Dec 30, 2015
DNSSEC AND GTM
WA v11 New function and ChangesLin Jing2011/11/7www.dnssecchina.comwww.cnadn.netwww.myf5.net
#Version historyversionauthordateNoteV1.0Lin jing2011.11.7First version#New in V11Rewrite architectureGUI changesSupport snmp in wa moduleDashboard include WAM now
#Platform changesCan be in 1600Will not support 450064 68 84 need 4G memoryVE, Vipron dont support now, will be supported future #Architecture Changes historyIn v9, using Sandwich with an internal vs, this cause performance traffic stats not accurate. Performance is not good as this tcp talking channel. WA have its own compression which is easily confused with TMM compression. Use PVAC which stand in host.In v10, removing Sandwich, use MPI instead of internal vs, This becomes efficient. But requests/response still being moved between tmm and wa. Still use PVAC. V11, Most are moved into tmm, no more pvac process, Now it is wamd(only service for some functions). Use new MPIv2. Compression performed by hardware card now.#V9 Sandwich client1192.168.1.101TMMVirtual Server192.168.1.100:80192.168.1.100:443
HTTP, HTTP class, [ iRules, Compression,OneConnect, SSL ]PVAC127.0.0.1:8081TMMVirtual Server127.1.1.2:8080
LB, [ SSL Re-encryption,de-OneConnect ]
server22.214.171.124:80192.168.1.101:* > 192.168.1.100:80GET / HTTP/1.1Host: website.com192.168.1.101:* > 10.10.10.101:80GET / HTTP/1.1Host: website.comVLAN TMM0VLAN TMM0Client SideContextServer SideContextServer: PVAC - 127.0.0.1:8081Client: TMM - 127.1.1.2:*Client: PVAC - 127.1.1.1:*Server: TMM - 127.1.1.254:8081GET / HTTP/1.1Host: website.comWAClientIP: 192.168.1.101WALBServer: pool SamplePool member 10.10.10.101:80WASnat: snat automapWAServerSSL: serversslGET / HTTP/1.1Host: website.comWAClientIP: 192.168.1.101WALBServer: pool SamplePool member 10.10.10.101:80WASnat: snat automapWAServerSSL: serverssl#V10 architecture
#V11 configurations changesTotally integrate with tmos, so ucs,qkview.scf include them.We can use tmsh to config wa nowDont support symmetric deployment in v11Dont support url normalization in v11No pvsystem.conf?IBR prefix changes to wa;****http class no more for enable wa for a vs, now it is for disable wa for a vs.Use wa application which in webacceleration profile to enable wa#Process changesComm_srv, hds_prune, pvac removedNew wamd introduced Wamd works for -Invalidation and triggers-document linearization-performance monitoringCompression runs in tmm with benefit of hardware card, but still controlled in WAM module, a compression profile is must in vs now.#Performance statistics changesDashboard now support wa module, these data are from TMM directly, Its almost real time dataSupport snmp to get WA performance now:http://www.adntech.org/bbs/viewthread.php?tid=3976&extra=page%3D1Mysql still there to maintain history data, now need open this function on the GUI manually.#Cache behavior changesNo hds for disk cache nowNew name datastor/metastorDatastor is for raw disk access, it is on diskMetastor is a logic layer on top of datastor Is there ramcache like before?-Yes, but its name is Small objects cache(SOC)-Only cache less thank 4k objects. Numbers of small objects controlled by Maximum Entries of profile. -SOC are in tmm memory, owner by each TMM, but can be copied from other tmm(Refer to ramcache with cmp)#sda.app.datastor.dat.datastor-----------------------------device: /dev/vg-db-sda/app.datastor.dat.datastorsize(KiB): 148832256label: uuid: 12Cache behavior
#Web acceleration profileThis profile provides ram rache controlling and wa cache controlling as well.Some of items have differrent meaning with wa or without wa#Profile-cache size
Cache sizeMinimum reserved size for WAMMaximum size for RAM cache#profile-maximum
Maximum entries-Size of resource and entity caches for WAM-Does not limit metastor/datastor object retention-Maximum total entries for RAM cache#resource and entity here can understand as SOC cache?Resources and entitiesResources correspond to a URIEntities correspond to different variants of the URI: gzip, deflate, uncompressed
Resource and entity cachesRecords information about objects seenHolds small objects and information about metastor objectsOptimizes searches for metastor objectsDoes not control metastor evictions
Refer to the slide note#Maximum age overrides lifetime maximum ageMinimum object size smallest cached object sizeMaximum object size maximum size of cached objects
#19Profile-compressionWhen enable WA, wa policy override this profile, But performed by the profile.It is normal TMOS compression profile if no waSo we can think it as :-Config in wa but need profile to support to use hardware card#Profile-compression
#Towards the end of the profile we see the meat of the configuration settings.
The Preferred Method options are gzip or Deflate. Since gzip is much more resource intensive, this setting has direct influence on resource usage on the platform for compression. Regardless of what is selected, it is possible for a client to negotiate the other codec, so the setting is a guideline or preference rather than a hard setting.
The Minimum Content Length and Compression Buffer Size help fine-tune the aggressiveness of compression. The settings shown here are the wan-optimized-compression profile defaults. It is currently recommended to use the default settings until more is known of how they affect performance versus resource consumption.
There are additional options related to the gzip codec that, as with the above settings, should be left at the recommended default values.
The next four settings affect interoperability with various browsers and other external caching mechanisms.
The last three configuration settings control the new CPU Saver feature that ensures that even with very aggressive settings, compression doesnt completely overwhelm the CPU resources of a system. TMOS will temporarily suspend compression activities if the system reaches the CPU Saver High Threshold until they fall back to the CPU Saver Low Threshold. If this condition occurs frequently in spikes, it may be an indication that compression settings across the system may be too aggressive.
23Changes in WA policy GUIRemove some navigation
BIG-IP v10.2.2BIG-IP v11.0#Applications
If want history data, need enable it here#The first section, Metadata Cache Options configures WebAccelerator to either send or not send metadata headers along with a specification of the maximum size of the Metadata Cache.IBR Options allow customization of the prefix of the IBR tag that is appended to object URIs along with a lifetime setting for preserving IBRd content.
The X-PvInfo header from previous versions has been renamed to X-WA-Info which, beginning with BIG-IP version 11 of WebAccelerator, is disabled by default.
This setting has three values, the default of None, Standard, which is similar to that in previous versions, and a new Debug setting that includes additional information currently relevant only to Product Development. At the time of publication of this training, there is no additional debug information that will be of much use to Support.
As mentioned in the architectural discussion of this presentation, WebAccelerator uses MySQL for historical reports and can update the database every 5 minutes with run-time information. Please note that this mechanism is disabled by default so this setting will need to be enabled before performance data is recorded for this application.
There is also a setting to specify how many days to retain the performance data in the database.
#The Assembly page in the policy editor has two new fields that replace the Advanced Assembly and Response Rewriting fields. The previous, admittedly clunky, Advanced Assembly mechanism has been rewritten to simplify available options.The first of the new options, Enable PDF Linearization, does exactly what it says in preprocessing PDF objects to promote read-ahead behavior in PDF reader plug-ins for client browsers.The second, Enable Assembly Compression OWS, will ensure the request going to the Origin Web Server contains an option for Gzip or Deflate to be used in the response. Typically this option is left disabled to promote offloading compression from the server, but if the server is remote or has limited bandwidth, this functionality may be useful.
#On the Policy Proxying page, a new option to select Caching mode is available. The policy administrator can choose to either use Memory & Disk Cache mode, or to select a Memory-only Cache. Please note that this feature is not a performance setting, per se, but allows sites with strict security policies to never write particular objects to disk while still preserving some cache functionality.
27Policy lifetime, WA self cache setting
#We can set which headers will be honored If need keep cache control header which in requests or response.Note: if select s_maxage in origin web server headers then Maximum Age: on next configuration item will be override28Policy lifetime, client cache setting
#The final section, Client Cache Settings, configures the cached response to preserve the original response headers, to set specific cache timeout directives, or to replace all headers and directives to no-cache.
The first option, Preserve Origin Web Server headers/directives to downstream devices has four settings that can be specified.
Origin Web Server Headers allows the policy administrator to either leave the default of all, or choose specific head