Thursday, December 27, 2012

F5 TMOS Administration Exam Study Guide

The second exam in the F5 certification path deals with the TMOS operating system and the day-to-day operation and basic troubleshooting of TMOS-based devices.  It doesn't require you to be able to install and set up devices, but rather administer them once they are installed.

In this post, I will be posting the various links I use in studying for the F5 TMOS Administration exam (Exam 201).  This will include links from the F5 networks site, the F5 devcentral site (get a login if you don't have one), as well as other sites.  This is not intended to be original study material, but rather a collection of jumping off points for your own click-read-learn journey.

Section 1: 19% Troubleshoot basic virtual server connectivity issues
  • Objective 1.01 Given a connectivity troubleshooting situation, consider the packet and virtual server processing order. 
Order of precedence for virtual server matching
Overview of packet tracing with the tcpdump utility
Overview of TCP connection set-up for BIG-IP LTM virtual server types
Manual Chapter: Introducing BIG-IP Local Traffic Manager 

  • Objective 1.02 Identify the reason for an unresponsive virtual server.  
Pool member won’t work through BIG-IP LTM
Troubleshooting LTM Monitors
  • Objective 1.03 Identify the reason for an unresponsive pool member. 
Troubleshooting LTM monitors
Troubleshooting health monitors
Overview of BIG-IP pool status
Determining which monitor triggered a change in the availability of a node or pool member
  • Objective 1.04 Identify a persistence issue. 
Single Node Persistence
Sessions and Cookies and Persistence
Session Management
Section 2: 10% Troubleshoot basic hardware issues
  • Objective 2.01 Perform an End User Diagnostic and interpret the output. 
EUD 11.4 Field Testing BIG-IP Hardware
  • Objective 2.02 Interpret the LCD Warning Messages. 
Operating the LCD Panel
New front panel LED indicator behavior in BIG-IP version 9.x
The Activity LED operation on 8400 platforms
  • Objective 2.03 Identify a possible hardware issue within the log files. 
Writing to and rotating custom log files
Monitoring & Managing LTM Log Files
  • Objective 2.04 Perform a failover to a standby box under the appropriate circumstances. 
Defining network resources for BIG-IP high availability features
Overview of Connection and Persistence Mirroring
Overview of Connection and Persistence Mirroring (11.x)
Section 3: 9% Troubleshoot basic performance issues
  • Objective 3.01 Perform a packet capture within the context of a performance issue. 
Overview of packet tracing with the tcpdump utility
Capturing and viewing packets
Recommended methods and limitations for running tcpdump on a BIG-IP system
  • Objective 3.02 Use BIG-IP tools in order to identify potential performance issues. 

BIG-IP iHealth User Guide
Health and Performance Monitoring
Section 4: 7% Troubleshoot basic device management connectivity issues
  • Objective 4.01 Verify remote connectivity to the box in order to determine the cause of a management connectivity issue.
Configuring Network Access Resources
Diagnosing Network Connection Issues
Defining Connectivity Options
About Network Access
  • Objective 4.02 Check and interpret port lockdown settings in order to determine the cause of a management connectivity issue.
Overview of port lockdown behavior
  • Objective 4.03 Check and interpret packet filters in order to determine the cause of a management connectivity issue. 
Packet Filters
Configuring Packet Filters
Setting Up Packet Filtering
  • Objective 4.04 Given the use of a remote authentication server, verify proper DNS settings in order to diagnose a connectivity issue.
Remote Server Authentication
Configuring Remote User Authentication and Authorization
Section 5: 14% Open a support ticket with F5
  • Objective 5.01 Identify the appropriate supporting components and severity levels for an F5 support ticket.
Instructions for submitting a support case to F5
Information required when opening a support case for BIG-IP LTM or GTM
BIG-IP iHealth User Guide
Generating BIG-IP diagnostic data using the qkview utility (10.x - 11.x)
Information required when opening a support case for BIG-IP Analytics
F5 Networks Technical Support Overview
  • Objective 5.02 Given an issue, determine the appropriate severity. 
F5 Customer Support
Guidelines and Policies
Tech Support Overview
  • Objective 5.03 Provide quantitative and relevant information appropriate for a given issue.
Instructions for submitting a support case to F5 
  • Objective 5.04 Given a scenario, determine the proper F5 escalation method. 
Network Support Centers
Section 6: 10% Identify and report current device status
  • Objective 6.01 Review the network map in order to determine the status of objects on the box. 
LTM Essentials WBT – Module 2 » Home » Supported Products » BIG-IP LTM / VE » BIG-IP Local Traffic Manager: Concepts
  • Objective 6.02 Use the dashboard to gauge the current running status of the system. 
BIG IP V10 Dashboard Overview
Getting Started Guide, see 'Monitoring the BigIP System'
  • Objective 6.03 Review log files in order to gauge the current operational status of the device. 
Need something here... hmmm...
  • Objective 6.04 Use iApps Analytics to gauge the current running status of application services. 
BIG-IP Analytics: Implementations
Section 7: 14% Maintain system configuration
  • Objective 7.01 Create and restore a UCS archive under the appropriate circumstances. 
TMOS Management Guide for BIG-IP Systems v10.x | Creating and Managing Archives
BIG-IP TMOS: Concepts v11.2 | Chapter 9: Archives
Overview of UCS Archives
Backing up and restoring BIG-IP configuration(11.x)
Backing up and restoring BIG-IP configuration(10.x) 
Backing up and restoring BIG-IP configuration(9.x) 
The UCS configuration archive restoration problem (disparate platforms)
Installing a UCS file containing an encrypted passphrase
Getting Started Guide v10.x | Preparing the System for Installation
Change in Behavior: Installing a UCS configuration archive now restores the full configuration
  • Objective 7.02 Identify the components and methods associated with automating and scheduling tasks with the Enterprise Manager.
Enterprise Manager Getting Started Guide v2.3.0
Enterprise Manager Administrator Guide v2.3.0
Enterprise Manager Getting Started Guide v3.0.0
Enterprise Manager Administrator Guide
Enterprise Manager Monitoring Network Health and Activity
  • Objective 7.03 Automate and schedule tasks using Enterprise Manager. 
Enterprise Manager Getting Started Guide v2.3.0
Enterprise Manager Administrator Guide v2.3.0
  • Objective 7.04 Manage software images. 
BIG-IP Redundant Systems Configuration Guide v11.0
Replacing a BIG-IP system in a redundant pair without interrupting service
Upgrading Active Standby Systems v11.0
Upgrading Active Active Systems v11.0
Managing BIG-IP product hotfixes (11.x)
Preparing the System for Installation
Booting the BIG-IP system in single-user mode
Performing a clean installation of BIG-IP version 11.x
Restoring the BIG-IP configuration to factory default settings 11.x
Upgrading the software version or applying a hotfix to BIG-IP GTM v10.x
Upgrading the VIPRION System
Section 8: 17% Manage existing system and application services
  • Objective 8.01 Modify and manage virtual servers. 
BIG-IP Local Traffic Manager v11.2: Concepts
Overview of the BIG-IP HTTP class traffic flow
BIG-IP Local Traffic Manager v11.2: Implementations
Overview of the stateless virtual server
Overview of virtual server types for BIG-IP version 10.x 
HTTP Basics I Web Based Training Course
HTTP Basics II Web Based Training Course 
LTM Essentials Web-based Training Course
  • Objective 8.02 Modify and manage pools. 
BIG-IP Local Traffic Manager v11.2: Concepts
BIG-IP Local Traffic Manager v11.2: Implementations
Pool member reselection options 
LTM Essentials Web-based Training Course 

Thursday, November 29, 2012

F5 Application Delivery Fundamentals Exam Study Guide

I am studying for the first of the new F5 certification exams, Application Delivery Fundamentals. Since there's no official published material to go with the blueprint, I figured I'd put together a list of links for fellow students to use to study for the exam. I'll organize them according to the blueprint, so you can skip sections you think you already know.  A lot of the links are from the F5 support and Devcentral pages, so if you don't already have accounts on those sites, you will need to set them up. 

Section 1 - OSI

The first section of the exam concentrates on some basic networking concepts, working up the OSI model from the bottom.  Most of this information is common knowledge in the networking industry, but I guarantee that you don't know all of it, especially when you get to the application layer protocols.  This is mostly a collection of Wikipedia articles, but with information this basic, Wiki is our friend.

This section is worth 33% of the total test score.
  • Objective 1.01 - Explain, compare and contrast the OSI layers 
OSI Model Wiki
Another OSI Model Overview

  • Objective 1.02 - Explain protocols and technologies specific to the data-link layer 
ARP on F5
MAC Address
Broadcast Domain
Link Aggregation Wiki
Big IP Link Aggregation
  • Objective 1.03 - Explain protocols and apply technologies specific to the network layer 
Routing on F5
TCP/IP Overview
IP Addressing & Subnetting
Routing Protocols
IP Packet Fragmentation
IP TTL (Time to Live)

  • Objective 1.04 - Explain the features and functionality of protocols and technologies specific to the transport layer 
TCP Functionality
TCP Connection Setup by Virtual Server Type
TCP Profile Settings (Tunables)
UDP Functionality
UDP Profile Settings (Tunables)

  • Objective 1.05 - Explain the features and functionality of protocols and technologies specific to the application layer
Application Layer Traffic Managment on F5
HTTP Functionality
HTTP Status Codes
HTTP Headers
F5 HTTP White Paper
DNS Functionality
DNS Record Types
SIP Functionality
F5 SIP White Paper
FTP Functionality
SMTP Functionality
HTTP Cookies
My Name is URL

Section 2 - F5 Solutions and Technology

In this section, we get into the actual F5 Solutions.  Most engineers taking this exam will be experienced with LTM and iRules, but little else.  Hopefully, the familiarity gained from the F5 datasheets and white papers shown below will help you to understand the breadth of the F5 offerings.  Prepare to take the first step into a larger world.

This section is also worth 33% of the total test score.

  • Objective 2.01 - Articulate the role of F5 products
Access Policy Manager (APM)
Application Security Manager (ASM)
Local Traffic Manager (LTM)
Global Traffic Manager (GTM)
Enterprise Manager (EM)
WAN Optimization Manager (WOM)
Web Accelerator
ARX File Virtualization
F5 White Papers
F5 Datasheets
  • Objective 2.02 - Explain the purpose, use and advantages of iRules  
iRule Wiki (Requires Devcentral Login)
  • Objective 2.03 - Explain the purpose, use and advantages of iApps
iApp Wiki (Requires Devcentral Login)
  • Objective 2.04 - Explain the purpose, use and advantages of iControl
iControl Wiki (Requires Devcentral Login)
  • Objective 2.05 - Explain the purpose of and use cases for full proxy and packet forwarding / packet based architectures
Full Proxy Architecture (Lori MacVittie rules!)
Packet-Based vs Full Proxy
Auto Last Hop
Virtual Server Types
  • Objective 2.06 - Explain the advantages and configurations of high availability (HA)
F5 HA Basics 
Config Sync
Big IP HA Features
VLAN Failsafe

Section 3 - Load Balancing Essentials

This section is a short one compared to the previous two.  It's worth 17% of the total test score.  If you're going after an F5 certification, you're probably already familiar with much of this material, so you probably won't have to study as much for this section.  It never hurts to brush up on the algorithms and persistence methods.
  • Objective 3.01 - Discuss the purpose of, use cases for, and key considerations related to load balancing
Load Balancing Wiki
Load Balancing 101
Load Balancing Algorithms (Devcentral)
More on Load Balancing Algorithms
Another Load Balancing Algorithm Article
Yet Another Load Balancing Algorithm Article

  • Objective 3.02 - Differentiate between a client and a server

Client / Server on Wiki - Yes, I'm surprised this is even a question.

Section 4 - Security

This section is weighted at 11% of the total test score, but it feels like it should be more.
  • Objective 4.01 - Compare and contrast positive and negative security models
Positive Security Model
Positive vs Negative Security
  • Objective 4.02 - Explain the purpose and cryptographic services

SSL Certificates (Devcentral)
Certificate Chains
Public-Key Cryptography
Symmetric vs Asymmetric Encryption
Client SSL Profiles
Server SSL Profiles
  • Objective 4.03 - Describe the purpose and advantages of authentication
F5 Authentication 101 
Single Sign On
Multi-factor Authentication
  • Objective 4.04 - Describe the purpose, advantages and use cases of IPsec and SSL VPN

Section 5 - Application Delivery Platforms
The final section is worth only 7% of the total test score.  The finish line is in sight!

  • Objective 5.01 - Describe the purpose, advantages, use cases, and challenges associated with hardware-based application delivery platforms and virtual machines
Virtualization Platforms
  • Objective 5.02 - Describe the purpose of the various types of advanced acceleration techniques.

Application Performance Optimization
TCP Optimization
Acceleration 101
Acceleration 102

So there you have it.  Everything you need to pass the F5 Application Delivery Fundamentals exam, and probably more.  If you use this study guide, please comment and let me know if it was helpful and how you did on the test.

Postscript.  - I just noticed something interesting about the exam blueprint.  If you add up the various sections (33 + 33 + 17 + 11 + 7), you get 101%.   F5... going above and beyond.  :-)

Friday, October 19, 2012

Configuring a new Cisco switch via a Neighbor Switch

Cisco admins, here's an awesome trick. If you're not installing Cisco switches, you can stop reading here. Otherwise, it may be of interest. If a new switch is connected to the network and you need to configure it, but don't have a console connection. . . read on.

When you plug a new Cisco switch into the network, it will acquire an IP address via DHCP, by default. From there, this command list should allow you to access it without a console connection. Log in to one of the other Catalyst switches already running on the network.

cluster run - this command enables clustering.

show cdp neighbors (Optional) – If CDP is running (you could turn it on temporarily) and you’ve chosen to start from a switch that is connected to the new switch, you should see a neighbor named “Switch”. This isn’t really a necessary step, but it’s useful to know things are working.

cluster enable WORD – The cluster commands require you to be in configuration mode. You must give the cluster a name.

show cluster candidates – Get out of configuration mode (or prefix this command with do) and see if you can see the new switch as a cluster member candidate. Remember it should be called “Switch”.

cluster member mac-address H.H.H – Back in configuration mode, this will add the new switch as a member of this cluster. The mac-address should be part of the information shown in the previous step.

show cluster members (Optional) – Exit out of configuration mode. This command should list the command switch (the one you are on), and a member switch. The member switch is the device you are planning to configure and should be designated as member 1.
 rcommand 1 – This will log you into the new switch. You shouldn’t need a password. Configure the the new switch.

no cluster member 1 – Log off the new (and now configured) switch and remove it from the cluster. This step may not be really necessary, but better safe than sorry. It will remove the new switch from the temporary cluster.

no cluster enable – This will remove the cluster and end the process.

 At this point, you should be able to SSH or telnet into the new switch. The mistake I’ve made most often at this point is forgetting to set an enable password. Without both login (whether telnet or AAA) and enable passwords, the switch won’t let you in.

If an enable password has already been set, you’ll have to add “password the_enable_password” to the command “cluster member mac-address H.H.H”. And if you're nervous about how easy it is to configure a neighbor switch from, say, a compromised or rogue switch, consider "no cluster run" in all of your switch configurations.

Wednesday, October 17, 2012

Testing Testing 123

The domain transfer from the old registrar to the new registrar is completed. Now it's time to rebuild the Veritable Networks site and officially hang out our virtual shingle.