LTM Flashcards
1
Q
MAC masquerade
A
- causes a virtual MAC address to float between active/standby devices
- reduces load from arp traffic on LAN switch during failover
- BIG-IP VE requires virtual switch Promiscuous Mode
- changes the function of PVA on some platforms
2
Q
(F5) tcpdump
A
- F5 TMOS includes a custom tcpdump to include metadata in pcaps
- enabled by adding the switch ‘-i <vlan>:n'</vlan>
- packet meta data is added to the Ethernet II header
- n, nn, nnn adds increasingly more info
- only captured when -s 0
- low setting (n) includes: Ingress, Slot, TMM, VIP
- med setting (nn) includes: Flow ID, Peer ID, Reset Cause, Connflow Flags, Flow Type, High Avail Unit, Ingress Slot, Ingress Port
- high setting (nnn) includes: Peer IP Proto, Peer VLAN, Peer Remote Add, Peer Local Add, Peer Remote Port, Peer Local Port
- a wireshark plugin is available to display the F5 metadata
[SOL13637]
3
Q
Port Lockdown: Allow Default
A
Activates only the default protocols and services. You can determine the supported protocols and services by running the tmsh list net self-allow defaults command on the command line.
4
Q
Port Lockdown: Allow All
A
Activates all TCP and UDP services on this self IP.
5
Q
Port Lockdown: Allow None
A
Specifies that this self IP accepts no traffic. If you are using this self IP as the local endpoint for WAN optimization, select this option to avoid potential port conflicts.
6
Q
Port Lockdown: Allow Custom (include default)
A
Combines ports in default list with ports defined using custom list.
7
Q
self ip
A
- an ip address that is assigned to a VLAN to provide direct access to the LTM system
- can be used for administration and/or routing if ACL allows
- VLANs can include multiple IPs (in same or different subnets)
- traffic group selected determines floating or non-floating
- changing a self ip requires that it be deleted and re-created
- port lockdown determines the ACL that is applied
8
Q
SNAT
A
- source nat allows is used by the LTM when routing the local
