- 17
- 55 650
Steve Lyons
United States
Приєднався 4 вер 2018
My goal starting this channel is to develop short how to video's to help leaders, engineers and administrators get the best of their investments in F5. F5 invests hundreds of millions of dollars in research and development each year to improve functionality, capabilities and ease of use. However, as a prior customer myself I found it difficult to locate practical deployment guides around real world use cases which significantly limited my consumption of the product. I am hoping these short video's help with educating, ease deployments and excite you about using F5 technology.
Creating a Client SSL Profile to Restrict Protocols and Ciphers
In this video, I demonstrate how to create a client SSL profile that meets the security requirements defined in the DoD Military Unique Deployment Guide. Those requirements include restricting cipher suites and protocols to increase client and organizational security.
Переглядів: 2 310
Відео
Using LTM Local Traffic Policies, Redirect Users Based on HTTP Host
Переглядів 4,2 тис.5 років тому
In this video, I demonstrate creating a local traffic policy to redirect all users attempting to access google.com to msn.com.
Populating a LTM Pool Using DNS Resolution
Переглядів 1,3 тис.5 років тому
Rather than populating a pool manually for a service that may change without notice, consider using an FQDN node which will auto-populate pool members within your LTM pool.
Configuring Connection Limits Using F5's Local Traffic Manager (LTM)
Переглядів 4,3 тис.5 років тому
This is a very high-level video on configuring connection limits at the virtual server level. You can also apply this limit globally and to a route domain. In the video, I mention this is a start and AFM is still recommended. My intent is to advise that AFM provides enhanced DDoS protections that LTM natively doesn't. By creating a DDoS profile in AFM and assigning it to your LTM virtual server...
Configuring a Response Policy Zone (RPZ) Using the F5 BIG-IP
Переглядів 1,5 тис.5 років тому
In this video, the BIG-IP is used as a recursive DNS server with an RPZ zone to restrict name resolution from occurring for potentially inappropriate websites.
Restricting DNS Query Types Using F5
Переглядів 4905 років тому
In this high-level video I will demonstrate restricting DNS query types using DNS security on the F5 BIG-IP.
DNS Load Balancing with a Transparent Cache
Переглядів 4175 років тому
Due to a common issue customers are running into with domain controllers or DNS servers no longer responding to client queries, I wanted to provide a video on how to use the BIG-IP to perform DNS load balancing as well as a transparent cache to improve DNS response times.
Enabling HSTS and Secure Ciphers to Meet DoD STIG's Using F5
Переглядів 2795 років тому
This is a quick video on creating an HTTP profile with HSTS enabled as well as creating client and server SSL profiles in order to restrict insecure protocols and ciphers using an F5 BIG-IP.
Configuring the F5 BIG-IP as a Recursive DNS Server
Переглядів 3,5 тис.5 років тому
In this brief demonstration, I will be configuring my F5 BIG-IP as a recursive DNS server using a transparent cache. techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-dns-services-implementations-13-0-0.html
Using the F5 BIG-IP to provide Kerberos authentication with end-user logons
Переглядів 4,6 тис.5 років тому
Access Policy Manager® (APM®) provides an alternative to a form-based login authentication method. This alternative method uses a browser login box that is triggered by an HTTP 401 response to collect credentials. A SPNEGO/Kerberos or basic authentication challenge can generate a HTTP 401 response. This option is useful when a user is already logged in to the local domain and you want to avoid ...
F5 BIG-IP Self IP's and SNAT Automap
Переглядів 14 тис.5 років тому
This is a high-level video describing the basic functions of static and floating self IP's. In no way was this meant to cover all SNAT functions but rather a quick visual of the most common uses which include how static self IP's are used to perform health checks and floating self IP's are used for client address translation when Automap is configured on a virtual server.
Using F5 BIG-IP TCP and HTTPS Health Monitors
Переглядів 15 тис.5 років тому
In this short video, I will review the default TCP and HTTPS monitors as well as use a custom HTTPS monitor using my own send and receive strings. I will also demonstrate how to use CURL to determine an appropriate receive string whether that be an HTTPS status code or string within the web page.
Enabling HSTS and Secure Ciphers to Meet DoD STIG's Using F5
Переглядів 1645 років тому
This is a quick video on creating an HTTP profile with HSTS enabled as well as creating client and server SSL profiles in order to restrict insecure protocols and ciphers using an F5 BIG-IP.
Upgrading BIG-IQ to 6.0.1
Переглядів 2546 років тому
In this short video I will demonstrate how to upgrade your existing BIG-IQ instance to 6.0.1.
Upgrading Your F5 BIG-IP Using BIG-IQ
Переглядів 1,2 тис.6 років тому
In this video, I show you how to upgrade a BIG-IP to 14.0.0 using BIG-IQ 6.0.1.
Configuring F5 BIG-IP as a Recursive DNS Server
Переглядів 1,1 тис.6 років тому
Configuring F5 BIG-IP as a Recursive DNS Server
Creating a Backup Schedule Using F5 BIG-IQ 6.0.1
Переглядів 1,2 тис.6 років тому
Creating a Backup Schedule Using F5 BIG-IQ 6.0.1
thank you, makes sense
@3:34 Thanks! I'm that somebody :) keep up the good work.
Thank you for the information.. It helped a lot
Really informative and quick thanks Steve.
Excellent. Can't thank you enough.
Over the next few days I think that I would only like to communicate with people living on the east coast. I hope that I can figure it out
If i want to limit the sessions from particular website / url / fqdn, how to achieve this. In 14.0 later version we can add source IP list however I would like to set this up using website / url / fqdn / dns name.
Thank you!
Thanks Steve.
Really good and helpful. How do we verify if one customized monitor (example nprd-USS-DEV-API-443-monitor ) is used by multiple pool members or VIP.
hello, how do you change the partition from /Common to another partition under "General Properties" (not shown in video)
Thank you very much! this helped a lot
Just when i thought i knew it all. This video was very useful for my HA environment
Great video, thank you.
Great video, do u hv a video about Ssl setup and checks when I hv thousand connection and start to slow down webservers?
If configured “0” to the connection limit on the VIP, is it still based on the physical memory of LTM? The concurrent connections will share the physical memory.
Wonderful. That's the kind of explanations I am looking for to master the networking part of the Big-IP. It is okay for the modules part LTM ASM for example but when it comes what is happening in the background from a networking point of vue it is very complex and few colleagues are able to answer that for me, hopefully there are articles and videos like this one. Hope you could do more about this part, architectures maybe? Some SSL/TLS deep dive also as it is a tricky part, but Networking and SSL are the parts that I enjoy the most while working on BIP-IP. Thanks a lot
Thanks for sharing this video, very easy to follow. I do have a question, for the send string , can i use a port other than 443 say 14000 for the service and if yes would the host part of the string be myway.com:14000/public/service Connection: Close .
Superb !!! And how do we TShoot for Application SLOWNESS Issues ?
nice! this helps
top video ! thanks
Hello Steve, can you show how to monitor for more than one node member each having its distinct http get url for health check?
did you have a solution to your question? I need to do that exactly.
Keep doing what you doing thanks
Hi Steve, my question is if I have 2 node members, how to monitor each member using https?
Same question
Use a curl command but instead of using url just type the backend server ip
@Steve Lyons has been creating very useful videos giving us great tips.
Hey steve! Can u explain to me in Failover the difference between Network failover and the failsafe because the first one doesnt track the ports state (up/down) so im forced to use failsafe to failover in case of link failure is that normal config or i didnt get the concept?. Thank you.
Jucker, if you haven't found your answer yet I recommend reading the solution articles on each function. However, at a high level VLAN failsafe uses arp at layer 2 to determine if communication is occurring over a specific VLAN. Gateway failsafe allows you to have a pool of servers at or beyond the default gateway to determine if it is able to route traffic. Network failover is more or less just heart beat validation between devices in a ha pair. support.f5.com/csp/article/K13297 support.f5.com/csp/article/K15367 support.f5.com/csp/article/K75303031 support.f5.com/csp/article/K2397
Hello Steve Thank you for this video really appreciate that. I've got one query like In my environment I have got one service for which the nodes are showing not available on BIG IP. we have got everything setup on BIG-IP , we have got send string and we configured receive string of 200 OK but still it marks the pool as down. when I do curl command through CLI it shows 200 OK for the application but for some strange reason BIG-IP couldn't sync up with the servers. How do I determine that whether the service is actually available and its really indeed sending 200 OK back to BIG-IP. I have 2 servers placed one at each data centers and have got BIG-IP to load balancing the traffic btw them. I have got another services running fine on BIG-IP but this is the only service causing me a pain as I couldn't determine if it's an issue with BIG-IP or the server it self. Any help would really appreciable. Thanks again for your time
Hi Sam, I apologize for the delayed response. Have you done any captures on the pool members themselves to see the HTTP response codes they are sending when the monitor sends the request? Also, to narrow down your capture, remember health monitors use a self IP and not a SNAT IP. If using SNAT, the floating (SNAT) IP will be the client translated address where as the self ip does health monitoring and other system functions.
Hi Steve, thanks for the explanation. But you did not explain what 'Unhandled Query Actions' was and what happened when changed to 'No Error'.
Hi James, sorry for the delayed response. You are right, I didn't get into the details on this since I was really just trying to keep it high level. With that, you ask a great question. The Unhandled Query action is when the query does not match a wide IP or a local zone. Below are the recommended settings for unhandled query actions. F5 recommends that you configure the Unhandled Query Actions setting in the DNS profile as follows: Use the Allow setting (default) if you want to load balance the requests to another authoritative DNS server in the environment, or to local BIND on a GTM-licensed system (if local BIND is enabled using the DNS profile). You should also use the Allow setting if the GTM system sends DNS queries to a pool of DNS resolvers. This setting is also required when DNS cache feature is set to Transparent. Use the Drop setting if the GTM-licensed system is configured as an external, authoritative DNS system. The Drop setting provides maximum protection and security for unmatched packets for systems processing external DNS queries. Use the Reject setting to return a REFUSED status for the DNS query. Use the Hint setting to return a list of the root name servers for the DNS query. Use the No Error setting to return a NOERROR status for the DNS query.
face? ;-) the content is what i am looking for. not faces. good basic video
Hi Steve Great video. I have a question. In my scenario, my domain is mydomain.com and I want SSO for example.com. My client machine is part of mydomain.com and the site is on the internet. My question is: What should be my ktpass syntax for this kind of requirement? Like, should it be: 1- HTTP/example.com@mydomain.com -mapuser user@mydomain.com? OR 2- HTTP/example.com@example.com -mapuser user@mydomain.com? Please advise.
Hi Steve. Great video on DNS functions in F5.
As usual, fantastic content. And hey, is that Steve down in the corner !!!!
@steve lyons I have a request. Show your face talking in your videos !
Hahaha, I thought audio was a big start! Now my face? Ahh man, this is getting serious! ;)
Your videos are always well done and informative.