F5 Viprion
description
Transcript of F5 Viprion
![Page 1: F5 Viprion](https://reader036.fdocuments.in/reader036/viewer/2022071806/55cf8f47550346703b9ab208/html5/thumbnails/1.jpg)
F5 Viprion
VoiceTone VNI F5 Viprion ConfigurationFirst-Time Configuration
SyslogSNMPNTPHTTPS Security
HealthChecksDNS-monitorhttp-ImAlive (Content and Audio servers)Watson_WirelineNatural Language Text-to-SpeechSIP_Proxy
ProfilesNodesPoolsVirtual Servers
First-Time Configuration
Login over console and configure mgmt IP and host name.
initial console login , . root default
initial web login , . admin admin
Whenever issuing bigpipe commands, save the configuration.
bigpipe save
Under Construction run the command and follow the instructions to enter the Viprion Management IP Address, the Network Mask, and Management Defaultconfig
Gateway and specific routes. -or-
bigpipe mgmt 10.18.1.216 netmask 255.255.255.128bigpipe mgmt route default gateway 10.18.1.129bigpipe mgmt route 135.25.231.0/24 gateway 10.18.1.129
Next the Viprion must be licensed. Use a web browser to connect to the Viprion's management IP using HTTPS ( https:// ), and follow the initialsetup prompts.
End Under Construction
run the command to configure the fully qualified domain name.bigpipe system hostname
bigpipe system { hostname x275240bvprns0001.ops.vni.ec.att.com }
Syslog
![Page 2: F5 Viprion](https://reader036.fdocuments.in/reader036/viewer/2022071806/55cf8f47550346703b9ab208/html5/thumbnails/2.jpg)
copy to the /config directory or create a file syslog.inc in the /config directory:syslog.inc
destination d_loghost { # The priority is the result of facility * 8 + severity. # So priority = 19 (facility local5) * 8 + 5 (Severity NOTICE) = 157 udp("135.201.104.65" port(514) template("<157>$DATE $HOST $MSG\n")); udp("132.201.226.83" port(514) template("<157>$DATE $HOST $MSG\n"));};log { source(s_syslog_pipe); source(s_cluster); destination(d_loghost);};
Then run
bp syslog include nonebpsh < syslog.inc
SNMP
run the following command within :bpsh
bpshbp snmpd community CompuLert { access ro community name "CompuLert" ipv6 disable oid none source "default"}bp snmpd allow { 127. 135.201.104.65 135.201.104.67 135.201.104.69 132.201.226.83 132.201.226.86 132.201.226.89}
NTP
Configure NTP and time zone. Note that "America/Swift Current" is equivalent to NWT/CST with no daylight savings time, and will be displayed asCST in both the top of the F5 Web GUI and from a console session to the F5.
![Page 3: F5 Viprion](https://reader036.fdocuments.in/reader036/viewer/2022071806/55cf8f47550346703b9ab208/html5/thumbnails/3.jpg)
bp ntp timezone "America/Swift_Current"bp ntp servers 135.25.231.14 addbp ntp servers 135.25.231.15 add
HTTPS Security
Since the Big-IP can be managed through HTTPS, and since SSL certificates expire, create a self-signed certificate with an expiration date in 10years (3,650 days in this case).
openssl x509 -x509toreq -in /config/httpd/conf/ssl.crt/server.crt -out/config/httpd/conf/ssl.crt/server.csr -signkey /config/httpd/conf/ssl.key/server.keyopenssl x509 -sha1 -req -in /config/httpd/conf/ssl.crt/server.csr -signkey/config/httpd/conf/ssl.key/server.key -days 3650 -out/config/httpd/conf/ssl.crt/server.crtbigstart restart httpd
Record the fingerprint of the SSL certificate. Run the following two commands and store the output in a safe place. When accessing the Viprionfor the first time via web browser, compare the fingerprints to ensure that the SSL session has not been highjacked.
openssl x509 -fingerprint -in /config/httpd/conf/ssl.crt/server.crt|grep Fingerprintopenssl x509 -fingerprint -sha1 -in /config/httpd/conf/ssl.crt/server.crt|grepFingerprint
In order to restrict less secure algorithms (refer to for more detail) modifyhttps://support.f5.com/kb/en-us/solutions/public/6000/700/sol6768.htmlthe cipher string.
bigpipe httpd sslciphersuite 'ALL:!ADH:!SSLv2:!EXPORT40:!EXP:!LOW'bigpipe save all
HealthChecks
In F5 nomenclature, healthchecks are undertaken by "monitors". Several monitors are included, and some we have added or customized.
DNS-monitor
The DNS-monitor health-check uses an located at /usr/bin/monitors/DNS-monitor. It takes 2 parameters - a DNS name to lookup,external scriptand the expected answer.Example:
![Page 4: F5 Viprion](https://reader036.fdocuments.in/reader036/viewer/2022071806/55cf8f47550346703b9ab208/html5/thumbnails/4.jpg)
monitor DNS-monitor { defaults from external args "wr01000ldns0001.vni.ec.att.com 10.198.111.212" run "DNS-monitor"}
http-ImAlive (Content and Audio servers)
The http-ImAlive healthcheck fetches /ImAlive/ImAlive.jsp over HTTP, and expects an HTTP 200/OK response.
monitor http-ImAlive { defaults from http recv "200 OK" send "GET /ImAlive/ImAlive.jsp HTTP"}
Watson_Wireline
The Watson_Wireline monitor open up a connection to TCP port 8889 on an ASR, and sends the string "HealthCheck", and expects the reply tobe the string "HealthAvailable".
monitor Watson_Wireline { defaults from tcp dest *:8889 recv "HealthAvailable" send "HealthCheck"}
Natural Language Text-to-Speech
This service uses the built-in tcp monitor to make sure that ASR servers are accepting TCP connections on port 5950.
SIP_Proxy
The SIP_Proxy monitor sends a SIP OPTIONS request to an SPX and expects a valid SIP response code. Note that any response code isconsidered as a success.
monitor SIP_Proxy { defaults from sip debug "no" filter "\x2a" mode "tcp"}
![Page 5: F5 Viprion](https://reader036.fdocuments.in/reader036/viewer/2022071806/55cf8f47550346703b9ab208/html5/thumbnails/5.jpg)
Profiles
Nodes
node 10.198.111.212 { monitor icmp screen wr01000ldns0001}
Pools
pool DNS { monitor all DNS-monitor members { 10.198.111.212:domain {} 10.198.111.213:domain {} }}
Virtual Servers
![Page 6: F5 Viprion](https://reader036.fdocuments.in/reader036/viewer/2022071806/55cf8f47550346703b9ab208/html5/thumbnails/6.jpg)
virtual AAS-1 { pool AAS-1 destination 10.198.111.11:http ip protocol tcp profiles fastL4 {}}
virtual ASR-1 { pool ASR-1 destination 10.198.111.13:any ip protocol tcp profiles fastL4 {}}
virtual CAS-1 { pool CAS-1 destination 10.198.111.12:http ip protocol tcp profiles fasthttp {}}
virtual DNS { pool DNS destination 10.198.111.53:domain ip protocol udp}
virtual TDD-1 { pool TDD-1 destination 10.198.111.13:22000 ip protocol tcp profiles fastL4 {}}
virtual TTS-1 { pool TTS-1 destination 10.198.111.13:5950 ip protocol tcp profiles fastL4 {}}
virtual SPX-1 { pool SPX-1 destination 10.198.111.14:5060 ip protocol udp persist sip_proxy_persist profiles udp_sip {}}