WhiteBoard Wednesday: HTTP Strict Transport Security
In this edition of Whiteboard Wednesday, we discuss the topic of HTTP Strict Transport Security (HSTS). This interconnected world is quickly moving toward encrypting everything, and it's nice to know some of the capabilities that are available today. This video highlights what HSTS is, how it can be used, and how you can implement it using the BIG-IP. Enjoy! Related Resources: Implementing HSTS using iRules Implementing HSTS in LineRate Update - Implementing HSTS in Policy: ltm policy hsts_handling { controls { forwarding } requires { http tcp } rules { hsts_header_insert { actions { 0 { http-header response insert name Strict-Transport-Security value "max-age=31536000; includeSubDomains; preload" } } ordinal 2 } nonssl_redirect { actions { 0 { http-reply redirect location https://[HTTP::host][HTTP::uri] } } conditions { 0 { tcp port values { 80 } } } ordinal 1 } } strategy first-match }Whiteboard Wednesday: Load Balancing Algorithms Part 1
John Wagnon and Jason Rahm kick off a new Whiteboard Wednesday series on load balancing algorithms with a discussion on round robin, ratio, least connections, and how persistence impacts the connection pooling. Video Timeline: 0:00 - Introduction 2:31 - Round Robin Algorithm 4:20 - Ratio Algorithm 6:30 - Least Connections Algorithm 8:12 - Persistence 9:54 - Conclusion Resources Load Balancing Fu: Beware the Algorithm and Sticky Sessions Solution 6406: Overview of Least Connections (and more) About Pools (Chapter from the 11.6 Manual)WhiteBoard Wednesday: SSL Renegotiation
We all know that a client and a server have to negotiate a connection before they can talk securely via HTTPS. But, did you know that, in some cases, that same client and server will need to "renegotiate" their secure connection while they are still talking securely? In this video, John talks about SSL renegotiation and covers a new feature in the BIG-IP that helps protect web servers from potential asymmetric DoS attacks. Enjoy! Related Resources: https://devcentral.f5.com/s/articles/ssl-profiles-part-6-ssl-renegotiationWhiteBoard Wednesday: Content & Application Checks
Our "WhiteBoard Wednesday" video series will highlight really cool and exciting features of the BIG-IP. In this video, I take a few minutes to walk through the workflow of an HTTP monitor and discuss the differences between the content and application health check monitors. Enjoy! Clarifications on the Receive Disable String A few individuals have asked about the timing regarding the receive disable string (and the reverse option) in the monitors. To clarify, the action on receive disable is immediate unless neither the receive nor the receive disable strings match, then it falls back to the timeout process. This table should help: Matches Receive Str Matches Receive Disable Str Status Icon Timing YES YES Up (Enabled) Green Circle Immediate YES NO Up (Enabled) Green Circle Immediate NO YES Up (Disabled) Black Circle Immediate NO NO Down (Disabled) Black Diamond Timeout Process Clarification on the Reverse Option Also in the monitor, but not directly discussed in the video, is the option to mark the pool member down if the receive string is matched by selecting the reverse option in the monitor configuration. Whereas the receive disable setting is more ideal for controlling graceful entry into maintenance windows (by allowing active/persistent connections,) the reverse option immediately marks the pool members hard down.WhiteBoard Wednesday: External Monitors
Our "WhiteBoard Wednesday" video series will highlight really cool and exciting features of the BIG-IP. In this video, I take a few minutes to walk through the specifics of external monitors. Enjoy! Resources External Monitors - The Basics A Brief Introduction to External Application Verification Monitors External Monitor Notebook (wiki) Dig Monitor Example Super HTTP Monitor (not referenced in the video but super cool)Whiteboard Wednesday: Load Balancing Algorithms Part 2
Jason continues the whiteboard series on load balancing algorithms with an overview of the fastest, observed, predictive, and dynamic ratio algorithms. Resources Solution 6406: Overview of Least Connections, Fastest, Observed, and Predictive load balancing Solution 9125: Overview of Dynamic Ratio Load Balancing View Dynamic Ratio (9.x - 10.x) View Dynamic Ratio (11.x)WhiteBoard Wednesday: Troubleshooting Monitors
Our "WhiteBoard Wednesday" video series will highlight really cool and exciting features of the BIG-IP. In this video, John and Jason team up to discuss troubleshooting monitors and wrap up the monitor series of whiteboards. Enjoy! Resources Articles LTM External Monitors: Troubleshooting – Deb Allen LTM External Monitors: The Basics – Deb Allen A Brief Introduction to External Monitors – George Watkins Troubleshooting LTM Monitors (wiki) Solution 12531 - Troubleshooting Monitors (AskF5)WhiteBoard Wednesday: SSL Ciphers
SSL traffic is on the rise, and it's important to know how the BIG-IP serves up SSL ciphers to your clients or back-end servers. In this edition of Whiteboard Wednesday, John explains the basics of SSL ciphers and offers some interesting tips on how to configure and optimize SSL ciphers on the BIG-IP. Related resources: BIG-IP SSL Cipher History SSL Cipher History Chart SSL ciphers used in the DEFAULT SSL profile
