F5 101 - ADF Exam Flashcards by Shaka Preston

Describe the format of an HTTP Request.

Below is the request line format - italics are comments:

Method URL Version

GET /Protocols/rfc2616/rfc2616-sec3.html HTTP1/1.1\r\n

The Server Hostname

Host: www.w3.org\r\n

The user-agent; information on client’s browser

User-Agent: Mozilla/5.0\r\n

Accept-Encoding

Accept: text/html\r\n

Accept-language: en-US\r\n

The following indicates a persistent connection:

Connection: keep-alive\r\n

The following is a blank line which indicates that all metadata is sent, followed by an optional body:

\r\n

How well did you know this?

Not at all

Perfectly

Describe the format of an HTTP Request

Below is the status line (Version, Status Code and Reason Phrase)

HTTP/1.1 200 OK \r\n

The date and time on the server

Date: Tues,04 Feb, 2014 10:33:40 GMT \r\n

Information on the HTTP server

Server: Apache/2 \r\n

The length of the content sent (minus any headers)

Content-Length: 35041 \r\n

The type of content sent

Content-Type: text/html \r\n

A blank line indicating all metadata has been sent, followed by an optional body

\r\n

How well did you know this?

Not at all

Perfectly

Why is HTTP considered to a stateless protocol? What can be used to provide a form of state?

HTTP is considered to be a stateless protocol since the client and the server do not store data in anyway.
- A request is sent and a response is received, this transaction has no impact on future ones.
Cookies are used to provide a form of state.

How well did you know this?

Not at all

Perfectly

What else are request and status lines in HTTP called?

The Start Line.

How well did you know this?

Not at all

Perfectly

What is the portion of an HTTP request/response from the Start Line to the blank line called?

The HTTP headers.
The start line and the HTTP headers collectively are known as the head of the requests/responses.

How well did you know this?

Not at all

Perfectly

What is the purpose of HTTP Status Codes?

HTTP Status codes are used to indicate to the client how the server has handled its request.

How well did you know this?

Not at all

Perfectly

What are the five types of HTTP Status codes?

1xx - Informational
2xx - Success
3xx - Redirection
4xx - Client Error
5xx - Server Error

How well did you know this?

Not at all

Perfectly

What are some very common HTTP request codes?

100 Continue - everything OK so far, continue with request
200 OK - The request has succeeded.
204 No Content - There is no content for this request, but possibely headers.
302 Found - Used to redirect to a different URL, resource relocated temporarily.
304 Not Modified - Used for caching, client can continue using cached version.
400 Bad Request - Server couldn’t understand request due to bad syntax.
401 Unauthorized - Semantically this response means “unauthenticated”
403 Forbidden - Client’s identity is known to server and no access is granted.

How well did you know this?

Not at all

Perfectly

Describe the format of the TCP header

Source Port
Destination Port
Sequence Number
Acknowledgement Number
Data Offset
Reserved
URG
ACK
PSH
RST
SYN
FIN
Window
Check Sum
Urgent Pointer
Options
Padding
Data

How well did you know this?

Not at all

Perfectly

Describe Distance-Vector Protocols

Distance-vector protocols will only send full routing tables between neighboring routers and use simple metrics like hop count to determine best routes.

How well did you know this?

Not at all

Perfectly

Describe Path-vector protocols

Path vector protocols use dynamically updated path information.
Each entry in the Path-Vector Protocol contains the:
- Destination network
- The next-hop router
- The path to the next-hop router
These route updates are stored in a Routing Information Base (RIB).
- While a routing table will only store the best route for each destination, a RIB can contain multiple paths to a destination.

How well did you know this?

Not at all

Perfectly

Describe Link-state protocols.

Link-state protocols build up a map of the entire network on each router by obtaining information, via link-state advertisements (LSAs) from every other router on the network.
Whenever there is a change updates are flooded so that recalculations of each route can be made by each router.
To speed up and limit flooding by this process, hierarchical routing is used, dividing the network into smaller regions and each router only needs to know how to get to other networks in that region.

How well did you know this?

Not at all

Perfectly

Describe Routing Information Protocol (RIP).

This is a distance-vector protocol which uses hop-count as a metric.
Most recent version is RIPv2 which carries subnet information.
- This is required to support CIDR and VLSM
The maximum hop count is 16.

How well did you know this?

Not at all

Perfectly

Describe Intermediate-System - Intermediate-System (IS-IS)

This is a link-state protocol
Creates a full network topology on every router.
Uses Dijkstra’s algorithm to calculate the best next hop.
Commonly used by ISPs.

How well did you know this?

Not at all

Perfectly

Describe the purpose of signing.

A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or document.
Gives the receiver reason to believe the message was created by a known sender and the sender cannot deny having sent the message
- Non-repudiation and authentication
Signing also is used to provide integrity (the message wasn’t altered in transit)
Non-repudiation: signer cannot successfully claim they didn’t sign a message and that their private key remains secret.

How well did you know this?

Not at all

Perfectly

Describe SSL VPN.

SSL VPN protects data in the following ways:
- Spoofing protection - server and clients provide their credentials in order to confirm the identity of both systems.
- Modification Prevention - every packet is signed with a hash function called HMAC which ensures that there has not been any modification to the packet.
- Protection - The data is encrypted by the public key which makes sure that only the receipient is able to decrypt and receive the information.
- Reuse Protection - You cannot reuse any encrypted packets or discover any passwords or keys.
SSL VPN makes it possible to access the corporate network simply by visiting a website and providing valid credentials.
- Once you have been authenticated, the web browser will launch an Active X or Java based application will launch and after a couple of seconds you will be remotely connected to your organization’s environment.

Explain Persistence

The ability of a load-balancer or other traffic management solution to maintain a virtual connection between a client and a specific server.
- This is referred to as “stickness” in the ADN world and “server affinity” in the web and application development world.
Persistence is important to maintaining state and session specific information in some software application architecture and for handling SSL-enabled applications.
Often persistence is implemented using cookies, but IP addresses can be used as well as any piece of data in a header, payload or TCP and IP layers.
Persistence is also useful to avoid renegotiation of SSL.
In addition, with persistence there is no need to rewrite aplications that don’t support load-balancing.

Explain Persistent Connections

Persistent connections are connections that are kept open and reused.
- Most commonly implemented with HTTP and databases.
The keep-alive header (HTTP1.0) and persistent HTTP connections (HTTP1.1) were aimed at improving the performance of HTTP by reusing TCP connections to retrieve objects.
Before HTTP1.1 a browser would need 1 connection per object.
Persistent connections between load-balancer and web servers is called TCP multiplexing.
Persistent connections reduce network congestion and improve performance since no setup/teardown needs to occur for every GET request.
TCP window sizing, typically not used with HTTP since HTTP is stateless, can be used since connections are left open.

What is a root certificate?

A root certificate is a public key certificate that identifies a root CA and forms the basis of an X.509-based PKI.
The associated private key is used to “sign” other certificates.
All certificates signed by the root certificate with “CA” field set to true, inherit the trustworthiness of the root certificate.

Describe IPSec

IPSec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys during the session.
Supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encyption) and replay protection.
Operates at the network layer, while TLS and SSL operate at the application layer.
Best suited for point-to-point access , commonly used for site-to-site communication.

What is the purpose of an iRule?

iRule is a script that you write if you want to make use of some of the extended capabilities of the Big-IP that are unavailable via the CLI or GUI.
iRules allow more direct interaction with traffic passing through the device.
Using iRules you can send traffic to pools, pool members or URIs.
Using iRules you can parse the entire header and payload and execute scripts on that traffic that redirects, logs or modifies the traffic including payload.
Based on Tool Command Language (TCL) and uses a feature called:
- Universal Inspection Engine (UIE) for header and packet content.

Explain the advantages of iRules

iRules are configuration objects like:
- Virtual servers, monitors, pools, virtual addresses, etc.
- Therefore iRules, like those listed above, are stored in /config/bigip.conf file.
Unlike TCL, iRules do not need an interpreter to be instantiated everytime an iRule is executed.
- Because everytime you save your configuration all of your iRules are pre-complied into what is referred to as byte-code.
- Byte-code is mostly compiled so the TMM can interpret the remaining object.
iRules just need to be applied to a virtual server to inspect all traffic.

What is the purpose of APM?

The purpose of the Access Policy Manager (APM) is to create a secure access to internal applications by using a single authenticationa nd provide control using a single management interface.

What is the purpose of the LTM?

The purpose of the Local Traffic Manager (LTM) is to load balance applications in your environment by using advanced TCP connection management, TCP optimization and server offloading and also provide a high security solution.
The LTM iApps functionality enables you to manage application services rather than devices and objects.

What is the purpose of ASM?

* The purpose of Application Security Manager (ASM) is to secure web applications using a certified web application firewall and offer threat assessment and visibility.

What is the purpose of GTM/DNS?

* The purpose of the Global Traffic Manager (GTM) is to ensure availability and access to the applications in your environment by using comprehensive health checks and load balancing methods to determine what site the user should access to get the best application experience.

Explain the Advantages of HA - Single Device and Active-Active

* **Single Device** - HA refers to core services being up and running on that device and VLANs being able to send/receive traffic. * **Active-Active Configuration** * Same cluster processes traffic separately during normal operations and the abiltiy to failover to one another when required. * If each device has spare resources during operatin, failover will be seamless. * If each system is running at greater than or equal to half capacity a failover may fail (device overload). * Device Service Clustering (DSC) allows more than two BIG-IP systems in HA configuration.

Explain the Advantages of HA: Active-Standby and Traffic Groups

* **Active-Standby** - one processes traffic and the other in the traffic group is ready to take over in case it fails. * **Traffic Group** * Represents a set of configuration objects, such as floating self IP addresses , virtual IP addresses, etc. that process application traffic. * When failover occurs the traffic group will become active and traffic will float to any available peer device in the traffic group. * Self IP address, SNATs, floating self IP of default VLANs are part of the traffic groups.

When is Full-Proxy Architecture Appropriate?

* A full-proxy maintains two separate session tables (client-side and server side) * Clients often experience higher latency due to low bandwidth connections. * Optimizations on the client side ( and Accelerations) are vastly different than those made on the server side. * A full proxy can do this, but a packet-based architecture can only optimize for client or server. * Can terminate SSL, enforce security policies and apply performance-related services to the client-side/server-side.

Describe Full-Proxy Architecture.

* Maintains two separate connections - one between itself and the client, the other between itself and the destination server. * Full Proxy completely understands the protocols and is itself an endp9oint and an originator for protocols. * Full proxies therefore have their own TCP connection behavior such as buffering, retransmits and TCP options.

Describe Packet-Based Design

* A network device with a packet based device is located in the middle of a stream of communications; it just passes the packets through. * The speed of these devices is based on not having to understand the entire protocol stack. * Some of these devices can understand TCP/IP setup/teardown, modify TCP/IP headers and even insert data into TCP streams. * To do this they had to also rewrite TCP sequence and acknowledgement numbers. * Faster then full proxy solutions.

Describe proxies

* **Proxy**: a software/hardware solution that sits between the client and server and does something to requests and sometimes responses. * **Forward Proxy**: generally HTTP (web) proxies that primarily focus on web content filtering and caching services. * **Reverse Proxy**: now called, Load Balancers, sit in front of web/application servers and process requests for applications and content coming from the internet to a private LAN. * **Half-Proxy (Deployment-Focused)**: associated with a Direct Server Retorn (DSR) configuration. The incoming requests are proxied, but outbound is direct from server to client. * **Half-Proxy (Delayed Binding)**: Proxy examines requests, determines where to send then "stiches" the client and server connections together.

When are iApps appropriate?

* When you need a more agile, rapid-deployment, application delivery network. * iApps bind aplication control, visibility and management to the infrastructure.

Name and describe the components of an iApp.

* **Templates** * Where the application is described and the objects are defined through presentation and implementation language. * **Application Services** * The deployment process of an iApp template which bundles the entire configuration options for a particular application together. * **Analytics** * Performance metrics on a peer-application and location basis.

What is the purpose of the AFM?

* The purpose of the Advanced Firewall Manager (AFM) is to combine the network firewall with anti-DDoS, traffic management, application security, user access management and DNS security. * By integrating these core data center features the AFM reduces management complexity and overhead and is ideal for protecting internet-facing data centers.

What is the purpose of AAM?

* The purpose of the Applicatoin Acceleration Manager (AAM) is to overcome WAN latency, maximize server capactity and speed application response times. * AAM decreases the need for additional bandwidth and hardware so users get fast access to applications, while your free up IT resources.