YOU ARE DOWNLOADING DOCUMENT

Please tick the box to continue:

Transcript
Page 1: WA v11 New function and Changes Lin Jing 2011/11/7   .

WA v11 New function and Changes

Lin Jing

2011/11/7

www.dnssecchina.com

www.cnadn.net

www.myf5.net

Page 2: WA v11 New function and Changes Lin Jing 2011/11/7   .

2

Version history

version author date Note

V1.0 Lin jing 2011.11.7 First version

Page 3: WA v11 New function and Changes Lin Jing 2011/11/7   .

3

New in V11

• Rewrite architecture• GUI changes• Support snmp in wa module• Dashboard include WAM now

Page 4: WA v11 New function and Changes Lin Jing 2011/11/7   .

4

Platform changes

• Can be in 1600• Will not support 4500• 64 68 84 need 4G memory• VE, Vipron don’t support now, will be supported future

Page 5: WA v11 New function and Changes Lin Jing 2011/11/7   .

5

Architecture Changes history

• In v9, using Sandwich with an internal vs, this cause performance traffic stats not accurate. Performance is not good as this tcp talking channel. WA have its own compression which is easily confused with TMM compression. Use PVAC which stand in host.

• In v10, removing Sandwich, use MPI instead of internal vs, This becomes efficient. But requests/response still being moved between tmm and wa. Still use PVAC.

• V11, Most are moved into tmm, no more pvac process, Now it is wamd(only service for some functions). Use new MPIv2. Compression performed by hardware card now.

Page 6: WA v11 New function and Changes Lin Jing 2011/11/7   .

6

V9 Sandwich

• client1192.168.1.101

TMMVirtual Server

192.168.1.100:80192.168.1.100:443

HTTP, HTTP class, [ iRules, Compression,

OneConnect, SSL ]

PVAC127.0.0.1:8081

TMMVirtual Server127.1.1.2:8080

LB, [ SSL Re-encryption,de-OneConnect ]

server110.10.10.101:80

192.168.1.101:* > 192.168.1.100:80

GET / HTTP/1.1Host: website.com

192.168.1.101:* > 10.10.10.101:80

GET / HTTP/1.1Host: website.com

VLAN TMM0

VLAN TMM0

Client SideContext

Server SideContext

Server: PVAC - 127.0.0.1:8081

Client: TMM - 127.1.1.2:*

Client: PVAC - 127.1.1.1:*

Server: TMM - 127.1.1.254:8081

GET / HTTP/1.1Host: website.comWAClientIP: 192.168.1.101WALBServer: pool SamplePool member 10.10.10.101:80WASnat: snat automapWAServerSSL: serverssl

GET / HTTP/1.1Host: website.comWAClientIP: 192.168.1.101WALBServer: pool SamplePool member 10.10.10.101:80WASnat: snat automapWAServerSSL: serverssl

Page 7: WA v11 New function and Changes Lin Jing 2011/11/7   .

7

V10 architecture

Page 8: WA v11 New function and Changes Lin Jing 2011/11/7   .

8

V11 architecture

Page 9: WA v11 New function and Changes Lin Jing 2011/11/7   .

9

V11 configurations changes

• Totally integrate with tmos, so ucs,qkview.scf include them.

• We can use tmsh to config wa now• Don’t support symmetric deployment in v11• Don’t support url normalization in v11• No pvsystem.conf?• IBR prefix changes to wa;****• http class no more for enable wa for a vs, now it is for

disable wa for a vs.• Use wa application which in webacceleration profile to

enable wa

Page 10: WA v11 New function and Changes Lin Jing 2011/11/7   .

10

Process changes

• Comm_srv, hds_prune, pvac ………removed• New wamd introduced • Wamd works for • -Invalidation and triggers• -document linearization• -performance monitoring• Compression runs in tmm with benefit of hardware card,

but still controlled in WAM module, a compression profile is must in vs now.

Page 11: WA v11 New function and Changes Lin Jing 2011/11/7   .

11

Performance statistics changes

• Dashboard now support wa module, these data are from TMM directly, It’s almost real time data

• Support snmp to get WA performance now:• http://

www.adntech.org/bbs/viewthread.php?tid=3976&extra=page%3D1

• Mysql still there to maintain history data, now need open this function on the GUI manually.

Page 12: WA v11 New function and Changes Lin Jing 2011/11/7   .

12

Cache behavior changes

• No hds for disk cache now• New name datastor/metastor• Datastor is for raw disk access, it is on disk• Metastor is a logic layer on top of datastor • Is there ramcache like before?• -Yes, but its name is Small objects cache(SOC)• -Only cache less thank 4k objects. Numbers of small

objects controlled by “Maximum Entries” of profile. • -SOC are in tmm memory, owner by each TMM, but can

be copied from other tmm(Refer to ramcache with cmp)

Page 13: WA v11 New function and Changes Lin Jing 2011/11/7   .

13

Cache behavior

Page 14: WA v11 New function and Changes Lin Jing 2011/11/7   .

14

Web acceleration profile

• This profile provides ram rache controlling and wa cache controlling as well.

• Some of items have differrent meaning with wa or without wa

Page 15: WA v11 New function and Changes Lin Jing 2011/11/7   .

15

Profile-cache size

Cache sizeMinimum reserved size for WAMMaximum size for RAM cache

Page 16: WA v11 New function and Changes Lin Jing 2011/11/7   .

16

profile-maximum

Maximum entries-Size of resource and entity caches for WAM

-Does not limit metastor/datastor object retention

-Maximum total entries for RAM cache

Page 17: WA v11 New function and Changes Lin Jing 2011/11/7   .

17

profile-maximum

Refer to the slide note

Page 18: WA v11 New function and Changes Lin Jing 2011/11/7   .

18

profile-uri

AFFECTSRAMCACHE

ONLY

Page 19: WA v11 New function and Changes Lin Jing 2011/11/7   .

19

Profile-webacceleration

Page 20: WA v11 New function and Changes Lin Jing 2011/11/7   .

20

Profile-compression

• When enable WA, wa policy override this profile, But performed by the profile.

• It is normal TMOS compression profile if no wa• So we can think it as :

-Config in wa but need profile to support to use hardware card

Page 21: WA v11 New function and Changes Lin Jing 2011/11/7   .

21

Profile-compression

Page 22: WA v11 New function and Changes Lin Jing 2011/11/7   .

22

Profile-compression

Page 23: WA v11 New function and Changes Lin Jing 2011/11/7   .

23

Profile-compression

Page 24: WA v11 New function and Changes Lin Jing 2011/11/7   .

24

Changes in WA policy GUI

• Remove some navigation

BIG-IP v10.2.2 BIG-IP v11.0

Page 25: WA v11 New function and Changes Lin Jing 2011/11/7   .

25

Applications

If want history data, need

enable it here

Page 26: WA v11 New function and Changes Lin Jing 2011/11/7   .

26

Proxy assembly

Page 27: WA v11 New function and Changes Lin Jing 2011/11/7   .

27

Policy proxying

Page 28: WA v11 New function and Changes Lin Jing 2011/11/7   .

28

Policy lifetime, WA self cache setting

Page 29: WA v11 New function and Changes Lin Jing 2011/11/7   .

29

Policy lifetime, client cache setting

Page 30: WA v11 New function and Changes Lin Jing 2011/11/7   .

30

Policy lifetime, client cache setting

Page 31: WA v11 New function and Changes Lin Jing 2011/11/7   .

31

Policy lifetime, client cache setting

Page 32: WA v11 New function and Changes Lin Jing 2011/11/7   .

32

New irule event in v11 of wa

• HTTP_REQUEST_RELEASE– Fires on the server-side of the HUD chain, after all

modules have processed a client request

• HTTP_RESPONSE_RELEASE– Fires on the client-side of the HUD chain, after all

modules have processed a server response

Page 33: WA v11 New function and Changes Lin Jing 2011/11/7   .

33

Upgrade to v11

• Only support v10 ucs• Only support volumes • Check vs if applied a compression profile• Check vs if applied a webacceleration profile• If the max size is ok for your situation.• X-wa-info header disabled by default• Performance reporting disabled• Unmapped host is handled now? Check it in applications

Page 34: WA v11 New function and Changes Lin Jing 2011/11/7   .

34

Troubleshooting tips

• Dashboard? It is real time data, 5 minutes from tmm• Plug-in logging

– /var/log/tmm– /var/log/ltm

• wamd logging– /var/log/wa/wamd.log– /var/log/wa/wam.provisioning.log– /var/log/daemon.log

• Performance Statistics logging– /var/log/wa/stats– /var/log/mysql.out– /var/lib/mysql/mysql.err

• Datastor logging– /var/log/datastor– /var/log/datastor.provision

Page 35: WA v11 New function and Changes Lin Jing 2011/11/7   .

35

Troubleshooting x-wa-info

• Turn on it on application, if possible turn on debug(per Support center request)

Page 36: WA v11 New function and Changes Lin Jing 2011/11/7   .

36

S code

Page 37: WA v11 New function and Changes Lin Jing 2011/11/7   .

37

C code

• C-Code:– X-WA-Info: [S10201.C76511.A13938.RA0.U2264335089].[OT/html.OG/pages].[P/0.0].[O/0.1].[EH0/0].[DH0/0]

• Indicates which defined Application was used to handle the incoming request– Number changes each time a policy is published to that Application

• A-Code:– X-WA-Info: [S10201.C76511.A13938.RA0.U2264335089].[OT/html.OG/pages].[P/0.0].[O/0.1].[EH0/0].[DH0/0]

• Indicates which node within the Policy matched the incoming request• R-Code:

– X-WA-Info: [S10201.C76511.A13938.RA0.U2264335089].[OT/html.OG/pages].[P/0.0].[O/0.1].[EH0/0].[DH0/0]

• Identifies the application match of a response to the Policy as defined by object extension, content type or node rule– Value of zero indicates match on the request

Page 38: WA v11 New function and Changes Lin Jing 2011/11/7   .

38

How to decode wa-info

• wainfodecode [wa-info header]• X-WA-Info:[S10201.C100017.A13710.RA0.U794647444].[OT/html.OG/pages]

[root@bigip11:Active] config # wainfodecode [S10201.C100017.A13710.RA0.U794647444].[OT/html.OG/pages]

S10201: Response was served from the origin web server, because the request was for new content.

C100017: Local-policy: /Common/Generic Policy - EnhancedA13710: Request Policy Node: PagesRA0: Response match did not supersede request matchUCI hash: 2f5d5b94Object type: htmlObject group: pages[root@bigip11:Active] config #

Page 39: WA v11 New function and Changes Lin Jing 2011/11/7   .

Related Documents