configuration guide for the big-ip web accelerator system

8/4/2019 Configuration Guide for the BIG-IP Web Accelerator System

1/94

Configuration Guidfor the BIG-IP WebAccelerator Syste

version 1

MAN-02


2/94


3/94

Configuration Guide for the BIG-IP WebAcceleratorTM System i

Product Version

This manual applies to product version 10.2 of the BIG-IP WebAccelerator.

Publication DateThis manual was published on July 29, 2010.

Legal Notices

Copyright

Copyright 2008-2010, F5 Networks, Inc. All rights reserved.

F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5

assumes no responsibility for the use of this information, nor any infringement of patents or other rights of

third parties which may result from its use. No license is granted by implication or otherwise under any

patent, copyright, or other intellectual property right of F5 except as specifically described by applicableuser licenses. F5 reserves the right to change specifications at any time without notice.

Trademarks

F5, F5 Networks, the F5 logo, BIG-IP, 3-DNS, Access Policy Manager, APM, Acopia, Acopia Networks,

Application Accelerator, Ask F5, Application Security Manager, ASM, ARX, Data Guard, Edge Client,

Edge Gateway, Enterprise Manager, EM, FirePass, FreedomFabric, Global Traffic Manager, GTM,

iControl, Intelligent Browser Referencing, Internet Control Architecture, IP Application Switch, iRules,

Link Controller, LC, Local Traffic Manager, LTM, Message Security Module, MSM, NetCelera,

OneConnect, Packet Velocity, Protocol Security Module, PSM, Secure Access Manager, SAM, SSL

Accelerator, SYN Check, Traffic Management Operating System, TMOS, TrafficShield, Transparent Data

Reduction, uRoam, VIPRION, WANJet, WAN Optimization Module, WOM, WebAccelerator, WA, and

ZoneRunner are trademarks or service marks of F5 Networks, Inc., in the U.S. and other countries, and

may not be used without F5's express written consent.

All other product and company names herein may be trademarks of their respective owners.

Patents

This product protected by U.S. Patent[s] 6,505,230; 6,640,240; 6,772,203; 6,970, 933; 7,113,962; and

7,114,180. Other patents pending.

Export Regulation Notice

This product may include cryptographic software. Under the Export Administration Act, the United States

government may consider it a criminal offense to export this product from the United States.

RF Interference Warning

This is a Class A product. In a domestic environment this product may cause radio interference, in which

case the user may be required to take adequate measures.

FCC Compliance

This equipment has been tested and found to comply with the limits for a Class A digital device pursuant

to Part 15 of FCC rules. These limits are designed to provide reasonable protection against harmful

interference when the equipment is operated in a commercial environment. This unit generates, uses, and

can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual,

may cause harmful interference to radio communications. Operation of this equipment in a residential area

is likely to cause harmful interference, in which case the user, at his own expense, will be required to take

whatever measures may be required to correct the interference.

Any modifications to this device, unless expressly approved by the manufacturer, can void the user's

authority to operate this equipment under part 15 of the FCC rules.


4/94

ii

Canadian Regulatory Compliance

This Class A digital apparatus complies with Canadian ICES-003.

Standards ComplianceThis product conforms to the IEC, European Union, ANSI/UL and Canadian CSA standards applicable toInformation Technology products at the time of manufacture.

Acknowledgments

This product includes software developed by the University of California, Berkeley and its contributors.

This product includes software developed by the Computer Systems Engineering Group at the Lawrence

Berkeley Laboratory.

This product includes software developed by the NetBSD Foundation, Inc. and its contributors.

This product includes software developed by Christopher G. Demetriou for the NetBSD Project.

This product includes software developed by Adam Glass.

This product includes software developed by Christian E. Hopps.

This product includes software developed by Dean Huxley.

This product includes software developed by John Kohl.

This product includes software developed by Paul Kranenburg.

This product includes software developed by Terrence R. Lambert.

This product includes software developed by Philip A. Nelson.

This product includes software developed by Herb Peyerl.

This product includes software developed by Jochen Pohl for the NetBSD Project.

This product includes software developed by Chris Provenzano.

This product includes software developed by Theo de Raadt.

This product includes software developed by David Muir Sharnoff.

This product includes software developed by SigmaSoft, Th. Lockert.

This product includes software developed for the NetBSD Project by Jason R. Thorpe.

This product includes software developed by Jason R. Thorpe for And Communications,

http://www.and.com.

This product includes software developed for the NetBSD Project by Frank Van der Linden.This product includes software developed for the NetBSD Project by John M. Vinopal.

This product includes software developed by Christos Zoulas.

This product includes software developed by Charles Hannum.

This product includes software written by Steffen Beyer and licensed under the Perl Artistic License and

the GPL

This product includes software written by Makamaka Hannyaharamitu (C) 2007-2008.

This product includes software developed by Charles Hannum, by the University of Vermont and State

Agricultural College and Garrett A. Wollman, by William F. Jolitz, and by the University of California,

Berkeley, Lawrence Berkeley Laboratory, and its contributors.

This product includes software developed by the University of Vermont and State Agricultural College and

Garrett A. Wollman.

In the following statement, "This software" refers to the Mitsumi CD-ROM driver: This software was

developed by Holger Veit and Brian Moore for use with "386BSD" and similar operating systems.

"Similar operating systems" includes mainly non-profit oriented systems for research and education,including but not restricted to "NetBSD," "FreeBSD," "Mach" (by CMU).

In the following statement, "This software" refers to the parallel port driver: This software is a component

of "386BSD" developed by William F. Jolitz, TeleMuse.

This product includes software developed by the Apache Group for use in the Apache HTTP server project

(http://www.apache.org/).

This product includes software developed by Darren Reed. ( 1993-1998 by Darren Reed).

This product includes software licensed from Richard H. Porter under the GNU Library General Public

License ( 1998, Red Hat Software), www.gnu.org/copyleft/lgpl.html.


5/94

Configuration Guide for the BIG-IP WebAcceleratorTM System iii

This product includes the standard version of Perl software licensed under the Perl Artistic License (

1997, 1998 Tom Christiansen and Nathan Torkington). All rights reserved. You may find the most current

standard version of Perl at http://www.perl.com.

This product includes software developed by the University of California, Berkeley and its contributors.

This product includes software developed by the Computer Systems Engineering Group at the Lawrence

Berkeley Laboratory.

This product includes software developed by the NetBSD Foundation, Inc. and its contributors.

This product includes software developed by Christopher G. Demetriou for the NetBSD Project.

This product includes software developed by Adam Glass.

This product includes software developed by Christian E. Hopps.

This product includes software developed by Dean Huxley.

This product includes software developed by John Kohl.

This product includes software developed by Paul Kranenburg.

This product includes software developed by Terrence R. Lambert.

This product includes software developed by Philip A. Nelson.

This product includes software developed by Herb Peyerl.

This product includes software developed by Jochen Pohl for the NetBSD Project.

This product includes software developed by Chris Provenzano.

This product includes software developed by Theo de Raadt.

This product includes software developed by David Muir Sharnoff.

This product includes software developed by SigmaSoft, Th. Lockert.

This product includes software developed for the NetBSD Project by Jason R. Thorpe.

This product includes software developed by Jason R. Thorpe for And Communications,

http://www.and.com.

This product includes software developed for the NetBSD Project by Frank Van der Linden.

This product includes software developed for the NetBSD Project by John M. Vinopal.

This product includes software developed by Christos Zoulas.

This product includes software developed by Charles Hannum.

This product includes software developed by Charles Hannum, by the University of Vermont and Stage

Agricultural College and Garrett A. Wollman, by William F. Jolitz, and by the University of California,

Berkeley, Lawrence Berkeley Laboratory, and its contributors.

This product includes software developed by the University of Vermont and State Agricultural College and

Garrett A. Wollman.

In the following statement, "This software" refers to the Mitsumi CD-ROM driver: This software was

developed by Holger Veit and Brian Moore for use with "386BSD" and similar operating systems.

"Similar operating systems" includes mainly non-profit oriented systems for research and education,

including but not restricted to "NetBSD," "FreeBSD," "Mach" (by CMU).

In the following statement, "This software" refers to the parallel port driver: This software is a component

of "386BSD" developed by William F. Jolitz, TeleMuse.

This product includes software developed by the Apache Group for use in the Apache HTTP server project

(http://www.apache.org/).

This product includes software developed by Darren Reed. ( 1993-1998 by Darren Reed).

This product includes software licensed from Richard H. Porter under the GNU Library General Public

License ( 1998, Red Hat Software), www.gnu.org/copyleft/lgpl.html.

This product includes the standard version of Perl software licensed under the Perl Artistic License (

1997, 1998 Tom Christiansen and Nathan Torkington). All rights reserved. You may find the most current

standard version of Perl at http://www.perl.com.

This product includes software developed by Eric Young.

Portions of the material included in Appendix C came from the Internet Software Consortium,

http://www.isc.org/.

Rsync was written by Andrew Tridgell and Paul Mackerras, and is available under the Gnu Public License.

This product includes Malloc library software developed by Mark Moraes. ( 1988, 1989, 1993,

University of Toronto).


6/94

iv

This product includes open SSL software developed by Eric Young ([email protected]), ( 1995-1998).

This product includes open SSH software developed by Tatu Ylonen , Espoo, Finland (

1995).

This product includes open SSH software developed by Niels Provos ( 1999).

This product includes SSH software developed by Mindbright Technology AB, Stockholm, Sweden,

www.mindbright.se, [email protected] ( 1998-1999).

This product includes free SSL software developed by Object Oriented Concepts, Inc., St. John's, NF,

Canada, ( 2000).

This product includes software developed by Object Oriented Concepts, Inc., Billerica, MA, USA (

2000).

This product includes software developed by The Legion of the Bouncy Castle. Copyright (c) 2000 - 2009

The Legion Of The Bouncy Castle (http://www.bouncycastle.org)


7/94

Table of Contents
http://preface.pdf/http://preface.pdf/


8/94


9/94

Table of Contents

Configuration Guide for the BIG-IP WebAcceleratorTM System vii

1Getting Started

About the WebAccelerator system ...........................................................................................1-1

Managing your applications ..................................................................................................1-1Monitoring traffic to your applications .............................................................................1-1

Deployment options for the WebAccelerator system .................................................1-2

Using the Configuration utility .....................................................................................................1-4

Accessing acceleration policies ....................................................................................................1-7

Reviewing the documentation set ...............................................................................................1-8

Finding help and technical support resources ..........................................................................1-9

2Overview of the WebAccelerator System

Servicing requests to your origin web servers ........................................................................2-1

Processing HTTP requests and managing responses .....................................................2-2

Generating log files .........................................................................................................................2-5

3Initial Configuration and Maintenance Tasks

Completing initial configuration for the Local Traffic Manager ............................................3-1

Completing initial configuration for the WebAccelerator system ......................................3-2

Defining an NTP server ........................................................................................................3-2

Creating the HTTP class profile .........................................................................................3-2

Configuring a virtual server and pool ................................................................................3-3

Creating an application profile ............................................................................................3-5

Completing optional configuration tasks ...................................................................................3-9

Processing unmapped requests ..........................................................................................3-9

Using the MultiConnect feature ...................................................................................... 3-10

Using a symmetric deployment ....................................................................................... 3-12

Performing maintenance tasks .................................................................................................. 3-17Checking the WebAccelerator system processes ...................................................... 3-17

Changing the log file monitoring interval ...................................................................... 3-18

4Changing Default Settings

Understanding object classification .............................................................................................4-1

Classifying by object type .....................................................................................................4-1

Classifying by group ...............................................................................................................4-1

Managing object types ...........................................................................................................4-2

Understanding URL normalization ..............................................................................................4-6

Managing URL normalization settings ...............................................................................4-7

Selectively disabling content-based identity .....................................................................4-8

Customizing options in the pvsystem.conf file ...................................................................... 4-10Changing log file rotation parameters ............................................................................ 4-11

Changing TTL parameters for compiled responses .................................................... 4-12

Changing cookie encryption parameters ...................................................................... 4-13

Changing default values for HDS prune ........................................................................ 4-14

5Troubleshooting and Monitoring

Using performance reports ..........................................................................................................5-1

Using error and status log files ....................................................................................................5-3


10/94

Table of Contents

viii

tomcat ......................................................................................................................................5-3

intelligence interface ..............................................................................................................5-3

pvac ...........................................................................................................................................5-3

Using system log files .....................................................................................................................5-4

Resolving communication system failures .................................................................................5-5Using X-PvInfo response headers ...............................................................................................5-6

Invalidating and clearing the WebAccelerator systems cache .............................................5-7

Glossary

Index


11/94

1Getting Started

About the WebAccelerator system

Using the Configuration utility

Accessing acceleration policies

Reviewing the documentation set

Finding help and technical support resources


12/94


13/94

Getting Started

Configuration Guide for the BIG-IP WebAcceleratorTM System 1 - 1

About the WebAccelerator system

The BIG-IP WebAccelerator system is a delivery solution designed to

improve the speed at which users access your web applications (such asMicrosoft SharePoint, Microsoft Outlook Web Access, BEA

AquaLogic, SAP Portal, Oracle Siebel CRM, Oracle Portal, and

others) and wide area network (WAN).

The WebAccelerator system does this through acceleration policy features

that modify web browser behavior, as well as compresses and caches

dynamic and static content, which decreases bandwidth usage and ensures

that your users get the most quick and efficient access to your web

applications and WAN. These processes, and deployment options, are

discussed in the following sections. For more specific information about the

how the WebAccelerator system manages access to your web applications,

see Chapter 2, Overview of the WebAccelerator System.

The BIG-IP WebAccelerator system is one of several products thatconstitute the BIG-IP product family. All BIG-IP products run on the Traffic

Management Operating System, commonly referred to as TMOS. For an

overview of the complete BIG-IP product offering, see theIntroduction to

the BIG-IP System chapter of the TMOS Management Guide for BIG-IP

Systems.

Managing your applicationsTo accelerate access to your applications, the WebAccelerator system uses

acceleration policies that use a proprietary language to manipulate HTTP

responses from origin web servers. After the WebAccelerator systemmanipulates the HTTP responses using its Rewrite Engine, it processes the

responses. Therefore, the WebAccelerator system processes manipulated

responses, rather than the original responses that are sent by the origin web

servers.

Note

For information about how to create customized rewrite scripts, contact F5

Networks Technical Support.

Monitoring traffic to your applicationsIn addition to the using the acceleration policy features, you can easily

monitor your HTTP traffic and system processes through monitoring tools.

For more information about monitoring the WebAccelerator system

processes and traffic, see Chapter 5, Troubleshooting and Monitoring.


14/94

Chapter 1

1 - 2

Deployment options for the WebAccelerator systemThere are two basic deployment options for the WebAccelerator system.

Asymmetric Symmetric

Anasymmetric deployment consists of one or more WebAccelerator

systems installed on one end of a WAN, and in the same location as the

origin web servers that are running the applications to which the

WebAccelerator system is accelerating client access.

Figure 1.1 illustrates an asymmetric deployment with a single

WebAccelerator system on one end of a WAN.

Figure 1.1 Asymmetric deployment example

Asymmetric deployment is composed of sets of two WebAccelerator

systems: a central WebAccelerator system and a remote WebAccelerator

system. These WebAccelerator systems are located on opposite ends of a

WAN.

Figure 1.2, on page 1-3 illustrates a symmetric deployment with multiple

WebAccelerator systems located in remote offices.
http://-/?-http://-/?-http://-/?-http://-/?-


15/94

Getting Started


Figure 1.2 Symmetric deployment example

In a symmetric deployment, thecentral WebAccelerator system is installed

closest to the origin web servers running the applications to which the

WebAccelerator system is accelerating client access. TheremoteWebAccelerator system is installed close to the clients, which can be in a

separate geographic site around the world or across the country.

You can deploy any number of WebAccelerator systems in any combination

of configurations, including a simultaneous configuration of asymmetric and

symmetric deployments. This flexibility gives you the freedom to choose

the most appropriate WebAccelerator system deployment for your

environment, guaranteeing that all clients requesting information are getting

the fastest possible access.

For specific information about how to deploy an optional symmetric

deployment, see Configuring a symmetric deployment, on page 3-13.


16/94

Chapter 1

1 - 4

Using the Configuration utilityThe Configuration utility is the browser-based graphical user interface that

provides you access to the WebAccelerator systems configuration options,as well as the configuration options for the network, system, and local

traffic. From the Help tab, you can access context-sensitive information

about the controls and settings located on each on each screen.

To access the Configuration utility

1. Open a web browser.

2. In the address box, type a URL that includes the management IP

address of the BIG-IP device, as follows:

https://

For example, if the management IP address of the BIG-IP device is

192.168.168.102, type https://192.168.168.102 in the address box.

3. Type a valid user name and password.

4. Click OK.

Figure 1.3, on page 1-5 shows an example of the Welcome screen for the

Configuration utility. The modules displayed depend on your software

licenses.

Important

All users need to use the web-based Configuration utility to license the

system for the first time. For the most current list of the supported browsersfor the Configuration utility, refer to the current WebAccelerator system

release note athttps://support.f5.com.
http://-/?-http://-/?-


17/94

Getting Started


Figure 1.3 Welcome screen for the Configuration utility

The Configuration utility contains the following components:

The identification and messages area

This area, above the navigation pane, the menu bar, and the body, iswhere you find the system identification, including the host name, and

management IP address. This area also displays certain system messages.

The navigation pane

This area, located on the left side of the screen, contains the Main tab, the

Help tab, and the About tab. The Main tab provides links to the major

configuration objects for the various modules. The Help tab provides

context-sensitive help for each screen in the Configuration utility. The

About tab provides a quick way to locate information about Setup,

Support, Plugins, and Download system options.


18/94

Chapter 1

1 - 6

The menu bar

Located below the identification and messages area, and above the body,

the menu bar provides links to configuration objects within each major

object.

The body

Located in the center of the screen, the body displays configuration

settings.


19/94

Getting Started


Accessing acceleration policiesAnacceleration policy is a collection of matching rules and acceleration

rules that determine how the WebAccelerator system manages and respondsto HTTP requests to your web applications. The Policies screen displays all

of the acceleration policies available for assignment to your applications.

To access the Policies screen

In the navigation pane, expand WebAccelerator and clickPolicies.

The Policies screen displays a list of existing acceleration policies.

Figure 1.4 Example Policies screen

From the Policies screen, you can access additional screens, from which you

can perform additional tasks. For more information about managing

acceleration policies, see thePolicy Management Guide for the BIG-IP

WebAcceleratorTMSystem.


20/94

Chapter 1

1 - 8

Reviewing the documentation setThe WebAccelerator system documentation set consists of the following

items:

Configuration Guide for the BIG-IP WebAcceleratorTMSystem

Describes the core product concepts and provides the procedures for

configuring and monitoring the WebAccelerator system.

Policy Management Guide for the BIG-IP WebAcceleratorTMSystem

Provides information about creating and editing policies to tailor the

WebAccelerator system for optimal performance.

Release notes

Provide information about new features, fixes, known issues, and

workarounds.

Online help

Provides context-sensitive description of each control and setting on eachscreen.

Additionally, you must review specific chapters in the following guides:

BIG-IP Systems: Getting Started Guide

For information about performing the required configuration for the

BIG-IP Local Traffic ManagerTM, as well as information about installing,

enabling, and configuring resource provisioning for the WebAccelerator

system license.

Configuration Guide for BIG-IP Local Traffic Manager

For information about how to define a virtual server and pool.

TMOS Management Guide for BIG-IP Systems

For an overview of the complete BIG-IP product offering.


21/94

Getting Started


Finding help and technical support resourcesYou can find technical documentation and product information using the

following resources: Welcome screen in the Configuration utility

The Welcome screen in the Configuration utility contains links to many

useful web sites and resources, including:

The F5 Networks Technical Support web site

The F5 Solution Center

The F5 DevCentralSM web site

Plug-ins, SNMP MIBs, and SSH clients.

Online help

The WebAccelerator system provides context-sensitive online help for

each screen. The online help contains descriptions of each control and

setting on the screen. To access the online help, click the Help tab on theleft navigation pane of the Configuration utility.

F5 Networks Technical Support web site

The F5 Networks Technical Support web site provides the latest

documentation set for the product, including:

Release notes, current and past

Software and hardware guides, current and past (in PDF and HTML

format)

Technical notes

The Ask F5SM Knowledge Base

To access the F5 Networks Technical Support web site, you need to register

at https://support.f5.com.


22/94

Chapter 1

1 - 10


23/94

2Overview of the WebAccelerator System

Servicing requests to your origin web servers

Generating log files


24/94


25/94

Overview of the WebAccelerator System


Servicing requests to your origin web serversMost sites are built on a collection of web servers, application servers, and

database servers that we refer to collectively asorigin web servers. TheBIG-IP WebAcceleratorTM system is installed on your network between the

users of your applications and the origin web servers on which the

applications run, and accelerates your applications response to HTTP

requests.

Origin web servers can serve all possible permutations of content, while the

WebAccelerator system only stores and serves page content that clients have

previously requested from your site. By transparently servicing the bulk of

common requests, the WebAccelerator system significantly reduces the load

on your origin web servers, which improves performance for your site.

Once installed, the WebAccelerator system receives all requests destined for

the origin web server. When a client makes an initial request for a specific

object, the WebAccelerator system relays the request to the origin webserver, and caches the response that it receives in accordance with the

policy, before forwarding the response to the client. The next time a client

requests the same object, the WebAccelerator system serves the response

from its cache, based on lifetime settings within the policy, instead of

sending the request to the origin web servers.

This means that, for each HTTP request it receives, the WebAccelerator

system performs one of the following actions:

Services the request from its cache

Upon receiving a request from a browser or web client, the

WebAccelerator system initially checks to see if it can service the request

from compiled responses in its cache.

Sends the request to the origin web servers

If the WebAccelerator system is unable to service the request from its

cache, it sends a request to the origin web server. Once it receives a

response from the origin web server, the WebAccelerator system caches

that response according to the associated acceleration policy rules, and

then forwards the request to the client.

Relays the request to the origin web servers

The WebAccelerator system relays requests directly to the origin web

server, for some predefined types of content, such as requests for

streaming video.

Creates a tunnel to send the request to the origin web servers

For any encrypted traffic (HTTPS) content that you do not want theWebAccelerator system to process, you can use tunneling. Note that the

WebAccelerator system can cache and respond to SSL traffic without

using tunnels.


26/94

Chapter 2

2 - 2

During the process ofapplication matching, the WebAccelerator uses the

information in the HTTP request to match the request to an application

profile that you created. Once matched to an application profile, the

WebAccelerator system applies the associated acceleration policys

matching rules in order to group the request and response to a specific leaf

node on the Policy Tree. The WebAccelerator system, then applies the

acceleration policys acceleration rules to each group. Theseacceleration

rules dictate how the WebAccelerator system manages the request.

To perform the processes required to manage requests, the WebAccelerator

system uses the following services:

Communications server

This service manages the communications between all WebAccelerator

system processes.

HDS prune

This service manages the on-disk cache and removes compiled responses

that are no longer needed. For more information about HDS prune, seeChanging default values for HDS prune, on page 4-14.

pvac

This service manages HTTP traffic in accordance with the options

defined in the associated acceleration policy.

waicd

This service manages the communications between peer WebAccelerator

systems in a symmetric deployment.

For information about how to monitor these services, see Checking the

WebAccelerator system processes, on page 3-17.

Processing HTTP requests and managing responsesThe first time that a WebAccelerator system receives new content from the

origin web server in response to an HTTP request, it processes the

information as follows, before returning the requested object (response) to

the client:

Compiles an internal representation of the object

The WebAccelerator system uses compiled responses received from the

origin web server, to assemble an object in response to an HTTP request.

Assigns a Unique Content Identifier (UCI) to the compiled response,

based on elements present in the request

The origin web server generates specific responses based on certain

elements in the request, such as the URI and query parameters. The

WebAccelerator system includes these elements in a UCI that it creates,

so that it can easily match future requests to the correct content in its

cache. The WebAccelerator system matches content to the UCI for both

the request and the compiled response that it created to service the

request.


27/94



The WebAccelerator system processes requests and responses in a general

sequential pattern, as illustrated in Figure 2.1.

Figure 2.1 Request/Response flow

Each step is defined as follows.

1. Clients, using web browsers, request pages from your site. From the

clients perspective, they are connecting directly to your site; they

have no knowledge of the WebAccelerator system.

2. The WebAccelerator system examines the clients request to

determine if it meets all the HTTP requirements needed to service

the request.

If the request does not meet the HTTP requirements, the

WebAccelerator system issues an error to the client. (Forinformation about what the WebAccelerator system requires to

service a request, see thePolicy Management Guide for the

BIG-IP WebAcceleratorSystem.)

3. The WebAccelerator system examines the request elements and

creates a UCI, and then reviews its cache to see if it has a compiled

response stored under that same UCI.
http://-/?-http://-/?-


28/94

Chapter 2

2 - 4

If the content is being requested for the first time (there is no

matching compiled response in the WebAccelerator systems

cache), the WebAccelerator system uses the host map to relay the

request to the appropriate origin web server to get the required

content.

If content with the same UCI is already stored as a compiled

response in the WebAccelerator systems cache, the

WebAccelerator system checks to see if the content has expired.

If the content has expired, the WebAccelerator system checks to

see if the information in its cache still matches the origin web

server. If it does, the WebAccelerator system moves directly to

step 7. Otherwise, it performs the following step.

4. The origin web server either responds or queries the application

servers or databases content.

5. The application servers or databases provide the input back to the

origin web server.

6. The origin web server replies to the WebAccelerator system with

the requested material, and the WebAccelerator system compiles the

response. If the response meets the appropriate requirements, the

WebAccelerator system stores the compiled response in its cache

under the appropriate UCI. (For more information about HTTP

response requirements see thePolicy Management Guide for the

BIG-IP WebAcceleratorSystem.)

7. The WebAccelerator system uses the compiled response, and any

associated assembly rule parameters, to recreate the page. The

assembly rule parameters dictate how to update the page with

generated content. (For information about assembly rules, see thechapter, Configuring Assembly Rules, in thePolicy Management

Guide for the BIG-IP WebAcceleratorSystem.)

8. The WebAccelerator system directs the response to the client.


29/94



Generating log filesThe WebAccelerator system generates two types of system log files:

Change logs

These logs are used to pass data between WebAccelerator system

processes and to populate the content displayed in the Performance

Reports. For information about Performance Reports, see Using

performance reports, on page 5-1.

Hit logs

These logs contain the same type of information as the HTTP web server

log files. Hit logs are disabled by default. For information about how to

enable customize the content for the hit logs, see the chapter, Specifying

Log Formats, in thePolicy Management Guide for the BIG-IP

WebAcceleratorSystem.

By default, the WebAccelerator system monitors these log files on an hourly

basis and rotates the log when it reaches 10MB. For information about how

to modify these parameters, see Changing the log file monitoring interval,

on page 3-18 and Changing log file rotation parameters, on page 4-11.
http://wa_monitor.pdf/http://wa_monitor.pdf/http://wa_monitor.pdf/http://wa_monitor.pdf/http://wa_monitor.pdf/


30/94

Chapter 2

2 - 6


31/94

3Initial Configuration and Maintenance Tasks

Completing initial configuration for the Local TrafficManager

Completing initial configuration for the

WebAccelerator system

Completing optional configuration tasks

Performing maintenance tasks


32/94


33/94

Initial Configuration and Maintenance Tasks


Completing initial configuration for the Local Traffic

ManagerBefore you configure the WebAccelerator system, you must complete the

following tasks on the BIG-IP Local Traffic Manager.

Install, activate, and configure resource provisioning for the

WebAccelerator license.

Configure general network settings.

Configure name resolution (DNS or entries to the host file).

If you have not yet completed the required configuration on the BIG-IP

Local Traffic Manager, refer to theBIG-IP Systems: Getting Started

Guide, the Configuration Guide for BIG-IP Local Traffic Manager,

and the TMOS Management Guide for BIG-IP Systems for additional

information. These guides are available on the Technical Support web site,

https://support.f5.com.

After you perform these configuration tasks on the BIG-IP Local Traffic

Manager, you then perform the initial configuration tasks for the

WebAccelerator system as outlined in the next section, Completing initial

configuration for the WebAccelerator system, on page 3-2.

Important

On the WebAccelerator 4500 platform, resource provisioning is set by

default, and you simply perform the initial Setup utility procedures to access

the WebAccelerator systems navigation menu.


34/94

Chapter 3

3 - 2

Completing initial configuration for the

WebAccelerator systemAfter you have performed the initial configuration tasks on the BIG-IP

Local Traffic Manager, you can begin configuration for the WebAccelerator

system, by:

Defining an NTP server

Creating an HTTP class profile

Configuring a virtual server and pool on the BIG-IP Local Traffic

Manager

Creating an application profile

Defining an NTP serverNetwork Time Protocol (NTP) synchronizes the clocks on your network

with a defined NTP server. This synchronization ensures that the

WebAccelerator system properly maintains its cache, and synchronizes

configuration changes for optional symmetric deployments.

To define an NTP server

1. In the navigation pane, expand System and clickConfiguration.

The Device, General properties screen displays BIG-IP system

properties and operations.

2. From the Device menu, choose NTP.

The Device, NTP properties screen displays the NTP properties.

3. In the Address box, type an address for the NTP server.

4. Click Add.

5. Click Update.

Creating the HTTP class profileThe HTTP class profile uses the HTTP header, cookie, host, and path, and

other HTTP items to classify traffic in order to accelerate traffic for

applications that are running on a virtual server.

To create the HTTP class profile

1. In the navigation pane, expand WebAccelerator and clickClass

Profiles.

The Class Profiles screen displays the WebAccelerator class profiles

and their status.


35/94



2. Click Create.

The Class Profiles, New HTTP Class screen displays the properties,

configuration, and actions settings for a class profile.

3. In the Name box, type a name for the HTTP class profile.For example, SEAWebAccelerator.

4. From the Parent Profile list, select httpclass.

5. In the Configuration area, verify that WebAccelerator setting is set

to Enabled. Leave all other settings at Match all.

6. Click Finished.

WARNING

The HTTP class profile exists in both the WebAccelerator and theLocal

Traffic sections of the Configuration utility. In the WebAccelerator section

of the Configuration utility, the WebAccelerator system is enabled by

default. In the Local Traffic section of the Configuration utility, you must

select the Custom check box and explicitly enable WebAccelerator. If you

create the HTTP class profile from theLocal Traffic section and you do not

enable the WebAccelerator system, you effectively disable web acceleration

for the associated virtual server.

Configuring a virtual server and poolThe virtual server processes and routes incoming traffic in accordance with

the settings that you configure in the associated HTTP class profile. The

pool hosts the application for which you want the WebAccelerator system to

accelerate traffic, using the application profiles acceleration policy.

Note

The following procedure outlines only the basic virtual server and pool

configuration. For detailed information about virtual servers, pools, and the

other local traffic components, refer to the Configuration Guide for

BIG-IP Local Traffic Manager on the Ask F5 Technical Support web

site,https://support.f5.com.

To configure a virtual server and pool

1. In the navigation pane, expand Local Traffic, and then click

Virtual Servers.The Virtual Servers: Virtual Server List screen displays a list of

existing virtual servers.

2. Click Create.

The Virtual Servers: Virtual Server List, New Virtual Server screen

displays the properties, configuration, and resources settings for a

virtual server.

3. In the Name box, type a name for the virtual server.


36/94

Chapter 3

3 - 4

4. For the DestinationType, clickHost and type an IP address in the

Address box.

5. In the Service Port box, type the appropriate service port for your

application. For example, for HTTP, the port is 80. Alternatively,you can select a service type from the list.

6. Select Enabled from the State list.

7. Select http-acceleration from the HTTP Profile list.

Important: We strongly recommend that you leave RAM Cache

enabled for thehttp-accelerationprofile and that you do not make

any modifications to the RAM Cache default settings forMinimum

Object Size,Maximum Object Size, URI Caching, andIgnore

Headers, as it will adversely affect the way the BIG-IP

WebAccelerator system manages HTTP traffic for your site.

8. From the Configuration list, select Advanced.

9. Check Enabled next to Port Translation.

Important: IfPort Translation is disabled for the virtual server, the

WebAccelerator system cannot properly accelerate traffic.

10. In the Resources section, select the WebAccelerator-enabled HTTP

class profile from the HTTP Class Profiles Available list, and click

the Move button (


37/94



Creating an application profileThe application profile provides the key information that the

WebAccelerator system needs to appropriately handle requests to your sites

web applications. Before you can create the application profile, you must

complete the following tasks:

Define your host map

Choose an acceleration policy

Defining your host map

When the WebAccelerator system receives an HTTP request, it compares

the host on the request to those in itshost map to determine which

application profile to apply. Once it matches to an application profile, it can

use the associated acceleration policy you assigned to handle the request.

When you create a host map, you identify the domain as it appears on theHTTP Host request header. These domains are calledrequested hosts.

When you specify the host name for the requested host in a host map, you

can use a wildcard, an asterisk (*) followed by a period, for the first

character in the domain. This wildcard can represent one or more

subdomains, enabling you to map several subdomains to one origin web

server in one step. Using a wildcard saves time if your site has several

subdomains.

Following are examples of valid requested host names that use wildcards.

*.sales.siterequest.com maps to the following (all to the same

destination host):

direct.sales.siterequest.com

marketing.sales.siterequest.com

marcom.marketing.sales.siterequest.com

*siterequest.com maps to the following (all to the same destination

host):

www.siterequest.com

engineering.siterequest.com

direct.sales.siterequest.com

marketing.sales.siterequest.com

marcom.marketing.sales.siterequest.com

*.com maps all incoming requests that end in .com to one destination

host.

* maps all incoming requests to one destination host.

If the WebAccelerator system can map multiple requested host names to a

request, it chooses the host name that most closely matches the request.

Consider the following defined host names:

a.com


38/94

Chapter 3

3 - 6

www.a.com

*.b.a.com

*.a.com

If the WebAccelerator system receives requests that contain these URLs, it

maps to the requested hosts as follows:

A request to www.a.com maps to www.a.com, and does not map to

*.a.com.

A request to a.com maps to a.com.

Requests to c.a.com and b.a.com both map to *.a.com.

A request to c.b.a.com maps to *.b.a.com.

WARNING

If the WebAccelerator system is not managing all of the traffic to the hosts,do not use a wildcard.

Choosing an acceleration policy

You may select a predefined acceleration policy that is associated with your

specific application publisher or you may use one of the two predefined

general delivery acceleration policies. Both work well for most sites that use

Java 2 Platform Enterprise Edition (J2EE) applications.

Level 1 Delivery

This predefined acceleration policy is compliant with HTML version 2.0.

For this acceleration policy, the WebAccelerator system:

Sends all requests for HTML pages to the origin web server forcontent.

Ignores any no-cache directives included in HTTP Cache-Control

request headers, and uses the cache response directives that it receives

from the origin web server.

Level 2 Delivery

This predefined acceleration policy is compliant with HTML version 3.0

and later. For this acceleration policy, the WebAccelerator system:

Caches HTML pages and assigns a lifetime setting of0, which

prompts the WebAccelerator system to provide fresh content by

making subsequent requests for that content, using a conditional GET.

Uses the Intelligent Browser Referencing feature only for documents

and includes.

Ignores any no-cache directives included in HTTP Cache-Control

request header, and uses the cache response directives that it receives

from the origin web server.

After you have planned your host map and chosen an acceleration policy,

create the application profile using the following procedure.


39/94



To create an application profile

1. In the navigation pane, expand WebAccelerator and click

Applications.

The Applications screen displays a list of existing applications andassociated policies.

2. Click Create.

The Applications, New Application screen displays options,

policies, and hosts settings for an application.

3. In the Application Name box, type a name for the application.

4. In the Description box, type an optional description.

5. From the Central Policy list, select the acceleration policy that you

want the WebAccelerator system to use when requesting

information from the associated application.

If you have configured an optional symmetric deployment, werecommend that you select the predefined acceleration policy called,

Symmetric Deployment, because it is specifically designed to

manage content assembly in a symmetric deployment. For more

information, see Using a symmetric deployment, on page 3-12.

6. If you have configured an optional symmetric deployment, from the

Remote Policy list, select an acceleration policy for the remote

WebAccelerator system. We recommend that you select the

predefined acceleration policy, Symmetric Deployment. If you do

not have a symmetric deployment, do not select a remote policy.

7. Optionally, from the Destination Host list, select a user-defined

destination host. This setting displays only if you have configured

an additional destination host.

8. In the Hosts section at the bottom of the screen, click the AddHost

button.

9. In the Requested Host box, type a valid host name for each client

host that you want to allow access to the application.

10. Click Save.

Verifying the application profile

After you create an application profile, you must verify that the

WebAccelerator system is able to properly send data to and receive datafrom the origin web servers.

To verify the application profile

1. On a machine separate from the WebAccelerator system, and from

which you can run a web browser, open thehosts file and add the

host name that you used to access the web site application. The host

name must point to the IP address for the virtual server that you

configured.


40/94

Chapter 3

3 - 8

Note: On Microsoft Windows 2000 and Windows XP machines,

the hosts file is located at

C:\WINDOWS\system32\drivers\etc\hosts

For example, if you can access the web site at thewww.siterequest.comdomain and the virtual server is at IP address

11.1.11.3, add the following line to the hosts file on the machine

running the browser:

11.1.11.3 www.siterequest.com

All network traffic from the web browser machine for

www.siterequest.com subsequently goes to the virtual server.

2. Request a page from www.siterequest.com.

You should see the page that you would have received if your

browser had accessed the origin web servers directly. If the browser

times out the request, it means that either the WebAccelerator

system is not running, or the firewall is blocking access to port 80on the WebAccelerator system.

3. If you receive an Access denied by intermediary error, perform the

following tasks:

Verify that the hosts file is correct.

Verify that the host map for the application profile is correct.

Verify that you used a domain in the request that matches a

requested host in the host map, and that it maps to the destination

host.

4. After you verify the application profile and confirm that the host

mapping is correct, remove any entries that you changed or added.


41/94



Completing optional configuration tasksAfter you complete the essential configuration tasks, you can further

customize by configuring the WebAccelerator system to: Process unmapped requests

Use MultiConnect

Accelerate requests in a symmetric deployment

Note

In addition to the optional configuration tasks noted here, you can also

create a user-defined acceleration policy or import a signed acceleration

policy. For more information, refer to thePolicy Management Guide for

the BIG-IP WebAccelerator System.

Processing unmapped requestsA request for a domain that is not listed in the requested host map is called

an unmapped request. If you create an application policy that is based on a

host name that is not identified in a host map, you will have an unmapped

host map. By default, the WebAccelerator system replies to clients that

request unmapped hosts with an HTTP 403 response code. F5 Networks

recommends that you reconcile unmapped requests by adding the host name

to the host map for the applications that are using the specified application

profile.

Another option is to allow the WebAccelerator system to process unmapped

requests, instead of responding with an error; however, the following

security implication is associated with processing unmapped requests.

Security implication

If you configure the WebAccelerator system to process unmapped requests

and you do not specify a proxy server, you enable the WebAccelerator

system to act as a relay. F5 Networks recommends that you do not enable

unmapped request processing unless your network meets one of the

following conditions.

Both the WebAccelerator system and the origin web server are on a

private and secure network.

You specify a proxy server to forward the unmapped requests to, as

described in step 4 of the following procedure, and you configure that

proxy server to properly manage unwanted or unsanctioned requests.

To enable unmapped request processing


Unmapped hosts.

The Unmapped Hosts screen displays a setting to process unmapped

hosts.


42/94

Chapter 3

3 - 10

2. Select the Process requests for unmapped hosts check box.

The screen refreshes and displays additional options.

3. From the Policy list, select an acceleration policy for which you

want to process unmapped requests.

4. To forward unmapped host requests to a specific proxy server,

select the check box next to Forward unmapped host requests to

a proxy server in the Forward Proxy Options area, and type an

address in the Server Address box.

5. Click Save.

Using the MultiConnect featureMost browsers create a limited number of TCP connections when requesting

data. You can achieve faster data downloads by using the WebAcceleratorsystemsMultiConnect feature, which modifies embedded URLs with

unique subdomains, prompting the browser to open more simultaneous TCP

connections.

When MultiConnect is enabled, it prompts the clients web browser to open

additional TCP connections to the WebAccelerator system for each

subdomain when requesting pages over the HTTP protocol. The origin web

servers never get a request from these additional subdomains; the additional

subdomains are used exclusively on embedded URLs or links that request

images or scripts and are only for requests and/or responses between the

client and the WebAccelerator system.

The WebAccelerator system uses the MultiConnect feature only on the

following types of links.

Image tags:

Script tags:

Forms whose input type is an image:

The MultiConnect feature is best suited for sites that have a high number of

first-time visitors who are downloading a large number of images or scripts.

F5 Networks recommends that you use this feature only if you have

high-bandwidth links, because the additional TCP connections also increase

the amount of traffic your site must manage.To use this feature, you must first perform the following tasks:

Configure DNS with entries for the additional subdomains.

Map the additional DNS entries to the same IP address as the base origin

web server (for example, www.siterequest.com).

Assign specific prefixes to the additional subdomains. For example, if

the requested host for the mapping is www.siterequest.com, and you

request two additional subdomains for the HTTP protocol, you assign a

subdomain prefix ofwa.


43/94



Construct a trusted SSL certificate that lists the additional subdomains

that you created, as Subject Alternative Name entries. (This task is

required only if you are configuring MultiConnect for use with HTTPS.)

Once you perform these tasks, the WebAccelerator system changes the

domain on qualifying embedded URLs and links so that they use the

domains you specified. For example:

wa1.www.siterequest.com

wa2.www.siterequest.com

Important

Some client browsers close HTTPS connections to one domain before

opening HTTPS connections to a new domain. This type of browser

behavior can decrease the speed of access to applications for which the

MultiConnect feature is enabled; therefore, F5 Networks recommends that

you do not enable the MultiConnect feature for HTTPS connections.

To configure subdomains for the MultiConnect feature


Applications.

The Applications screen displays a list of existing applications and

associated policies.

2. Click the name of the application for which you want to configure

the MultiConnect feature.

3. In the Hosts area at the bottom of the screen, click the Options link

next to the Requested Host box for which you want to configure

MultiConnect.

4. From the HTTP Subdomains and HTTPS Subdomains lists,

select the number of subdomains that you want the WebAccelerator

system to generate for each protocol.

5. In the Subdomain Prefix box, type a prefix or leave it at the default

ofwa.

6. Click Save.

Important

If you are configuring MultiConnect for use with HTTPS, you must alsoconstruct a trusted SSL certificate that lists the additional subdomains that

you created as Subject Alternative Name entries. If you are configuring

MultiConnect for use with only HTTP, this step is not necessary. For more

specific information about specifying Subject Alternative Name entries,

contact your certificate authority.

After you map the additional subdomains and construct a trusted SSL

certificate with the Subject Alternative Name entries (Subject Alternative

Name entries are required only for HTTPS connections), you can enable the


44/94

Chapter 3

3 - 12

MultiConnect feature for a specific acceleration policies as described in

Chapter 8,Assembly Rules, of thePolicy Management Guide for the

BIG-IP WebAcceleratorSystem.

Using a symmetric deploymentAn optional configuration for a site with multiple WebAccelerator systems

is a symmetric deployment. Asymmetric deployment consists of central and

remote WebAccelerator systems that have synchronized configurations.

With this configuration, users can transparently utilize the functionality of a

WebAccelerator system on another network across town, or across the

globe, from both sides of the transaction as illustrated in Figure 3.1.

Figure 3.1 Symmetric deployment example

In a symmetric deployment, thecentral WebAccelerator system is the

WebAccelerator system that is closest to the application it is accelerating.The central WebAccelerator system is accessed by local clients as well as

clients from aremote WebAccelerator system located in a separate

geographic location, which can be around the world or across the country.

For example, say you have a WebAccelerator system located at a corporate

office in North America that is accelerating a web mail server application

that employees in a satellite office in Europe use. For this symmetric


45/94



deployment, the central WebAccelerator system is located at the corporate

office, closest to the web mail application, and the remote WebAccelerator

system is the WebAccelerator system in Europe.

In this example, the satellite office employee sends an email request to hislocal WebAccelerator system in Europe, which responds to the request, or,

if new content is required, sends the request to the central WebAccelerator

system located in the corporate office in North America. The central

WebAccelerator system responds to the request, or, if new content is

required, sends the request to the origin web mail server. The central

WebAccelerator system then caches the response and responds to the remote

WebAccelerator system in Europe.

Once the remote WebAccelerator system in Europe receives the response

from the central WebAccelerator system in North America, it caches that

response and then sends it to the employee. As long as the content is still

valid, the remote WebAccelerator system in Europe can then respond to

future requests for the same content from local clients.

Note

To monitor the status of an origin web server in a symmetric deployment,

you must do so through the BIG-IP Local Traffic Manager systemshttp

monitor only on the central WebAccelerator system. For more information

about configuring and usinghttp monitors, see the Configuration Guide for

BIG-IP Local Traffic Manager.

Configuring a symmetric deployment

To configure a symmetric deployment, you must:

Configure one or more central WebAccelerator systems and one or moreremote WebAccelerator systems.

Manually exchange SSL certificates between the systems.

Important

An NTP server is required to properly maintain the WebAccelerator

systems cache and to synchronize changes among the systems in a

symmetric deployment. Before you perform the following procedure, you

must define an NTP server for the WebAccelerator systems on which you

are configuring the symmetrical deployment. For information about

defining an NTP server, seeDefining an NTP server, on page 3-2.

All members of a symmetric deployment are peers. Therefore, after you

perform the initial configuration and manually exchange SSL certificates

between the systems, subsequent changes that you make to any member

propagate immediately to all other members of the symmetric deployment.

This propagation happens regardless of whether the member you made a

change to is a central or remote WebAccelerator system.


46/94

Chapter 3

3 - 14

Keep in mind that you must have at least one designated central

WebAccelerator system at all times. In other words, you cannot delete or

change the role of a central WebAccelerator system unless you have another

central WebAccelerator system configured.

WARNING

In a symmetric deployment, the remote and central WebAccelerator systems

communicate over port4353 and exchange SSL certificates over port22. If

a firewall exists between these systems, you must modify its configuration so

that port4353 and port22 are open. If you fail to open these ports, the

central and remote WebAccelerator systems cannot properly exchange SSL

certificates or synchronize.

The first step to creating a symmetric deployment is to configure a central

WebAccelerator system.

To configure a central WebAccelerator system

Important

When you configure a symmetric deployment, you must use external self IP

addresses for the central and remote WebAccelerator systems. To find the

external facing self IP address for each WebAccelerator system, use theb

selfcommand.

1. In the navigation pane, expand WebAccelerator, and then click

Symmetric Deployment.

The Symmetric Deployment screen displays lists of existing central

and remote WebAccelerator systems.

2. Click Create.

The Symmetric Deployment, New Symmetric Deployment screen

displays settings to configure a central WebAccelerator system.

3. In the Name box, type a name for the central WebAccelerator

system.

4. If the WebAccelerator system uses network address translation

(NAT) to communicate with other WebAccelerator systems in the

data center, select the Use NAT Support check box.

If the WebAccelerator system does not use NAT, skip to step 7.

5. In the Global Address box, type the public IP address that theWebAccelerator system uses to communicate with computers

outside of the data center.

6. In the Internal Address box, type the IP address that the

WebAccelerator system uses to communicate with other

WebAccelerator systems within the data center. Skip to step 8.

7. In the IP Address box, type the static self IP address for the central

WebAccelerator system. This is the external facing (non-floating)

self IP address for the central system.


47/94



8. For the Role setting, select the Central check box.

9. From the Data Center list, select a data center or leave it at the

Default Data Center.

Alternatively, select Add a New Data Center and type a new datacenter name in the associated box.

10. Click Save.

After you configure a central WebAccelerator system for the symmetric

deployment, you can create one or more remote WebAccelerator systems.

To configure a remote WebAccelerator system

Important

When you configure a symmetric deployment, you must use external self IPaddresses for the central and remote WebAccelerator systems. To find the

external facing self IP address for each WebAccelerator system, use theb

selfcommand.

1. On the Symmetric Deployment screen, clickCreate.

The Symmetric Deployment, New Symmetric Deployment screen

displays settings to configure a remote WebAccelerator system.

2. In the Name box, type a name for the remote WebAccelerator

system.

3. If the WebAccelerator system uses network address translation

(NAT) to communicate with other WebAccelerator systems in the

data center, select the Use NAT Support check box.

If the WebAccelerator system does not use NAT, skip to step 6.

4. In the Global Address box, type the public IP address that the

WebAccelerator system uses to communicate with computers

outside of the data center.

5. In the Internal Address box, type the IP address that the

WebAccelerator system uses to communicate with other

WebAccelerator systems within the data center. Skip to step 7.

6. In the IP address box, type the static self IP address for the remote

WebAccelerator system. This is the external facing (non-floating)

self IP address for the remote system.7. Select the Remote check box.

8. From the Data Center list, select a data center or leave it at Default

Data Center.

Alternatively, select Add a New Data Center and type a new data

center name in the associated box.

9. Click Save.


48/94

Chapter 3

3 - 16

To view or modify a WebAccelerator system in a

symmetric deployment

1. In the navigation pane, expand WebAccelerator, and click

Symmetric Deployment.The Symmetric Deployment screen displays lists of existing central

and remote WebAccelerator systems.

2. Click the name of a WebAccelerator system to view or change its

configuration details.

3. Click Save to save any changes you made, or clickCancel to return

to the WebAccelerators screen.

Exchange SSL certificates

After you configure the central and remote WebAccelerators on one

WebAccelerator system, you must exchange SSL certificates between thesystems by logging on to all the other WebAccelerator systems in the

deployment, and running a script on each machine.

You are required to run this script only upon initial configuration, or any

time that you add a new WebAccelerator system to the symmetric

deployment. After the initial SSL certificate exchange, synchronization

between the systems occurs automatically.

To exchange SSL certificates from the command line

1. From the command line of each remote WebAccelerator system in

the symmetric deployment, type the following command:

/usr/local/wa/scripts/wam_add.pl

2. Type Y to run the script.

3. Type the self IP address of the WebAccelerator system on which

you performed the initial symmetric deployment configuration, and

press the Enter key.

4. Type the central WebAccelerator systems root password each time

it is requested, and press Enter.

The WebAccelerator system confirms that it successfully retrieved and

loaded the SSL certificate files. You can now view the symmetric

deployment from the Configuration utility.


49/94



Performing maintenance tasksAfter you complete the basic configuration required for the WebAccelerator

system to process traffic, you can perform the following procedures, asrequired.

Check system processes

Manage system log file rotation

Checking the WebAccelerator system processesThe process that you use to initially configure the WebAccelerator system

confirms that the basic functionality of the WebAccelerator system software

is working. After you complete the WebAccelerator systems initial

installation process and configuration, you can perform additional checks to

verify that the software is working correctly.

To check the WebAccelerator system processes from the

command line

1. Log on to the BIG-IP system as root.

2. Type the following command:

bigstart status | more

Several process should be running.

3. Verify that the following processes are up:

comm_srv

hds_prune

pvac

tomcat

waicd

You can move through each page by pressing the space bar.

4. After you verify that the processes are running, type q to quit.

Note

For additional information about troubleshooting the system processes, see

Using performance reports, on page 5-1.


50/94

Chapter 3

3 - 18

Changing the log file monitoring intervalThe WebAccelerator system manages hit log files that contain large

amounts of data. By default, the WebAccelerator system monitors these logs

every hour, and rotates the file any time the size is over 10 MB. This log file

rotation helps to avoid filling up the disk partition, which could potentially

cause a system failure.

You can use the following two Linux shell commands to change the interval

at which the WebAccelerator system monitors the system logs, from hourly

to daily.

rm /etc/cron.hourly/wa_logrotate

ln s /usr/local/wa/scripts/wa_logrotate /etc/cron.daily/wa_logrotate/

For more information about these commands, view the rm and ln man

pages.

For information about changing the log file rotation interval, see Changing

log file rotation parameters, on page 4-11.


51/94

4Changing Default Settings

Understanding object classification

Understanding URL normalization

Customizing options in the pvsystem.conf file


52/94


53/94

Changing Default Settings


Understanding object classificationBefore sending a response to a client, the WebAccelerator system enters

an informational X-PvInfo response header into the response to describehow it handled the response. You cannot change these informational

headers, and they do not affect processing, however, they can provide useful

information for evaluating the efficiency of your acceleration policies.

Part of the information included in the X-PvInfo response header is the

object type. The WebAccelerator system classifies, byobject type and

group, every response it receives from the origin web servers. The object

type and group classification determine how the WebAccelerator system

handles compression for the response.

Classifying by object typeTo classify a response by object type, the WebAccelerator system reviews

the response headers and classifies the responses based on the first

information it finds, in the following order:

File extension in the Content-Disposition headers file name field

File extension in the Content-Disposition headers extension field

Content-Type header in the response, unless it is an ambiguous MIME

type

Extension of the path in the request

For example, if the extension in the Content-Disposition headers file name

field is empty, then the WebAccelerator system looks at the

Content-Disposition headers extension field. IfContent-Disposition

headers field has an extension, the WebAccelerator system checks to see if

an object type is configured for the extension. If there is no match, it assigns

an object type ofother, and uses the object settings for other. The

WebAccelerator system looks at the information in the Content-Type

header only if there is no extension in the Content-Disposition headers file

name or extension fields.

Classifying by groupIn addition to classifying the response by object type, the WebAccelerator

system also classifies the response by group. For example, in the followingX-PvInfo response header the object type (OT) is defined as Microsoft

Word (msword) and the object group (OG) is documents.

X-PvInfo: [S10101.C30649.A28438.RA0.G0.U58517886].[OT/msword.OG/documents]

Note

For information about the other content contained in aX-PvInfo response

header, see thePolicy Management Guide for the BIG-IP

WebAccelerator System.


54/94

Chapter 4

4 - 2

Managing object types

The WebAccelerator system offers the following object types.

Pre-defined Object TypesThe WebAccelerator system ships with several predefined object types,

most of which are optimized for objects associated with specific

applications.

User-defined Object Types

A user-defined object type is an object type that you create and for which

you specify all of the parameters dictating how the WebAccelerator

system manages the specified object type.

The Objects Types screen displays all of the object types that the

WebAccelerator system is currently applying to your acceleration policies.

To access the Object Types screenIn the navigation pane, expand WebAccelerator, clickPolicies, then click

Object Types.

Figure 4.1 shows an example Object Types screen.

Figure 4.1 Object Types screen
http://-/?-http://-/?-


55/94



From the Object Types screen, you can view the object types that the

WebAccelerator system is currently applying to acceleration policies, as

well as access additional screens where you can perform the following tasks:

Create a user-defined object type. View and modify the settings for an existing user-defined or predefined

object type.

Delete a user-defined object type.

Note

You can delete only user-defined object types; you cannot delete predefined

object types.

When you create a new object type or modify an existing object type, the

WebAccelerator system applies the object type changes globally to all

acceleration policies. If you have an optional symmetrical deployment, newobjects types that you create and changes that you make to existing objects

synchronize with the other WebAccelerator systems in the symmetrical

deployment.

Note

For more information about configuring a symmetrical deployment, see

Using a symmetric deployment, on page 3-12.

To create a user-defined object type

1. In the navigation pane, expand WebAccelerator, clickPolicies, and

then clickObject Types.

The Policies, Object Types screen displays a list of user-defined and

predefined object types.

2. Click the Create button.

The Policies, Object Types, New Object Type screen displays

settings for a new object type.

3. In the Description box, type a descriptive name to display on the

Object Types screen for the new object. For example, Rich Text

Format.

4. In the ObjectType box, type a short name for the new object. For

example, rtf. This name displays on the Object Types screen and in

the X-PvInfo response header.

5. From the Group list, select a group that you want to display in the

X-PvInfo response header for the new object.

Alternatively, select Add a new group, and type a new group name

in the box.

6. For each extension you want to add for the new object, click the

Add button and type the extension, as a single value, into the box.

For example, rtx.


56/94

Chapter 4

4 - 4

Note: Do not include a preceding period ( . ) when specifying an

extension.

When the WebAccelerator system finds a file extension in a file

name or in the Content-Disposition header of the response, itattempts to match that extension to one of the values that you

specified. If there is a match, it classifies the response as the object

you specified for the extension.

7. For each MIME type you want to add for the new object, click the

Add button and type the MIME type, as a single value, into the box.

For example, application/rtf.

If the WebAccelerator systems does not find an extension in the

name or extension fields of the Content-Disposition header, it

looks in the Content-Type header of the response to attempt to

match that to one of the MIME types you specified. If there is a

match, it classifies the response as the object you specified for the

MIME type.

8. From the Enable Compression list, select one of the following to

specify when the WebAccelerator system should use gzip in the

response:

Policy Controlled

Uses the compression setting specified in the assembly rule,

which the WebAccelerator system matched for this object type.

This is the default setting.

In Symmetric Deployment only

Compresses the response only if the client is another

WebAccelerator system in a symmetric deployment.

Keep in mind that if you select this option, it supersedes theassembly rules Enable Content Compression setting for this

object type. Select this option only if you have a symmetric

deployment and want the WebAccelerator system to compress

this object type when it is sent between a central and remote

WebAccelerator system.

None

Never compresses the response.

Keep in mind that if you select this option, it overrides the

assembly rules Enable Content Compression setting for this

object type. Select this option only if you want the

WebAccelerator system to ignore the compression setting for any

configured assembly rules that matches to the specified object

type.

9. Click Save.

The screen refreshes and the new object type that you created

displays in the User-defined Object Types table and the

WebAccelerator system applies the new object type to all

acceleration policies.


57/94



To view and edit an existing user-defined or predefined

object type

1. In the navigation pane, expand WebAccelerator, clickPolicies, and

then clickObject Types.The Policies, Object Type

configuration guide for the big-ip web accelerator system

Documents