Configuring the BIG-IP and PHP "Hack-It-Yourself" Auction Site

I've been writing a series of articles on the features and capabilities of the BIG-IP ASM...here are the links for your reading pleasure:

1. What Is The ASM?
2. Policy Building
3. The Importance of File Types, Parameters, and URLs

In those articles I've used a fictitious auction site to test the ASM. Several people have inquired about this auction site and they wanted to know how to configure it so that they could get their own hands dirty with testing and configuring their ASM. Well, this article outlines the steps needed to get your own BIG-IP ASM and PHP Auction site up and running. Then, it's up to you to try out all the cool features of the ASM.

Required Software

I used virtual machines to set up and configure the BIG-IP and the auction site. You can use whatever hypervisor you want, but for the purposes of this article, I'll show you how it's done using VMware workstation. So, here's the list of software you will need to make all this happen:

• VMware Workstation (free trial available here). I'm using a Windows PC, but you can use Linux if you want.
• BIG-IP Virtual Edition (make sure you have the ASM module).
• The PHP Auction Site VMware files.

Caveat: This article assumes you already have a licensed and configured BIG-IP system, so I will just focus on the PHPAuction side of things. If you don't have the BIG-IP Virtual Edition, contact your sales rep and ask for a copy. Also, if you need help licensing and configuring the BIG-IP Virtual Edition, check out these solutions on AskF5:

• Licensing the BIG-IP system: http://support.f5.com/kb/en-us/solutions/public/7000/700/sol7752.html?sr=32111581
• BIG-IP Virtual Edition Setup Guide for VMware: http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-ve-setup-vmware-11-4-0.html

Virtual Network Configuration

Before loading up the PHP Auction site, you need to complete the following steps to configure the VMware Workstation Virtual Network Editor (shown in the picture below). If you have already set up your BIG-IP Virtual Edition, you may have already stepped through this configuration. If that's the case, you will want to make sure the settings for your VMnets are the same as the settings shown below.

• Delete any existing VMnets EXCEPT for VMnet0
• Click the "Add Network" button, and add VMnet1, VMnet2, and VMnet3

VMnet0 Settings

Since you kept the VMnet0 settings, you don't have to do anything else with that one. Here's a quick screenshot of the VMnet0 settings:

VMnet1 Settings

After you confirm the VMnet0 settings, select VMnet1 (this net will act as the out of band management) and configure it as follows:

• Select the Host-only (connect VMs internally in a private network) option
• Select the "Connect a host virtual adapter to this network" checkbox
• Clear the "Use local DHCP service to distribute IP address to VMs" checkbox
• For the Subnet IP, enter 10.128.1.0 and for the Subnet mask enter 255.255.255.0

VMnet2 Settings

After you confirm the VMnet1 settings, select VMnet2 (this will act as the external VLAN for access to 0.0.0.0) and configure it as follows:

• Select the "NAT (shared host’s IP address with VMs)" option
• Select the "Connect a host virtual adapter to this network" checkbox
• Clear the "Use local DHCP service to distribute IP address to VMs" checkbox
• For the Subnet IP, enter 10.128.10.0 and for the Subnet mask enter 255.255.255.0
• Click the "NAT Settings" button
  • For the Gateway IP enter 10.128.10.1 and then click OK.

VMnet3 Settings

After you configure the VMnet2 settings, select VMnet3 (this will act as the internal VLAN where the server image exists) and configure it as follows:

• Host-only (connect VMs internally in a private network) option selected
• Connect a host virtual adapter to this network checkbox cleared
• Use local DHCP service to distribute IP address to VMs checkbox cleared
• For the Subnet IP enter 10.128.20.0 and for the Subnet mask enter 255.255.255.0
• Ensure that the “Connect a host virtual adapter to this network” checkbox is cleared. This prevents your local workstation from having direct access to this network. This will avoid asymmetric routing issues and also allows you to demonstrate secure remote access and full proxy features.

This concludes the network setup for VMware. Now you can install the PHP Auction virtual machine...

Install the PHP Auction Image

In VMware Workstation, select File >> Open and choose the "Open Virtual Machine Format" PHP Auction file (this will be a .ovf file).

After you import the virtual machine (you may have to accept a few license agreements, etc), then you move on to configuring the virtual machine network settings. The following screenshot shows the settings for the PHP Auction virtual machine. You will need to customize the three Network Adapters to the settings shown in the picture below (you will use the three custom VMnets you just created), but you shouldn't need to configure anything else on this screen.

After the virtual machine imports correctly, you can power it on and let it boot up. When the boot up completes, you will see the following login screen:

The login is "root" and the password is "default". So, go ahead and login and then you can leave it alone...you won't need to touch it again.

Configure the BIG-IP

Now it's time to make sure the BIG-IP is set up correctly to protect the traffic flowing to/from the auction site. First, create a pool (I called it "auction_pool" but you can call it whatever you want) with node address 10.128.20.150 and service port 80. This pool only has one member. The following screenshot shows you the details for the auction pool.

Next, you create the virtual server. I called it "auction_vs" but you can call it whatever you want...just don't call me Shirley. The IP address for the virtual server is 10.128.10.35, and I chose service port 443 so I could test out some crazy SSL capabilities. But, you can choose port 80 if you want. Keep in mind that if you choose port 443, you should create an SSL client profile and configure the appropriate certificate and key combo for the profile. The following screenshot shows the details of the virtual server configuration.

The Final Touches

OK...now that the BIG-IP is all set up and the PHP Auction virtual machine is running, you should be able to access the auction site from your browser of choice. One other optional thing you can do is add the virtual server IP address of the auction site to the "hosts" file in WIndows. You should be able to locate this file at: C: >> Windows >> System32 >> drivers >> etc. You can add the IP address to the file and then provide a host name for the auction site...the example below shows the name "auction.f5demo.com" but, again, you can choose something different if you want.

So, the final check is to make sure all this works. Notice that the "auction.f5demo.com" worked as expected. You can also use the IP address "10.128.10.35" if you want.

I hope this information is helpful. Feel free to comment and/or ask questions as needed. Also, be sure to check out the articles that dig deeper into the configurations and capabilities of the ASM!