIGIP2 (active) by sending "heartbeat" packets to it. If no response is received from BIGIP2, this triggers a failover event and BIGIP1 will take over processing for the traffic group in seconds. T/F?
True heartbeat packets will trigger failover
Which port is assigned to UDP?
UDP, connectionless, Transport Layer protocol, runs on the following protocols: DNS 53, POP3 110, SNMP 161, RIP 520, DHCP/BOOTP 67-68, TFTP 69, NFS 2049, Voice/Video.
What does HTTP status code 401 mean?
UNAUTHORIZED
What is the purpose of authentication?
Used to determine if a user/identity is who they claim to be. Accomplished by MFA. Based on a measure of risk. Only as good as the weakest link in the chain of the verification process.
What does the UCS archive file of a BIG-IP System contain?
User Configuration Set; config files, product licenses, user accounts and passwords, SSL certificate and key pairs, DNS zone files and ZoneRunner config
What is the purpose and functionality of UDP?
User Datagram Protocol: connectionless, provides fast unreliable best effort packet delivery built without order on top of IP protocol. DNS, SNMP, POP3, RIP, DHCP/BOOTP, TFTP, NFS, Voice/Video.
What is the purpose of iApps?
User-customizable framework for deploying applications, like SharePoint. They consist of Templates, Application Services and Analytics. Templates include 3 sections: presentation, implementation and help.
What are some of the most common configuration objects in BIG-IP?
VS, pool, pool member, node
What is the WOM?
WAN Optimization Manager; Accelerate replication between data centers
What is the WAM?
Web Access Management
What is a retransmission and how does it occur?
When data is sent, unacknowledged, and the specified timeout setting has expired, it is retransmitted. A feature of TCP Reliability and Flow Control for lost or corrupt packets. When the client program on the destination computer receives the IP Packets, the TCP/Transport layer reassembles the individual segments and ensures they are correctly ordered and error free as it streams them to an application.
When does congestion occur on the network?
When it becomes very busy, the speed at which segments are carried between the endpoints of our connection will be reduced, and they could even be dropped.
When would persistence be necessary when load balancing traffic between multiple servers?
When using a web application to login, or an e-commerce site w/ shopping cart. A user may send a request to one of the servers that's unaware of his/her session. Persistence is needed in this situation to send all requests in a user session consistently to the same backend server.
What are the advantages of iRules? In which situations would they be appropriately used?
You can extend the capabilities of the BIG-IP not available via CLI or GUI. Used to add functionality to an app that is not readily available via the built-in config options such as custom redirect, modifying the URI, logging specific info about user's session to implement persistence or meet load balancing requirements. Header modification, payload replacement, creating a socket connection to an outside system.
What must be included in the request line of every HTTP request message? a. Method b. URI of resource c. HTTP version d. Connection Header
a, b, c GET /index.html HTTP/1.1
What is a checksum and when is it used in networking?
aka hash sum; a small-size datum from a block of digital data for the purpose of detecting errors possibly introduced during transmission/storage. Used to detect data corruption errors and verify data integrity. All packets/frames in a network can be damaged by crosstalk or EMI in the physical cables. The Frame Check Sequence is an extra field in each transmitted frame that can be analyzed for errors. The FCS uses Cyclic Redundancy Checks (CRCs), checksums and 2-D parity bits to detect errors in the frames.
A pool is configured with Ratio (member) load balancing, and Priority Group Activation is set to less than 3 available members. Based on the individual pool member configs and availability conditions shown below, which pool members is the BIG-IP system currently directing traffic to? a. 172.16.20.1:80, Ratio 3, Priority Group 5, Available (green circle) b. 172.16.20.2:80, Ratio 3, Priority Group 4, Available (green circle) c. 172.16.20.3:80, Ratio 6, Priority Group 4, Unavailable (red diamond) d. 172.16.20.4:80, Ratio 1, Priority Group 3, Available (green circle) e. 172.16.20.5:80, Ratio 5, Priority Group 1, Available (green circle)
a. 172.16.20.1:80, Ratio 3, Priority Group 5, Available (green circle) b. 172.16.20.2:80, Ratio 3, Priority Group 4, Available (green circle) d. 172.16.20.4:80, Ratio 1, Priority Group 3, Available (green circle)
What is the key feature of the Web that makes it so powerful? a. Hypertext b. URI c. TCP/IP
a. Hypertext, which allows links to be made from one document to another. The Internet is an essential component of the WWW.
Which version of SSL was never released and which version had security issues? a. v1.0 b. v2.0 c. v3.0 d. v4.0
a. v1.0 Never Released b. v2.0 Security Issues c. v3.0 Current Version
Describe the concept of a negative security model
aka "blacklist." Define what's blocked/disallowed/not allowed and implicitly allow everything else. Based on a set of rules that detect attacks rather than allow only valid traffic. Very common in IDS/IPS systems.
Describe the concept of a positive security model
aka "whitelist," Default F5 setting. Define what's allowed and block/reject everything else. Deny access to everything and only allow access to specific authorized resources or functions.
What is the purpose and functionality of link aggregation?
aka 802.3ad, 802.1ax, trunking or VLAN tagging. Improves reliability through: 1. Automatic Failover: if 1 link goes down on a 4-port aggregate, the remaining 3 links handle the traffic from the down link; 2. Aggregated throughput: Each operational aggregated link can run at the configured line speed & outgoing traffic is spread according to a configured preference.
What is the purpose and functionality of HTTP keepalives?
aka HTTP Persistent Connection/HTTP Connection reuse, in HTTP 1.1 uses single TCP connection to send/receive multiple HTTP requests/responses vs opening a new connection for every single request/response pair which was used in HTTP 1.0. Optional field.
What is the purpose of a switch's forwarding database?
aka MAC or CAM table, maintains the database of MAC addresses and on which port they can be reached.
Which HTTP headers represent compression methods? a. Connection: <Header-Value> b. Accept-Encoding: <Header-Value> c. Content-Type: <Header-Value> d. Content-Encoding: <Header-Value>
b. Accept-Encoding: gzip, deflate; HTTP Request d. Content-Encoding: gzip (or deflate); HTTP Response gzip is the default value if no preference specified
Which of the following answers lists a multicast IPv6 address? a. FD80::1:1234:5678:9ABC b. FF80::1:1234:5678:9ABC c. FE80::1:1234:5678:9ABC d. 2000::1:1234:5678:9ABC
b. FF80::1:1234:5678:9ABC Global unicast addresses, which are publicly routable, begin with 2000::/3, meaning the first 3 bits match the value in hex 2000. Unique local addresses match FD00::/8, and link local addresses match FE80::/10. Multicast IPv6 addresses begin with FF00::/8, meaning the first 2 hex digits are F.
Which provisioning level allocates only what's needed to enable module functions? a. None b. Nominal c. Dedicated d. Minimum
b. Nominal (recommended) Also allocates additional as needed during operation.
Which of the following is the most likely organization from which an enterprise could obtain an administrative assignment of a block of IPv6 global unicast IP addresses? a. ICANN b. An ISP c. Global unicast addresses are not administratively assigned by an outside organization. d. An RIR
b. One method for IPv6 global unicast address assignment is that ICANN allocates large address blocks to RIRs, RIRs assign smaller address blocks to ISPs, and ISPs assign even smaller address blocks to their customers.
Which field indicates the type of TCP option used? a. Option-Data b. Option-Kind c. Option-Length
b. Option-Kind It's also the only field that is not optional. ie MSS, Window Scale, SACK, Echo, Timestamps, etc In the Options portion of the TCP header.
Which of the following is the IPv6 loopback address? a. ::/0 b. ::/128 c. ::1/128 d. FE80::/10
c. ::1/128
Which provisioning level allocates everything and runs on one module only? a. None b. Nominal c. Dedicated d. Minimum
c. Dedicated
Which of the following is required before a device can synchronize config data or failover to another device? a. TCP 3-way handshake b. Secure Tunnel connection c. Device Trust
c. Device Trust The devices must establish a trust relationship which is based on mutual authentication through the signing and exchanging of device certificates.
Which HTTP header must be present in every HTTP/1.1 request? a. Accept-Language: <header-value> b. Accept-Encoding: <header-value> c. Host: <header-value>
c. Host: <header-value>
Which of the following is the shortest valid abbreviation for FE80:0000:0000:0100:0000:0000:0000:0123? a. FE80::100:0:0:0:123:4567 b. FE80::100::123 c. FE80:0:0:100::123 d. FE8::1::123
c. Inside a quartet, any leading 0s can be omitted, and one sequence of 1 or more quartets of all 0s can be replaced with double colons (::). The correct answer replaces the longer 3-quartet sequence of 0s with ::
What's a primary purpose of the MAC Masquerade address? a. Hiding true MAC addresses b. Security c. Minimize ARP communications d. Minimize dropped packets
c. Minimize ARP communications and d. Minimize dropped packets as a result of a failover event.
What is the technology at the heart of ihealth? a. UCS b. Encryption c. QKView file
c. QKView file
What is the best load balancing option to use if your server capacity is nonhomogeneous? a. Observed b. Least Sessions c. Ratio d. Round Robin
c. Ratio Ratio (member) or Ratio (node) options distribute connections via static ratio according to defined ratio weights.
What is considered the envelope in an SMTP transaction? a. Message itself b. HELO command c. Sender and Recipient ID
c. Sender and Recipient ID
Typical traffic group members are:
floating self IP addresses, virtual addresses, NAT or SNAT translation addresses and IP addresses associated with an iApp application service.
What is the name of the default acceleration profile on the BIG-IP system?
http-acceleration It can be enabled from within another BIG-IP system module, such as the WebAccelerator system. Most of its settings come from the default http profile.
What can create templates to deploy applications (ie Sharepoint, HTTP) without causing issues with the interrelated objects of the BIG-IP System?
iApps
The BIG-IP system load balances SNAT Pool connections between members using the __ __ algorithm.
least connections
What is "Classic Approach" caching
max-age timer; Web app code running on server instructs browser to cache an object marked as static for a specific time period (max-age) during which the browser reads the object from cache when building a web page until the content expires. The client then reloads the content. Caching prevents the browser from having to waste time/bandwidth by always accessing data from a central site.
What is vCMP?
virtualized Clustered Multiprocessing; Available on any F5 device with a "v" in its platform name. F5's purpose built hypervisor that allows you to host multiple instances of BIG-IP software guests on a single BIG-IP hardware. Administer device memory, cpu and disk management. Guests consist of TMOS and 1 or more modules
What is the purpose of encryption?
○ Authentication: Proving your identity. Typically name-based or address-based. ○ Privacy/confidentiality: Ensuring only the intended recipient can read the message. ○ Integrity: Ensuring that the intended message has not been altered upon receipt. ○ Non-repudiation: Proving the sender really sent the message.
What is the role authentication plays in AAA?
○ Authentication: The AAA server compares a user's authentication credentials w/ other user creds stored in a database. ○ Authorization: The process of enforcing policies - determining what types or qualities of activities, resources, or services a user is permitted. ○ Accounting: Measures the resources a user consumes during access. Carried out by logging session statistics and usage info and is used for authorization control, billing, trend analysis, resource utilization and capacity planning activities.
What are the benefits of TCP optimization?
○ Decreasing server-side TCP connections: Can dramatically improve app performance and reduce the number of servers required to host an app. ○ Increasing client-side TCP connections: Accelerates HTTP traffic.
Distinguish between private/public keys
○ Private: Standard. Both parties share an encryption key which is used to decrypt the message. This single key is used to encrypt and decrypt messages. It's like making copies of a house key, anyone w/ a copy can open the lock. ○ Public: Uses 2 keys - one to encrypt and one to decrypt. A sender will encrypt their message with the recipients public key while the recipient's closely guarded private key is used to decrypt the message once it's received.
Compare/contrast symmetric/asymmetric encryption
○ Symmetric: Uses shared private keys which are used to encode a message so that only the sender and the recipient of the message who know the secret key can unlock/decrypt it. Susceptible to being cracked/decoded via Internet transit. ○ Asymmetric : Uses a pair of keys for added security - a private key for yourself and a public key that is published online for others to see. The public key is used to access the encryption code that corresponds to your private key.
Define the following Monitor Status Icons: Green Circle Red Diamond Blue Square Yellow Triangle
○Green Circle: Available ○Red Diamond: Offline ○Blue Square: Unknown ○Yellow Triangle: Connection Limit