As I'm preparing for F5 101 exam, I read about BIG-IP APM and LTM. I find it hard to get a difference between them. I found a table of features :
https://support.f5.com/csp/article/K66031634 , but it doesn't explain too much. I've been also reading https://www.f5.com/pdf/products/big-ip-local-traffic-manager-ds.pdf . Is there any distinction on 101 level or do you need to be a little bit more advanced to understand these differences?
HI , best wishes for your test prep! For test purposes, the Local Traffic Manager is about application delivery, so more along the lines of L4-L7 proxy functionality, monitoring, HA, scale-out, protocol validation, etc. The ASM is a web application firewall (which is valid for the test version, but is End of Sale, the next-gen of the ASM is now the Advanced WAF product), and primarily dials in on L7 security functionality.
Thanks! As I understand it, BIG-IP is a full proxy in general, thus any other F5 product (e.g. LTM, but also APM or ASM) is a full proxy as well. Am I right, if I say that LTM provides overview of all the processes that happen on L4-L7? Actually I made a mistake and wanted to ask about BIG-IP APM vs LTM, not ASM.
The proxy sits in between all client and server flows (except where explicitly bypassed like with HW acceleration) in the TMOS architecture on BIG-IP platforms. APM and ASM are plugins on-top of TMOS, and behave a little differently. For example, in iRules, an HTTP_RESPONSE event is processed before ASM (or APM) handles the response from the server, so anything you want to manipulate between ASM and the client in the response would have to happen after ASM hands it back off to TMM, and that can be done in the HTTP_RESPONSE_RELEASE event. See here for more details.