configuration guide for the big-ip web accelerator system
TRANSCRIPT
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
1/94
Configuration Guidfor the BIG-IP WebAccelerator Syste
version 1
MAN-02
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
2/94
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
3/94
Configuration Guide for the BIG-IP WebAcceleratorTM System i
Product Version
This manual applies to product version 10.2 of the BIG-IP WebAccelerator.
Publication DateThis manual was published on July 29, 2010.
Legal Notices
Copyright
Copyright 2008-2010, F5 Networks, Inc. All rights reserved.
F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5
assumes no responsibility for the use of this information, nor any infringement of patents or other rights of
third parties which may result from its use. No license is granted by implication or otherwise under any
patent, copyright, or other intellectual property right of F5 except as specifically described by applicableuser licenses. F5 reserves the right to change specifications at any time without notice.
Trademarks
F5, F5 Networks, the F5 logo, BIG-IP, 3-DNS, Access Policy Manager, APM, Acopia, Acopia Networks,
Application Accelerator, Ask F5, Application Security Manager, ASM, ARX, Data Guard, Edge Client,
Edge Gateway, Enterprise Manager, EM, FirePass, FreedomFabric, Global Traffic Manager, GTM,
iControl, Intelligent Browser Referencing, Internet Control Architecture, IP Application Switch, iRules,
Link Controller, LC, Local Traffic Manager, LTM, Message Security Module, MSM, NetCelera,
OneConnect, Packet Velocity, Protocol Security Module, PSM, Secure Access Manager, SAM, SSL
Accelerator, SYN Check, Traffic Management Operating System, TMOS, TrafficShield, Transparent Data
Reduction, uRoam, VIPRION, WANJet, WAN Optimization Module, WOM, WebAccelerator, WA, and
ZoneRunner are trademarks or service marks of F5 Networks, Inc., in the U.S. and other countries, and
may not be used without F5's express written consent.
All other product and company names herein may be trademarks of their respective owners.
Patents
This product protected by U.S. Patent[s] 6,505,230; 6,640,240; 6,772,203; 6,970, 933; 7,113,962; and
7,114,180. Other patents pending.
Export Regulation Notice
This product may include cryptographic software. Under the Export Administration Act, the United States
government may consider it a criminal offense to export this product from the United States.
RF Interference Warning
This is a Class A product. In a domestic environment this product may cause radio interference, in which
case the user may be required to take adequate measures.
FCC Compliance
This equipment has been tested and found to comply with the limits for a Class A digital device pursuant
to Part 15 of FCC rules. These limits are designed to provide reasonable protection against harmful
interference when the equipment is operated in a commercial environment. This unit generates, uses, and
can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual,
may cause harmful interference to radio communications. Operation of this equipment in a residential area
is likely to cause harmful interference, in which case the user, at his own expense, will be required to take
whatever measures may be required to correct the interference.
Any modifications to this device, unless expressly approved by the manufacturer, can void the user's
authority to operate this equipment under part 15 of the FCC rules.
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
4/94
ii
Canadian Regulatory Compliance
This Class A digital apparatus complies with Canadian ICES-003.
Standards ComplianceThis product conforms to the IEC, European Union, ANSI/UL and Canadian CSA standards applicable toInformation Technology products at the time of manufacture.
Acknowledgments
This product includes software developed by the University of California, Berkeley and its contributors.
This product includes software developed by the Computer Systems Engineering Group at the Lawrence
Berkeley Laboratory.
This product includes software developed by the NetBSD Foundation, Inc. and its contributors.
This product includes software developed by Christopher G. Demetriou for the NetBSD Project.
This product includes software developed by Adam Glass.
This product includes software developed by Christian E. Hopps.
This product includes software developed by Dean Huxley.
This product includes software developed by John Kohl.
This product includes software developed by Paul Kranenburg.
This product includes software developed by Terrence R. Lambert.
This product includes software developed by Philip A. Nelson.
This product includes software developed by Herb Peyerl.
This product includes software developed by Jochen Pohl for the NetBSD Project.
This product includes software developed by Chris Provenzano.
This product includes software developed by Theo de Raadt.
This product includes software developed by David Muir Sharnoff.
This product includes software developed by SigmaSoft, Th. Lockert.
This product includes software developed for the NetBSD Project by Jason R. Thorpe.
This product includes software developed by Jason R. Thorpe for And Communications,
http://www.and.com.
This product includes software developed for the NetBSD Project by Frank Van der Linden.This product includes software developed for the NetBSD Project by John M. Vinopal.
This product includes software developed by Christos Zoulas.
This product includes software developed by Charles Hannum.
This product includes software written by Steffen Beyer and licensed under the Perl Artistic License and
the GPL
This product includes software written by Makamaka Hannyaharamitu (C) 2007-2008.
This product includes software developed by Charles Hannum, by the University of Vermont and State
Agricultural College and Garrett A. Wollman, by William F. Jolitz, and by the University of California,
Berkeley, Lawrence Berkeley Laboratory, and its contributors.
This product includes software developed by the University of Vermont and State Agricultural College and
Garrett A. Wollman.
In the following statement, "This software" refers to the Mitsumi CD-ROM driver: This software was
developed by Holger Veit and Brian Moore for use with "386BSD" and similar operating systems.
"Similar operating systems" includes mainly non-profit oriented systems for research and education,including but not restricted to "NetBSD," "FreeBSD," "Mach" (by CMU).
In the following statement, "This software" refers to the parallel port driver: This software is a component
of "386BSD" developed by William F. Jolitz, TeleMuse.
This product includes software developed by the Apache Group for use in the Apache HTTP server project
(http://www.apache.org/).
This product includes software developed by Darren Reed. ( 1993-1998 by Darren Reed).
This product includes software licensed from Richard H. Porter under the GNU Library General Public
License ( 1998, Red Hat Software), www.gnu.org/copyleft/lgpl.html.
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
5/94
Configuration Guide for the BIG-IP WebAcceleratorTM System iii
This product includes the standard version of Perl software licensed under the Perl Artistic License (
1997, 1998 Tom Christiansen and Nathan Torkington). All rights reserved. You may find the most current
standard version of Perl at http://www.perl.com.
This product includes software developed by the University of California, Berkeley and its contributors.
This product includes software developed by the Computer Systems Engineering Group at the Lawrence
Berkeley Laboratory.
This product includes software developed by the NetBSD Foundation, Inc. and its contributors.
This product includes software developed by Christopher G. Demetriou for the NetBSD Project.
This product includes software developed by Adam Glass.
This product includes software developed by Christian E. Hopps.
This product includes software developed by Dean Huxley.
This product includes software developed by John Kohl.
This product includes software developed by Paul Kranenburg.
This product includes software developed by Terrence R. Lambert.
This product includes software developed by Philip A. Nelson.
This product includes software developed by Herb Peyerl.
This product includes software developed by Jochen Pohl for the NetBSD Project.
This product includes software developed by Chris Provenzano.
This product includes software developed by Theo de Raadt.
This product includes software developed by David Muir Sharnoff.
This product includes software developed by SigmaSoft, Th. Lockert.
This product includes software developed for the NetBSD Project by Jason R. Thorpe.
This product includes software developed by Jason R. Thorpe for And Communications,
http://www.and.com.
This product includes software developed for the NetBSD Project by Frank Van der Linden.
This product includes software developed for the NetBSD Project by John M. Vinopal.
This product includes software developed by Christos Zoulas.
This product includes software developed by Charles Hannum.
This product includes software developed by Charles Hannum, by the University of Vermont and Stage
Agricultural College and Garrett A. Wollman, by William F. Jolitz, and by the University of California,
Berkeley, Lawrence Berkeley Laboratory, and its contributors.
This product includes software developed by the University of Vermont and State Agricultural College and
Garrett A. Wollman.
In the following statement, "This software" refers to the Mitsumi CD-ROM driver: This software was
developed by Holger Veit and Brian Moore for use with "386BSD" and similar operating systems.
"Similar operating systems" includes mainly non-profit oriented systems for research and education,
including but not restricted to "NetBSD," "FreeBSD," "Mach" (by CMU).
In the following statement, "This software" refers to the parallel port driver: This software is a component
of "386BSD" developed by William F. Jolitz, TeleMuse.
This product includes software developed by the Apache Group for use in the Apache HTTP server project
(http://www.apache.org/).
This product includes software developed by Darren Reed. ( 1993-1998 by Darren Reed).
This product includes software licensed from Richard H. Porter under the GNU Library General Public
License ( 1998, Red Hat Software), www.gnu.org/copyleft/lgpl.html.
This product includes the standard version of Perl software licensed under the Perl Artistic License (
1997, 1998 Tom Christiansen and Nathan Torkington). All rights reserved. You may find the most current
standard version of Perl at http://www.perl.com.
This product includes software developed by Eric Young.
Portions of the material included in Appendix C came from the Internet Software Consortium,
http://www.isc.org/.
Rsync was written by Andrew Tridgell and Paul Mackerras, and is available under the Gnu Public License.
This product includes Malloc library software developed by Mark Moraes. ( 1988, 1989, 1993,
University of Toronto).
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
6/94
iv
This product includes open SSL software developed by Eric Young ([email protected]), ( 1995-1998).
This product includes open SSH software developed by Tatu Ylonen , Espoo, Finland (
1995).
This product includes open SSH software developed by Niels Provos ( 1999).
This product includes SSH software developed by Mindbright Technology AB, Stockholm, Sweden,
www.mindbright.se, [email protected] ( 1998-1999).
This product includes free SSL software developed by Object Oriented Concepts, Inc., St. John's, NF,
Canada, ( 2000).
This product includes software developed by Object Oriented Concepts, Inc., Billerica, MA, USA (
2000).
This product includes software developed by The Legion of the Bouncy Castle. Copyright (c) 2000 - 2009
The Legion Of The Bouncy Castle (http://www.bouncycastle.org)
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
7/94
Table of Contents
http://preface.pdf/http://preface.pdf/ -
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
8/94
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
9/94
Table of Contents
Configuration Guide for the BIG-IP WebAcceleratorTM System vii
1Getting Started
About the WebAccelerator system ...........................................................................................1-1
Managing your applications ..................................................................................................1-1Monitoring traffic to your applications .............................................................................1-1
Deployment options for the WebAccelerator system .................................................1-2
Using the Configuration utility .....................................................................................................1-4
Accessing acceleration policies ....................................................................................................1-7
Reviewing the documentation set ...............................................................................................1-8
Finding help and technical support resources ..........................................................................1-9
2Overview of the WebAccelerator System
Servicing requests to your origin web servers ........................................................................2-1
Processing HTTP requests and managing responses .....................................................2-2
Generating log files .........................................................................................................................2-5
3Initial Configuration and Maintenance Tasks
Completing initial configuration for the Local Traffic Manager ............................................3-1
Completing initial configuration for the WebAccelerator system ......................................3-2
Defining an NTP server ........................................................................................................3-2
Creating the HTTP class profile .........................................................................................3-2
Configuring a virtual server and pool ................................................................................3-3
Creating an application profile ............................................................................................3-5
Completing optional configuration tasks ...................................................................................3-9
Processing unmapped requests ..........................................................................................3-9
Using the MultiConnect feature ...................................................................................... 3-10
Using a symmetric deployment ....................................................................................... 3-12
Performing maintenance tasks .................................................................................................. 3-17Checking the WebAccelerator system processes ...................................................... 3-17
Changing the log file monitoring interval ...................................................................... 3-18
4Changing Default Settings
Understanding object classification .............................................................................................4-1
Classifying by object type .....................................................................................................4-1
Classifying by group ...............................................................................................................4-1
Managing object types ...........................................................................................................4-2
Understanding URL normalization ..............................................................................................4-6
Managing URL normalization settings ...............................................................................4-7
Selectively disabling content-based identity .....................................................................4-8
Customizing options in the pvsystem.conf file ...................................................................... 4-10Changing log file rotation parameters ............................................................................ 4-11
Changing TTL parameters for compiled responses .................................................... 4-12
Changing cookie encryption parameters ...................................................................... 4-13
Changing default values for HDS prune ........................................................................ 4-14
5Troubleshooting and Monitoring
Using performance reports ..........................................................................................................5-1
Using error and status log files ....................................................................................................5-3
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
10/94
Table of Contents
viii
tomcat ......................................................................................................................................5-3
intelligence interface ..............................................................................................................5-3
pvac ...........................................................................................................................................5-3
Using system log files .....................................................................................................................5-4
Resolving communication system failures .................................................................................5-5Using X-PvInfo response headers ...............................................................................................5-6
Invalidating and clearing the WebAccelerator systems cache .............................................5-7
Glossary
Index
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
11/94
1Getting Started
About the WebAccelerator system
Using the Configuration utility
Accessing acceleration policies
Reviewing the documentation set
Finding help and technical support resources
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
12/94
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
13/94
Getting Started
Configuration Guide for the BIG-IP WebAcceleratorTM System 1 - 1
About the WebAccelerator system
The BIG-IP WebAccelerator system is a delivery solution designed to
improve the speed at which users access your web applications (such asMicrosoft SharePoint, Microsoft Outlook Web Access, BEA
AquaLogic, SAP Portal, Oracle Siebel CRM, Oracle Portal, and
others) and wide area network (WAN).
The WebAccelerator system does this through acceleration policy features
that modify web browser behavior, as well as compresses and caches
dynamic and static content, which decreases bandwidth usage and ensures
that your users get the most quick and efficient access to your web
applications and WAN. These processes, and deployment options, are
discussed in the following sections. For more specific information about the
how the WebAccelerator system manages access to your web applications,
see Chapter 2, Overview of the WebAccelerator System.
The BIG-IP WebAccelerator system is one of several products thatconstitute the BIG-IP product family. All BIG-IP products run on the Traffic
Management Operating System, commonly referred to as TMOS. For an
overview of the complete BIG-IP product offering, see theIntroduction to
the BIG-IP System chapter of the TMOS Management Guide for BIG-IP
Systems.
Managing your applicationsTo accelerate access to your applications, the WebAccelerator system uses
acceleration policies that use a proprietary language to manipulate HTTP
responses from origin web servers. After the WebAccelerator systemmanipulates the HTTP responses using its Rewrite Engine, it processes the
responses. Therefore, the WebAccelerator system processes manipulated
responses, rather than the original responses that are sent by the origin web
servers.
Note
For information about how to create customized rewrite scripts, contact F5
Networks Technical Support.
Monitoring traffic to your applicationsIn addition to the using the acceleration policy features, you can easily
monitor your HTTP traffic and system processes through monitoring tools.
For more information about monitoring the WebAccelerator system
processes and traffic, see Chapter 5, Troubleshooting and Monitoring.
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
14/94
Chapter 1
1 - 2
Deployment options for the WebAccelerator systemThere are two basic deployment options for the WebAccelerator system.
Asymmetric Symmetric
Anasymmetric deployment consists of one or more WebAccelerator
systems installed on one end of a WAN, and in the same location as the
origin web servers that are running the applications to which the
WebAccelerator system is accelerating client access.
Figure 1.1 illustrates an asymmetric deployment with a single
WebAccelerator system on one end of a WAN.
Figure 1.1 Asymmetric deployment example
Asymmetric deployment is composed of sets of two WebAccelerator
systems: a central WebAccelerator system and a remote WebAccelerator
system. These WebAccelerator systems are located on opposite ends of a
WAN.
Figure 1.2, on page 1-3 illustrates a symmetric deployment with multiple
WebAccelerator systems located in remote offices.
http://-/?-http://-/?-http://-/?-http://-/?- -
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
15/94
Getting Started
Configuration Guide for the BIG-IP WebAcceleratorTM System 1 - 3
Figure 1.2 Symmetric deployment example
In a symmetric deployment, thecentral WebAccelerator system is installed
closest to the origin web servers running the applications to which the
WebAccelerator system is accelerating client access. TheremoteWebAccelerator system is installed close to the clients, which can be in a
separate geographic site around the world or across the country.
You can deploy any number of WebAccelerator systems in any combination
of configurations, including a simultaneous configuration of asymmetric and
symmetric deployments. This flexibility gives you the freedom to choose
the most appropriate WebAccelerator system deployment for your
environment, guaranteeing that all clients requesting information are getting
the fastest possible access.
For specific information about how to deploy an optional symmetric
deployment, see Configuring a symmetric deployment, on page 3-13.
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
16/94
Chapter 1
1 - 4
Using the Configuration utilityThe Configuration utility is the browser-based graphical user interface that
provides you access to the WebAccelerator systems configuration options,as well as the configuration options for the network, system, and local
traffic. From the Help tab, you can access context-sensitive information
about the controls and settings located on each on each screen.
To access the Configuration utility
1. Open a web browser.
2. In the address box, type a URL that includes the management IP
address of the BIG-IP device, as follows:
https://
For example, if the management IP address of the BIG-IP device is
192.168.168.102, type https://192.168.168.102 in the address box.
3. Type a valid user name and password.
4. Click OK.
Figure 1.3, on page 1-5 shows an example of the Welcome screen for the
Configuration utility. The modules displayed depend on your software
licenses.
Important
All users need to use the web-based Configuration utility to license the
system for the first time. For the most current list of the supported browsersfor the Configuration utility, refer to the current WebAccelerator system
release note athttps://support.f5.com.
http://-/?-http://-/?- -
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
17/94
Getting Started
Configuration Guide for the BIG-IP WebAcceleratorTM System 1 - 5
Figure 1.3 Welcome screen for the Configuration utility
The Configuration utility contains the following components:
The identification and messages area
This area, above the navigation pane, the menu bar, and the body, iswhere you find the system identification, including the host name, and
management IP address. This area also displays certain system messages.
The navigation pane
This area, located on the left side of the screen, contains the Main tab, the
Help tab, and the About tab. The Main tab provides links to the major
configuration objects for the various modules. The Help tab provides
context-sensitive help for each screen in the Configuration utility. The
About tab provides a quick way to locate information about Setup,
Support, Plugins, and Download system options.
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
18/94
Chapter 1
1 - 6
The menu bar
Located below the identification and messages area, and above the body,
the menu bar provides links to configuration objects within each major
object.
The body
Located in the center of the screen, the body displays configuration
settings.
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
19/94
Getting Started
Configuration Guide for the BIG-IP WebAcceleratorTM System 1 - 7
Accessing acceleration policiesAnacceleration policy is a collection of matching rules and acceleration
rules that determine how the WebAccelerator system manages and respondsto HTTP requests to your web applications. The Policies screen displays all
of the acceleration policies available for assignment to your applications.
To access the Policies screen
In the navigation pane, expand WebAccelerator and clickPolicies.
The Policies screen displays a list of existing acceleration policies.
Figure 1.4 Example Policies screen
From the Policies screen, you can access additional screens, from which you
can perform additional tasks. For more information about managing
acceleration policies, see thePolicy Management Guide for the BIG-IP
WebAcceleratorTMSystem.
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
20/94
Chapter 1
1 - 8
Reviewing the documentation setThe WebAccelerator system documentation set consists of the following
items:
Configuration Guide for the BIG-IP WebAcceleratorTMSystem
Describes the core product concepts and provides the procedures for
configuring and monitoring the WebAccelerator system.
Policy Management Guide for the BIG-IP WebAcceleratorTMSystem
Provides information about creating and editing policies to tailor the
WebAccelerator system for optimal performance.
Release notes
Provide information about new features, fixes, known issues, and
workarounds.
Online help
Provides context-sensitive description of each control and setting on eachscreen.
Additionally, you must review specific chapters in the following guides:
BIG-IP Systems: Getting Started Guide
For information about performing the required configuration for the
BIG-IP Local Traffic ManagerTM, as well as information about installing,
enabling, and configuring resource provisioning for the WebAccelerator
system license.
Configuration Guide for BIG-IP Local Traffic Manager
For information about how to define a virtual server and pool.
TMOS Management Guide for BIG-IP Systems
For an overview of the complete BIG-IP product offering.
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
21/94
Getting Started
Configuration Guide for the BIG-IP WebAcceleratorTM System 1 - 9
Finding help and technical support resourcesYou can find technical documentation and product information using the
following resources: Welcome screen in the Configuration utility
The Welcome screen in the Configuration utility contains links to many
useful web sites and resources, including:
The F5 Networks Technical Support web site
The F5 Solution Center
The F5 DevCentralSM web site
Plug-ins, SNMP MIBs, and SSH clients.
Online help
The WebAccelerator system provides context-sensitive online help for
each screen. The online help contains descriptions of each control and
setting on the screen. To access the online help, click the Help tab on theleft navigation pane of the Configuration utility.
F5 Networks Technical Support web site
The F5 Networks Technical Support web site provides the latest
documentation set for the product, including:
Release notes, current and past
Software and hardware guides, current and past (in PDF and HTML
format)
Technical notes
The Ask F5SM Knowledge Base
To access the F5 Networks Technical Support web site, you need to register
at https://support.f5.com.
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
22/94
Chapter 1
1 - 10
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
23/94
2Overview of the WebAccelerator System
Servicing requests to your origin web servers
Generating log files
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
24/94
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
25/94
Overview of the WebAccelerator System
Configuration Guide for the BIG-IP WebAcceleratorTM System 2 - 1
Servicing requests to your origin web serversMost sites are built on a collection of web servers, application servers, and
database servers that we refer to collectively asorigin web servers. TheBIG-IP WebAcceleratorTM system is installed on your network between the
users of your applications and the origin web servers on which the
applications run, and accelerates your applications response to HTTP
requests.
Origin web servers can serve all possible permutations of content, while the
WebAccelerator system only stores and serves page content that clients have
previously requested from your site. By transparently servicing the bulk of
common requests, the WebAccelerator system significantly reduces the load
on your origin web servers, which improves performance for your site.
Once installed, the WebAccelerator system receives all requests destined for
the origin web server. When a client makes an initial request for a specific
object, the WebAccelerator system relays the request to the origin webserver, and caches the response that it receives in accordance with the
policy, before forwarding the response to the client. The next time a client
requests the same object, the WebAccelerator system serves the response
from its cache, based on lifetime settings within the policy, instead of
sending the request to the origin web servers.
This means that, for each HTTP request it receives, the WebAccelerator
system performs one of the following actions:
Services the request from its cache
Upon receiving a request from a browser or web client, the
WebAccelerator system initially checks to see if it can service the request
from compiled responses in its cache.
Sends the request to the origin web servers
If the WebAccelerator system is unable to service the request from its
cache, it sends a request to the origin web server. Once it receives a
response from the origin web server, the WebAccelerator system caches
that response according to the associated acceleration policy rules, and
then forwards the request to the client.
Relays the request to the origin web servers
The WebAccelerator system relays requests directly to the origin web
server, for some predefined types of content, such as requests for
streaming video.
Creates a tunnel to send the request to the origin web servers
For any encrypted traffic (HTTPS) content that you do not want theWebAccelerator system to process, you can use tunneling. Note that the
WebAccelerator system can cache and respond to SSL traffic without
using tunnels.
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
26/94
Chapter 2
2 - 2
During the process ofapplication matching, the WebAccelerator uses the
information in the HTTP request to match the request to an application
profile that you created. Once matched to an application profile, the
WebAccelerator system applies the associated acceleration policys
matching rules in order to group the request and response to a specific leaf
node on the Policy Tree. The WebAccelerator system, then applies the
acceleration policys acceleration rules to each group. Theseacceleration
rules dictate how the WebAccelerator system manages the request.
To perform the processes required to manage requests, the WebAccelerator
system uses the following services:
Communications server
This service manages the communications between all WebAccelerator
system processes.
HDS prune
This service manages the on-disk cache and removes compiled responses
that are no longer needed. For more information about HDS prune, seeChanging default values for HDS prune, on page 4-14.
pvac
This service manages HTTP traffic in accordance with the options
defined in the associated acceleration policy.
waicd
This service manages the communications between peer WebAccelerator
systems in a symmetric deployment.
For information about how to monitor these services, see Checking the
WebAccelerator system processes, on page 3-17.
Processing HTTP requests and managing responsesThe first time that a WebAccelerator system receives new content from the
origin web server in response to an HTTP request, it processes the
information as follows, before returning the requested object (response) to
the client:
Compiles an internal representation of the object
The WebAccelerator system uses compiled responses received from the
origin web server, to assemble an object in response to an HTTP request.
Assigns a Unique Content Identifier (UCI) to the compiled response,
based on elements present in the request
The origin web server generates specific responses based on certain
elements in the request, such as the URI and query parameters. The
WebAccelerator system includes these elements in a UCI that it creates,
so that it can easily match future requests to the correct content in its
cache. The WebAccelerator system matches content to the UCI for both
the request and the compiled response that it created to service the
request.
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
27/94
Overview of the WebAccelerator System
Configuration Guide for the BIG-IP WebAcceleratorTM System 2 - 3
The WebAccelerator system processes requests and responses in a general
sequential pattern, as illustrated in Figure 2.1.
Figure 2.1 Request/Response flow
Each step is defined as follows.
1. Clients, using web browsers, request pages from your site. From the
clients perspective, they are connecting directly to your site; they
have no knowledge of the WebAccelerator system.
2. The WebAccelerator system examines the clients request to
determine if it meets all the HTTP requirements needed to service
the request.
If the request does not meet the HTTP requirements, the
WebAccelerator system issues an error to the client. (Forinformation about what the WebAccelerator system requires to
service a request, see thePolicy Management Guide for the
BIG-IP WebAcceleratorSystem.)
3. The WebAccelerator system examines the request elements and
creates a UCI, and then reviews its cache to see if it has a compiled
response stored under that same UCI.
http://-/?-http://-/?- -
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
28/94
Chapter 2
2 - 4
If the content is being requested for the first time (there is no
matching compiled response in the WebAccelerator systems
cache), the WebAccelerator system uses the host map to relay the
request to the appropriate origin web server to get the required
content.
If content with the same UCI is already stored as a compiled
response in the WebAccelerator systems cache, the
WebAccelerator system checks to see if the content has expired.
If the content has expired, the WebAccelerator system checks to
see if the information in its cache still matches the origin web
server. If it does, the WebAccelerator system moves directly to
step 7. Otherwise, it performs the following step.
4. The origin web server either responds or queries the application
servers or databases content.
5. The application servers or databases provide the input back to the
origin web server.
6. The origin web server replies to the WebAccelerator system with
the requested material, and the WebAccelerator system compiles the
response. If the response meets the appropriate requirements, the
WebAccelerator system stores the compiled response in its cache
under the appropriate UCI. (For more information about HTTP
response requirements see thePolicy Management Guide for the
BIG-IP WebAcceleratorSystem.)
7. The WebAccelerator system uses the compiled response, and any
associated assembly rule parameters, to recreate the page. The
assembly rule parameters dictate how to update the page with
generated content. (For information about assembly rules, see thechapter, Configuring Assembly Rules, in thePolicy Management
Guide for the BIG-IP WebAcceleratorSystem.)
8. The WebAccelerator system directs the response to the client.
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
29/94
Overview of the WebAccelerator System
Configuration Guide for the BIG-IP WebAcceleratorTM System 2 - 5
Generating log filesThe WebAccelerator system generates two types of system log files:
Change logs
These logs are used to pass data between WebAccelerator system
processes and to populate the content displayed in the Performance
Reports. For information about Performance Reports, see Using
performance reports, on page 5-1.
Hit logs
These logs contain the same type of information as the HTTP web server
log files. Hit logs are disabled by default. For information about how to
enable customize the content for the hit logs, see the chapter, Specifying
Log Formats, in thePolicy Management Guide for the BIG-IP
WebAcceleratorSystem.
By default, the WebAccelerator system monitors these log files on an hourly
basis and rotates the log when it reaches 10MB. For information about how
to modify these parameters, see Changing the log file monitoring interval,
on page 3-18 and Changing log file rotation parameters, on page 4-11.
http://wa_monitor.pdf/http://wa_monitor.pdf/http://wa_monitor.pdf/http://wa_monitor.pdf/http://wa_monitor.pdf/ -
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
30/94
Chapter 2
2 - 6
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
31/94
3Initial Configuration and Maintenance Tasks
Completing initial configuration for the Local TrafficManager
Completing initial configuration for the
WebAccelerator system
Completing optional configuration tasks
Performing maintenance tasks
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
32/94
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
33/94
Initial Configuration and Maintenance Tasks
Configuration Guide for the BIG-IP WebAcceleratorTM System 3 - 1
Completing initial configuration for the Local Traffic
ManagerBefore you configure the WebAccelerator system, you must complete the
following tasks on the BIG-IP Local Traffic Manager.
Install, activate, and configure resource provisioning for the
WebAccelerator license.
Configure general network settings.
Configure name resolution (DNS or entries to the host file).
If you have not yet completed the required configuration on the BIG-IP
Local Traffic Manager, refer to theBIG-IP Systems: Getting Started
Guide, the Configuration Guide for BIG-IP Local Traffic Manager,
and the TMOS Management Guide for BIG-IP Systems for additional
information. These guides are available on the Technical Support web site,
https://support.f5.com.
After you perform these configuration tasks on the BIG-IP Local Traffic
Manager, you then perform the initial configuration tasks for the
WebAccelerator system as outlined in the next section, Completing initial
configuration for the WebAccelerator system, on page 3-2.
Important
On the WebAccelerator 4500 platform, resource provisioning is set by
default, and you simply perform the initial Setup utility procedures to access
the WebAccelerator systems navigation menu.
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
34/94
Chapter 3
3 - 2
Completing initial configuration for the
WebAccelerator systemAfter you have performed the initial configuration tasks on the BIG-IP
Local Traffic Manager, you can begin configuration for the WebAccelerator
system, by:
Defining an NTP server
Creating an HTTP class profile
Configuring a virtual server and pool on the BIG-IP Local Traffic
Manager
Creating an application profile
Defining an NTP serverNetwork Time Protocol (NTP) synchronizes the clocks on your network
with a defined NTP server. This synchronization ensures that the
WebAccelerator system properly maintains its cache, and synchronizes
configuration changes for optional symmetric deployments.
To define an NTP server
1. In the navigation pane, expand System and clickConfiguration.
The Device, General properties screen displays BIG-IP system
properties and operations.
2. From the Device menu, choose NTP.
The Device, NTP properties screen displays the NTP properties.
3. In the Address box, type an address for the NTP server.
4. Click Add.
5. Click Update.
Creating the HTTP class profileThe HTTP class profile uses the HTTP header, cookie, host, and path, and
other HTTP items to classify traffic in order to accelerate traffic for
applications that are running on a virtual server.
To create the HTTP class profile
1. In the navigation pane, expand WebAccelerator and clickClass
Profiles.
The Class Profiles screen displays the WebAccelerator class profiles
and their status.
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
35/94
Initial Configuration and Maintenance Tasks
Configuration Guide for the BIG-IP WebAcceleratorTM System 3 - 3
2. Click Create.
The Class Profiles, New HTTP Class screen displays the properties,
configuration, and actions settings for a class profile.
3. In the Name box, type a name for the HTTP class profile.For example, SEAWebAccelerator.
4. From the Parent Profile list, select httpclass.
5. In the Configuration area, verify that WebAccelerator setting is set
to Enabled. Leave all other settings at Match all.
6. Click Finished.
WARNING
The HTTP class profile exists in both the WebAccelerator and theLocal
Traffic sections of the Configuration utility. In the WebAccelerator section
of the Configuration utility, the WebAccelerator system is enabled by
default. In the Local Traffic section of the Configuration utility, you must
select the Custom check box and explicitly enable WebAccelerator. If you
create the HTTP class profile from theLocal Traffic section and you do not
enable the WebAccelerator system, you effectively disable web acceleration
for the associated virtual server.
Configuring a virtual server and poolThe virtual server processes and routes incoming traffic in accordance with
the settings that you configure in the associated HTTP class profile. The
pool hosts the application for which you want the WebAccelerator system to
accelerate traffic, using the application profiles acceleration policy.
Note
The following procedure outlines only the basic virtual server and pool
configuration. For detailed information about virtual servers, pools, and the
other local traffic components, refer to the Configuration Guide for
BIG-IP Local Traffic Manager on the Ask F5 Technical Support web
site,https://support.f5.com.
To configure a virtual server and pool
1. In the navigation pane, expand Local Traffic, and then click
Virtual Servers.The Virtual Servers: Virtual Server List screen displays a list of
existing virtual servers.
2. Click Create.
The Virtual Servers: Virtual Server List, New Virtual Server screen
displays the properties, configuration, and resources settings for a
virtual server.
3. In the Name box, type a name for the virtual server.
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
36/94
Chapter 3
3 - 4
4. For the DestinationType, clickHost and type an IP address in the
Address box.
5. In the Service Port box, type the appropriate service port for your
application. For example, for HTTP, the port is 80. Alternatively,you can select a service type from the list.
6. Select Enabled from the State list.
7. Select http-acceleration from the HTTP Profile list.
Important: We strongly recommend that you leave RAM Cache
enabled for thehttp-accelerationprofile and that you do not make
any modifications to the RAM Cache default settings forMinimum
Object Size,Maximum Object Size, URI Caching, andIgnore
Headers, as it will adversely affect the way the BIG-IP
WebAccelerator system manages HTTP traffic for your site.
8. From the Configuration list, select Advanced.
9. Check Enabled next to Port Translation.
Important: IfPort Translation is disabled for the virtual server, the
WebAccelerator system cannot properly accelerate traffic.
10. In the Resources section, select the WebAccelerator-enabled HTTP
class profile from the HTTP Class Profiles Available list, and click
the Move button (
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
37/94
Initial Configuration and Maintenance Tasks
Configuration Guide for the BIG-IP WebAcceleratorTM System 3 - 5
Creating an application profileThe application profile provides the key information that the
WebAccelerator system needs to appropriately handle requests to your sites
web applications. Before you can create the application profile, you must
complete the following tasks:
Define your host map
Choose an acceleration policy
Defining your host map
When the WebAccelerator system receives an HTTP request, it compares
the host on the request to those in itshost map to determine which
application profile to apply. Once it matches to an application profile, it can
use the associated acceleration policy you assigned to handle the request.
When you create a host map, you identify the domain as it appears on theHTTP Host request header. These domains are calledrequested hosts.
When you specify the host name for the requested host in a host map, you
can use a wildcard, an asterisk (*) followed by a period, for the first
character in the domain. This wildcard can represent one or more
subdomains, enabling you to map several subdomains to one origin web
server in one step. Using a wildcard saves time if your site has several
subdomains.
Following are examples of valid requested host names that use wildcards.
*.sales.siterequest.com maps to the following (all to the same
destination host):
direct.sales.siterequest.com
marketing.sales.siterequest.com
marcom.marketing.sales.siterequest.com
*siterequest.com maps to the following (all to the same destination
host):
www.siterequest.com
engineering.siterequest.com
direct.sales.siterequest.com
marketing.sales.siterequest.com
marcom.marketing.sales.siterequest.com
*.com maps all incoming requests that end in .com to one destination
host.
* maps all incoming requests to one destination host.
If the WebAccelerator system can map multiple requested host names to a
request, it chooses the host name that most closely matches the request.
Consider the following defined host names:
a.com
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
38/94
Chapter 3
3 - 6
www.a.com
*.b.a.com
*.a.com
If the WebAccelerator system receives requests that contain these URLs, it
maps to the requested hosts as follows:
A request to www.a.com maps to www.a.com, and does not map to
*.a.com.
A request to a.com maps to a.com.
Requests to c.a.com and b.a.com both map to *.a.com.
A request to c.b.a.com maps to *.b.a.com.
WARNING
If the WebAccelerator system is not managing all of the traffic to the hosts,do not use a wildcard.
Choosing an acceleration policy
You may select a predefined acceleration policy that is associated with your
specific application publisher or you may use one of the two predefined
general delivery acceleration policies. Both work well for most sites that use
Java 2 Platform Enterprise Edition (J2EE) applications.
Level 1 Delivery
This predefined acceleration policy is compliant with HTML version 2.0.
For this acceleration policy, the WebAccelerator system:
Sends all requests for HTML pages to the origin web server forcontent.
Ignores any no-cache directives included in HTTP Cache-Control
request headers, and uses the cache response directives that it receives
from the origin web server.
Level 2 Delivery
This predefined acceleration policy is compliant with HTML version 3.0
and later. For this acceleration policy, the WebAccelerator system:
Caches HTML pages and assigns a lifetime setting of0, which
prompts the WebAccelerator system to provide fresh content by
making subsequent requests for that content, using a conditional GET.
Uses the Intelligent Browser Referencing feature only for documents
and includes.
Ignores any no-cache directives included in HTTP Cache-Control
request header, and uses the cache response directives that it receives
from the origin web server.
After you have planned your host map and chosen an acceleration policy,
create the application profile using the following procedure.
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
39/94
Initial Configuration and Maintenance Tasks
Configuration Guide for the BIG-IP WebAcceleratorTM System 3 - 7
To create an application profile
1. In the navigation pane, expand WebAccelerator and click
Applications.
The Applications screen displays a list of existing applications andassociated policies.
2. Click Create.
The Applications, New Application screen displays options,
policies, and hosts settings for an application.
3. In the Application Name box, type a name for the application.
4. In the Description box, type an optional description.
5. From the Central Policy list, select the acceleration policy that you
want the WebAccelerator system to use when requesting
information from the associated application.
If you have configured an optional symmetric deployment, werecommend that you select the predefined acceleration policy called,
Symmetric Deployment, because it is specifically designed to
manage content assembly in a symmetric deployment. For more
information, see Using a symmetric deployment, on page 3-12.
6. If you have configured an optional symmetric deployment, from the
Remote Policy list, select an acceleration policy for the remote
WebAccelerator system. We recommend that you select the
predefined acceleration policy, Symmetric Deployment. If you do
not have a symmetric deployment, do not select a remote policy.
7. Optionally, from the Destination Host list, select a user-defined
destination host. This setting displays only if you have configured
an additional destination host.
8. In the Hosts section at the bottom of the screen, click the AddHost
button.
9. In the Requested Host box, type a valid host name for each client
host that you want to allow access to the application.
10. Click Save.
Verifying the application profile
After you create an application profile, you must verify that the
WebAccelerator system is able to properly send data to and receive datafrom the origin web servers.
To verify the application profile
1. On a machine separate from the WebAccelerator system, and from
which you can run a web browser, open thehosts file and add the
host name that you used to access the web site application. The host
name must point to the IP address for the virtual server that you
configured.
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
40/94
Chapter 3
3 - 8
Note: On Microsoft Windows 2000 and Windows XP machines,
the hosts file is located at
C:\WINDOWS\system32\drivers\etc\hosts
For example, if you can access the web site at thewww.siterequest.comdomain and the virtual server is at IP address
11.1.11.3, add the following line to the hosts file on the machine
running the browser:
11.1.11.3 www.siterequest.com
All network traffic from the web browser machine for
www.siterequest.com subsequently goes to the virtual server.
2. Request a page from www.siterequest.com.
You should see the page that you would have received if your
browser had accessed the origin web servers directly. If the browser
times out the request, it means that either the WebAccelerator
system is not running, or the firewall is blocking access to port 80on the WebAccelerator system.
3. If you receive an Access denied by intermediary error, perform the
following tasks:
Verify that the hosts file is correct.
Verify that the host map for the application profile is correct.
Verify that you used a domain in the request that matches a
requested host in the host map, and that it maps to the destination
host.
4. After you verify the application profile and confirm that the host
mapping is correct, remove any entries that you changed or added.
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
41/94
Initial Configuration and Maintenance Tasks
Configuration Guide for the BIG-IP WebAcceleratorTM System 3 - 9
Completing optional configuration tasksAfter you complete the essential configuration tasks, you can further
customize by configuring the WebAccelerator system to: Process unmapped requests
Use MultiConnect
Accelerate requests in a symmetric deployment
Note
In addition to the optional configuration tasks noted here, you can also
create a user-defined acceleration policy or import a signed acceleration
policy. For more information, refer to thePolicy Management Guide for
the BIG-IP WebAccelerator System.
Processing unmapped requestsA request for a domain that is not listed in the requested host map is called
an unmapped request. If you create an application policy that is based on a
host name that is not identified in a host map, you will have an unmapped
host map. By default, the WebAccelerator system replies to clients that
request unmapped hosts with an HTTP 403 response code. F5 Networks
recommends that you reconcile unmapped requests by adding the host name
to the host map for the applications that are using the specified application
profile.
Another option is to allow the WebAccelerator system to process unmapped
requests, instead of responding with an error; however, the following
security implication is associated with processing unmapped requests.
Security implication
If you configure the WebAccelerator system to process unmapped requests
and you do not specify a proxy server, you enable the WebAccelerator
system to act as a relay. F5 Networks recommends that you do not enable
unmapped request processing unless your network meets one of the
following conditions.
Both the WebAccelerator system and the origin web server are on a
private and secure network.
You specify a proxy server to forward the unmapped requests to, as
described in step 4 of the following procedure, and you configure that
proxy server to properly manage unwanted or unsanctioned requests.
To enable unmapped request processing
1. In the navigation pane, expand WebAccelerator and click
Unmapped hosts.
The Unmapped Hosts screen displays a setting to process unmapped
hosts.
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
42/94
Chapter 3
3 - 10
2. Select the Process requests for unmapped hosts check box.
The screen refreshes and displays additional options.
3. From the Policy list, select an acceleration policy for which you
want to process unmapped requests.
4. To forward unmapped host requests to a specific proxy server,
select the check box next to Forward unmapped host requests to
a proxy server in the Forward Proxy Options area, and type an
address in the Server Address box.
5. Click Save.
Using the MultiConnect featureMost browsers create a limited number of TCP connections when requesting
data. You can achieve faster data downloads by using the WebAcceleratorsystemsMultiConnect feature, which modifies embedded URLs with
unique subdomains, prompting the browser to open more simultaneous TCP
connections.
When MultiConnect is enabled, it prompts the clients web browser to open
additional TCP connections to the WebAccelerator system for each
subdomain when requesting pages over the HTTP protocol. The origin web
servers never get a request from these additional subdomains; the additional
subdomains are used exclusively on embedded URLs or links that request
images or scripts and are only for requests and/or responses between the
client and the WebAccelerator system.
The WebAccelerator system uses the MultiConnect feature only on the
following types of links.
Image tags:
Script tags:
Forms whose input type is an image:
The MultiConnect feature is best suited for sites that have a high number of
first-time visitors who are downloading a large number of images or scripts.
F5 Networks recommends that you use this feature only if you have
high-bandwidth links, because the additional TCP connections also increase
the amount of traffic your site must manage.To use this feature, you must first perform the following tasks:
Configure DNS with entries for the additional subdomains.
Map the additional DNS entries to the same IP address as the base origin
web server (for example, www.siterequest.com).
Assign specific prefixes to the additional subdomains. For example, if
the requested host for the mapping is www.siterequest.com, and you
request two additional subdomains for the HTTP protocol, you assign a
subdomain prefix ofwa.
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
43/94
Initial Configuration and Maintenance Tasks
Configuration Guide for the BIG-IP WebAcceleratorTM System 3 - 11
Construct a trusted SSL certificate that lists the additional subdomains
that you created, as Subject Alternative Name entries. (This task is
required only if you are configuring MultiConnect for use with HTTPS.)
Once you perform these tasks, the WebAccelerator system changes the
domain on qualifying embedded URLs and links so that they use the
domains you specified. For example:
wa1.www.siterequest.com
wa2.www.siterequest.com
Important
Some client browsers close HTTPS connections to one domain before
opening HTTPS connections to a new domain. This type of browser
behavior can decrease the speed of access to applications for which the
MultiConnect feature is enabled; therefore, F5 Networks recommends that
you do not enable the MultiConnect feature for HTTPS connections.
To configure subdomains for the MultiConnect feature
1. In the navigation pane, expand WebAccelerator and click
Applications.
The Applications screen displays a list of existing applications and
associated policies.
2. Click the name of the application for which you want to configure
the MultiConnect feature.
3. In the Hosts area at the bottom of the screen, click the Options link
next to the Requested Host box for which you want to configure
MultiConnect.
4. From the HTTP Subdomains and HTTPS Subdomains lists,
select the number of subdomains that you want the WebAccelerator
system to generate for each protocol.
5. In the Subdomain Prefix box, type a prefix or leave it at the default
ofwa.
6. Click Save.
Important
If you are configuring MultiConnect for use with HTTPS, you must alsoconstruct a trusted SSL certificate that lists the additional subdomains that
you created as Subject Alternative Name entries. If you are configuring
MultiConnect for use with only HTTP, this step is not necessary. For more
specific information about specifying Subject Alternative Name entries,
contact your certificate authority.
After you map the additional subdomains and construct a trusted SSL
certificate with the Subject Alternative Name entries (Subject Alternative
Name entries are required only for HTTPS connections), you can enable the
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
44/94
Chapter 3
3 - 12
MultiConnect feature for a specific acceleration policies as described in
Chapter 8,Assembly Rules, of thePolicy Management Guide for the
BIG-IP WebAcceleratorSystem.
Using a symmetric deploymentAn optional configuration for a site with multiple WebAccelerator systems
is a symmetric deployment. Asymmetric deployment consists of central and
remote WebAccelerator systems that have synchronized configurations.
With this configuration, users can transparently utilize the functionality of a
WebAccelerator system on another network across town, or across the
globe, from both sides of the transaction as illustrated in Figure 3.1.
Figure 3.1 Symmetric deployment example
In a symmetric deployment, thecentral WebAccelerator system is the
WebAccelerator system that is closest to the application it is accelerating.The central WebAccelerator system is accessed by local clients as well as
clients from aremote WebAccelerator system located in a separate
geographic location, which can be around the world or across the country.
For example, say you have a WebAccelerator system located at a corporate
office in North America that is accelerating a web mail server application
that employees in a satellite office in Europe use. For this symmetric
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
45/94
Initial Configuration and Maintenance Tasks
Configuration Guide for the BIG-IP WebAcceleratorTM System 3 - 13
deployment, the central WebAccelerator system is located at the corporate
office, closest to the web mail application, and the remote WebAccelerator
system is the WebAccelerator system in Europe.
In this example, the satellite office employee sends an email request to hislocal WebAccelerator system in Europe, which responds to the request, or,
if new content is required, sends the request to the central WebAccelerator
system located in the corporate office in North America. The central
WebAccelerator system responds to the request, or, if new content is
required, sends the request to the origin web mail server. The central
WebAccelerator system then caches the response and responds to the remote
WebAccelerator system in Europe.
Once the remote WebAccelerator system in Europe receives the response
from the central WebAccelerator system in North America, it caches that
response and then sends it to the employee. As long as the content is still
valid, the remote WebAccelerator system in Europe can then respond to
future requests for the same content from local clients.
Note
To monitor the status of an origin web server in a symmetric deployment,
you must do so through the BIG-IP Local Traffic Manager systemshttp
monitor only on the central WebAccelerator system. For more information
about configuring and usinghttp monitors, see the Configuration Guide for
BIG-IP Local Traffic Manager.
Configuring a symmetric deployment
To configure a symmetric deployment, you must:
Configure one or more central WebAccelerator systems and one or moreremote WebAccelerator systems.
Manually exchange SSL certificates between the systems.
Important
An NTP server is required to properly maintain the WebAccelerator
systems cache and to synchronize changes among the systems in a
symmetric deployment. Before you perform the following procedure, you
must define an NTP server for the WebAccelerator systems on which you
are configuring the symmetrical deployment. For information about
defining an NTP server, seeDefining an NTP server, on page 3-2.
All members of a symmetric deployment are peers. Therefore, after you
perform the initial configuration and manually exchange SSL certificates
between the systems, subsequent changes that you make to any member
propagate immediately to all other members of the symmetric deployment.
This propagation happens regardless of whether the member you made a
change to is a central or remote WebAccelerator system.
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
46/94
Chapter 3
3 - 14
Keep in mind that you must have at least one designated central
WebAccelerator system at all times. In other words, you cannot delete or
change the role of a central WebAccelerator system unless you have another
central WebAccelerator system configured.
WARNING
In a symmetric deployment, the remote and central WebAccelerator systems
communicate over port4353 and exchange SSL certificates over port22. If
a firewall exists between these systems, you must modify its configuration so
that port4353 and port22 are open. If you fail to open these ports, the
central and remote WebAccelerator systems cannot properly exchange SSL
certificates or synchronize.
The first step to creating a symmetric deployment is to configure a central
WebAccelerator system.
To configure a central WebAccelerator system
Important
When you configure a symmetric deployment, you must use external self IP
addresses for the central and remote WebAccelerator systems. To find the
external facing self IP address for each WebAccelerator system, use theb
selfcommand.
1. In the navigation pane, expand WebAccelerator, and then click
Symmetric Deployment.
The Symmetric Deployment screen displays lists of existing central
and remote WebAccelerator systems.
2. Click Create.
The Symmetric Deployment, New Symmetric Deployment screen
displays settings to configure a central WebAccelerator system.
3. In the Name box, type a name for the central WebAccelerator
system.
4. If the WebAccelerator system uses network address translation
(NAT) to communicate with other WebAccelerator systems in the
data center, select the Use NAT Support check box.
If the WebAccelerator system does not use NAT, skip to step 7.
5. In the Global Address box, type the public IP address that theWebAccelerator system uses to communicate with computers
outside of the data center.
6. In the Internal Address box, type the IP address that the
WebAccelerator system uses to communicate with other
WebAccelerator systems within the data center. Skip to step 8.
7. In the IP Address box, type the static self IP address for the central
WebAccelerator system. This is the external facing (non-floating)
self IP address for the central system.
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
47/94
Initial Configuration and Maintenance Tasks
Configuration Guide for the BIG-IP WebAcceleratorTM System 3 - 15
8. For the Role setting, select the Central check box.
9. From the Data Center list, select a data center or leave it at the
Default Data Center.
Alternatively, select Add a New Data Center and type a new datacenter name in the associated box.
10. Click Save.
After you configure a central WebAccelerator system for the symmetric
deployment, you can create one or more remote WebAccelerator systems.
To configure a remote WebAccelerator system
Important
When you configure a symmetric deployment, you must use external self IPaddresses for the central and remote WebAccelerator systems. To find the
external facing self IP address for each WebAccelerator system, use theb
selfcommand.
1. On the Symmetric Deployment screen, clickCreate.
The Symmetric Deployment, New Symmetric Deployment screen
displays settings to configure a remote WebAccelerator system.
2. In the Name box, type a name for the remote WebAccelerator
system.
3. If the WebAccelerator system uses network address translation
(NAT) to communicate with other WebAccelerator systems in the
data center, select the Use NAT Support check box.
If the WebAccelerator system does not use NAT, skip to step 6.
4. In the Global Address box, type the public IP address that the
WebAccelerator system uses to communicate with computers
outside of the data center.
5. In the Internal Address box, type the IP address that the
WebAccelerator system uses to communicate with other
WebAccelerator systems within the data center. Skip to step 7.
6. In the IP address box, type the static self IP address for the remote
WebAccelerator system. This is the external facing (non-floating)
self IP address for the remote system.7. Select the Remote check box.
8. From the Data Center list, select a data center or leave it at Default
Data Center.
Alternatively, select Add a New Data Center and type a new data
center name in the associated box.
9. Click Save.
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
48/94
Chapter 3
3 - 16
To view or modify a WebAccelerator system in a
symmetric deployment
1. In the navigation pane, expand WebAccelerator, and click
Symmetric Deployment.The Symmetric Deployment screen displays lists of existing central
and remote WebAccelerator systems.
2. Click the name of a WebAccelerator system to view or change its
configuration details.
3. Click Save to save any changes you made, or clickCancel to return
to the WebAccelerators screen.
Exchange SSL certificates
After you configure the central and remote WebAccelerators on one
WebAccelerator system, you must exchange SSL certificates between thesystems by logging on to all the other WebAccelerator systems in the
deployment, and running a script on each machine.
You are required to run this script only upon initial configuration, or any
time that you add a new WebAccelerator system to the symmetric
deployment. After the initial SSL certificate exchange, synchronization
between the systems occurs automatically.
To exchange SSL certificates from the command line
1. From the command line of each remote WebAccelerator system in
the symmetric deployment, type the following command:
/usr/local/wa/scripts/wam_add.pl
2. Type Y to run the script.
3. Type the self IP address of the WebAccelerator system on which
you performed the initial symmetric deployment configuration, and
press the Enter key.
4. Type the central WebAccelerator systems root password each time
it is requested, and press Enter.
The WebAccelerator system confirms that it successfully retrieved and
loaded the SSL certificate files. You can now view the symmetric
deployment from the Configuration utility.
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
49/94
Initial Configuration and Maintenance Tasks
Configuration Guide for the BIG-IP WebAcceleratorTM System 3 - 17
Performing maintenance tasksAfter you complete the basic configuration required for the WebAccelerator
system to process traffic, you can perform the following procedures, asrequired.
Check system processes
Manage system log file rotation
Checking the WebAccelerator system processesThe process that you use to initially configure the WebAccelerator system
confirms that the basic functionality of the WebAccelerator system software
is working. After you complete the WebAccelerator systems initial
installation process and configuration, you can perform additional checks to
verify that the software is working correctly.
To check the WebAccelerator system processes from the
command line
1. Log on to the BIG-IP system as root.
2. Type the following command:
bigstart status | more
Several process should be running.
3. Verify that the following processes are up:
comm_srv
hds_prune
pvac
tomcat
waicd
You can move through each page by pressing the space bar.
4. After you verify that the processes are running, type q to quit.
Note
For additional information about troubleshooting the system processes, see
Using performance reports, on page 5-1.
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
50/94
Chapter 3
3 - 18
Changing the log file monitoring intervalThe WebAccelerator system manages hit log files that contain large
amounts of data. By default, the WebAccelerator system monitors these logs
every hour, and rotates the file any time the size is over 10 MB. This log file
rotation helps to avoid filling up the disk partition, which could potentially
cause a system failure.
You can use the following two Linux shell commands to change the interval
at which the WebAccelerator system monitors the system logs, from hourly
to daily.
rm /etc/cron.hourly/wa_logrotate
ln s /usr/local/wa/scripts/wa_logrotate /etc/cron.daily/wa_logrotate/
For more information about these commands, view the rm and ln man
pages.
For information about changing the log file rotation interval, see Changing
log file rotation parameters, on page 4-11.
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
51/94
4Changing Default Settings
Understanding object classification
Understanding URL normalization
Customizing options in the pvsystem.conf file
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
52/94
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
53/94
Changing Default Settings
Configuration Guide for the BIG-IP WebAcceleratorTM System 4 - 1
Understanding object classificationBefore sending a response to a client, the WebAccelerator system enters
an informational X-PvInfo response header into the response to describehow it handled the response. You cannot change these informational
headers, and they do not affect processing, however, they can provide useful
information for evaluating the efficiency of your acceleration policies.
Part of the information included in the X-PvInfo response header is the
object type. The WebAccelerator system classifies, byobject type and
group, every response it receives from the origin web servers. The object
type and group classification determine how the WebAccelerator system
handles compression for the response.
Classifying by object typeTo classify a response by object type, the WebAccelerator system reviews
the response headers and classifies the responses based on the first
information it finds, in the following order:
File extension in the Content-Disposition headers file name field
File extension in the Content-Disposition headers extension field
Content-Type header in the response, unless it is an ambiguous MIME
type
Extension of the path in the request
For example, if the extension in the Content-Disposition headers file name
field is empty, then the WebAccelerator system looks at the
Content-Disposition headers extension field. IfContent-Disposition
headers field has an extension, the WebAccelerator system checks to see if
an object type is configured for the extension. If there is no match, it assigns
an object type ofother, and uses the object settings for other. The
WebAccelerator system looks at the information in the Content-Type
header only if there is no extension in the Content-Disposition headers file
name or extension fields.
Classifying by groupIn addition to classifying the response by object type, the WebAccelerator
system also classifies the response by group. For example, in the followingX-PvInfo response header the object type (OT) is defined as Microsoft
Word (msword) and the object group (OG) is documents.
X-PvInfo: [S10101.C30649.A28438.RA0.G0.U58517886].[OT/msword.OG/documents]
Note
For information about the other content contained in aX-PvInfo response
header, see thePolicy Management Guide for the BIG-IP
WebAccelerator System.
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
54/94
Chapter 4
4 - 2
Managing object types
The WebAccelerator system offers the following object types.
Pre-defined Object TypesThe WebAccelerator system ships with several predefined object types,
most of which are optimized for objects associated with specific
applications.
User-defined Object Types
A user-defined object type is an object type that you create and for which
you specify all of the parameters dictating how the WebAccelerator
system manages the specified object type.
The Objects Types screen displays all of the object types that the
WebAccelerator system is currently applying to your acceleration policies.
To access the Object Types screenIn the navigation pane, expand WebAccelerator, clickPolicies, then click
Object Types.
Figure 4.1 shows an example Object Types screen.
Figure 4.1 Object Types screen
http://-/?-http://-/?- -
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
55/94
Changing Default Settings
Configuration Guide for the BIG-IP WebAcceleratorTM System 4 - 3
From the Object Types screen, you can view the object types that the
WebAccelerator system is currently applying to acceleration policies, as
well as access additional screens where you can perform the following tasks:
Create a user-defined object type. View and modify the settings for an existing user-defined or predefined
object type.
Delete a user-defined object type.
Note
You can delete only user-defined object types; you cannot delete predefined
object types.
When you create a new object type or modify an existing object type, the
WebAccelerator system applies the object type changes globally to all
acceleration policies. If you have an optional symmetrical deployment, newobjects types that you create and changes that you make to existing objects
synchronize with the other WebAccelerator systems in the symmetrical
deployment.
Note
For more information about configuring a symmetrical deployment, see
Using a symmetric deployment, on page 3-12.
To create a user-defined object type
1. In the navigation pane, expand WebAccelerator, clickPolicies, and
then clickObject Types.
The Policies, Object Types screen displays a list of user-defined and
predefined object types.
2. Click the Create button.
The Policies, Object Types, New Object Type screen displays
settings for a new object type.
3. In the Description box, type a descriptive name to display on the
Object Types screen for the new object. For example, Rich Text
Format.
4. In the ObjectType box, type a short name for the new object. For
example, rtf. This name displays on the Object Types screen and in
the X-PvInfo response header.
5. From the Group list, select a group that you want to display in the
X-PvInfo response header for the new object.
Alternatively, select Add a new group, and type a new group name
in the box.
6. For each extension you want to add for the new object, click the
Add button and type the extension, as a single value, into the box.
For example, rtx.
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
56/94
Chapter 4
4 - 4
Note: Do not include a preceding period ( . ) when specifying an
extension.
When the WebAccelerator system finds a file extension in a file
name or in the Content-Disposition header of the response, itattempts to match that extension to one of the values that you
specified. If there is a match, it classifies the response as the object
you specified for the extension.
7. For each MIME type you want to add for the new object, click the
Add button and type the MIME type, as a single value, into the box.
For example, application/rtf.
If the WebAccelerator systems does not find an extension in the
name or extension fields of the Content-Disposition header, it
looks in the Content-Type header of the response to attempt to
match that to one of the MIME types you specified. If there is a
match, it classifies the response as the object you specified for the
MIME type.
8. From the Enable Compression list, select one of the following to
specify when the WebAccelerator system should use gzip in the
response:
Policy Controlled
Uses the compression setting specified in the assembly rule,
which the WebAccelerator system matched for this object type.
This is the default setting.
In Symmetric Deployment only
Compresses the response only if the client is another
WebAccelerator system in a symmetric deployment.
Keep in mind that if you select this option, it supersedes theassembly rules Enable Content Compression setting for this
object type. Select this option only if you have a symmetric
deployment and want the WebAccelerator system to compress
this object type when it is sent between a central and remote
WebAccelerator system.
None
Never compresses the response.
Keep in mind that if you select this option, it overrides the
assembly rules Enable Content Compression setting for this
object type. Select this option only if you want the
WebAccelerator system to ignore the compression setting for any
configured assembly rules that matches to the specified object
type.
9. Click Save.
The screen refreshes and the new object type that you created
displays in the User-defined Object Types table and the
WebAccelerator system applies the new object type to all
acceleration policies.
-
8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System
57/94
Changing Default Settings
Configuration Guide for the BIG-IP WebAcceleratorTM System 4 - 5
To view and edit an existing user-defined or predefined
object type
1. In the navigation pane, expand WebAccelerator, clickPolicies, and
then clickObject Types.The Policies, Object Type