WA v11 New function and Changes Lin Jing 2011/11/7 .
-
Upload
bartholomew-benson -
Category
Documents
-
view
226 -
download
5
Transcript of WA v11 New function and Changes Lin Jing 2011/11/7 .
WA v11 New function and Changes
Lin Jing
2011/11/7
www.dnssecchina.com
www.cnadn.net
www.myf5.net
2
Version history
version author date Note
V1.0 Lin jing 2011.11.7 First version
3
New in V11
• Rewrite architecture• GUI changes• Support snmp in wa module• Dashboard include WAM now
4
Platform changes
• Can be in 1600• Will not support 4500• 64 68 84 need 4G memory• VE, Vipron don’t support now, will be supported future
5
Architecture Changes history
• In v9, using Sandwich with an internal vs, this cause performance traffic stats not accurate. Performance is not good as this tcp talking channel. WA have its own compression which is easily confused with TMM compression. Use PVAC which stand in host.
• In v10, removing Sandwich, use MPI instead of internal vs, This becomes efficient. But requests/response still being moved between tmm and wa. Still use PVAC.
• V11, Most are moved into tmm, no more pvac process, Now it is wamd(only service for some functions). Use new MPIv2. Compression performed by hardware card now.
6
V9 Sandwich
• client1192.168.1.101
TMMVirtual Server
192.168.1.100:80192.168.1.100:443
HTTP, HTTP class, [ iRules, Compression,
OneConnect, SSL ]
PVAC127.0.0.1:8081
TMMVirtual Server127.1.1.2:8080
LB, [ SSL Re-encryption,de-OneConnect ]
server110.10.10.101:80
192.168.1.101:* > 192.168.1.100:80
GET / HTTP/1.1Host: website.com
192.168.1.101:* > 10.10.10.101:80
GET / HTTP/1.1Host: website.com
VLAN TMM0
VLAN TMM0
Client SideContext
Server SideContext
Server: PVAC - 127.0.0.1:8081
Client: TMM - 127.1.1.2:*
Client: PVAC - 127.1.1.1:*
Server: TMM - 127.1.1.254:8081
GET / HTTP/1.1Host: website.comWAClientIP: 192.168.1.101WALBServer: pool SamplePool member 10.10.10.101:80WASnat: snat automapWAServerSSL: serverssl
GET / HTTP/1.1Host: website.comWAClientIP: 192.168.1.101WALBServer: pool SamplePool member 10.10.10.101:80WASnat: snat automapWAServerSSL: serverssl
7
V10 architecture
8
V11 architecture
9
V11 configurations changes
• Totally integrate with tmos, so ucs,qkview.scf include them.
• We can use tmsh to config wa now• Don’t support symmetric deployment in v11• Don’t support url normalization in v11• No pvsystem.conf?• IBR prefix changes to wa;****• http class no more for enable wa for a vs, now it is for
disable wa for a vs.• Use wa application which in webacceleration profile to
enable wa
10
Process changes
• Comm_srv, hds_prune, pvac ………removed• New wamd introduced • Wamd works for • -Invalidation and triggers• -document linearization• -performance monitoring• Compression runs in tmm with benefit of hardware card,
but still controlled in WAM module, a compression profile is must in vs now.
11
Performance statistics changes
• Dashboard now support wa module, these data are from TMM directly, It’s almost real time data
• Support snmp to get WA performance now:• http://
www.adntech.org/bbs/viewthread.php?tid=3976&extra=page%3D1
• Mysql still there to maintain history data, now need open this function on the GUI manually.
12
Cache behavior changes
• No hds for disk cache now• New name datastor/metastor• Datastor is for raw disk access, it is on disk• Metastor is a logic layer on top of datastor • Is there ramcache like before?• -Yes, but its name is Small objects cache(SOC)• -Only cache less thank 4k objects. Numbers of small
objects controlled by “Maximum Entries” of profile. • -SOC are in tmm memory, owner by each TMM, but can
be copied from other tmm(Refer to ramcache with cmp)
13
Cache behavior
14
Web acceleration profile
• This profile provides ram rache controlling and wa cache controlling as well.
• Some of items have differrent meaning with wa or without wa
15
Profile-cache size
Cache sizeMinimum reserved size for WAMMaximum size for RAM cache
16
profile-maximum
Maximum entries-Size of resource and entity caches for WAM
-Does not limit metastor/datastor object retention
-Maximum total entries for RAM cache
17
profile-maximum
Refer to the slide note
18
profile-uri
AFFECTSRAMCACHE
ONLY
19
Profile-webacceleration
20
Profile-compression
• When enable WA, wa policy override this profile, But performed by the profile.
• It is normal TMOS compression profile if no wa• So we can think it as :
-Config in wa but need profile to support to use hardware card
21
Profile-compression
22
Profile-compression
23
Profile-compression
24
Changes in WA policy GUI
• Remove some navigation
BIG-IP v10.2.2 BIG-IP v11.0
25
Applications
If want history data, need
enable it here
26
Proxy assembly
27
Policy proxying
28
Policy lifetime, WA self cache setting
29
Policy lifetime, client cache setting
30
Policy lifetime, client cache setting
31
Policy lifetime, client cache setting
32
New irule event in v11 of wa
• HTTP_REQUEST_RELEASE– Fires on the server-side of the HUD chain, after all
modules have processed a client request
• HTTP_RESPONSE_RELEASE– Fires on the client-side of the HUD chain, after all
modules have processed a server response
33
Upgrade to v11
• Only support v10 ucs• Only support volumes • Check vs if applied a compression profile• Check vs if applied a webacceleration profile• If the max size is ok for your situation.• X-wa-info header disabled by default• Performance reporting disabled• Unmapped host is handled now? Check it in applications
34
Troubleshooting tips
• Dashboard? It is real time data, 5 minutes from tmm• Plug-in logging
– /var/log/tmm– /var/log/ltm
• wamd logging– /var/log/wa/wamd.log– /var/log/wa/wam.provisioning.log– /var/log/daemon.log
• Performance Statistics logging– /var/log/wa/stats– /var/log/mysql.out– /var/lib/mysql/mysql.err
• Datastor logging– /var/log/datastor– /var/log/datastor.provision
35
Troubleshooting x-wa-info
• Turn on it on application, if possible turn on debug(per Support center request)
36
S code
37
C code
• C-Code:– X-WA-Info: [S10201.C76511.A13938.RA0.U2264335089].[OT/html.OG/pages].[P/0.0].[O/0.1].[EH0/0].[DH0/0]
• Indicates which defined Application was used to handle the incoming request– Number changes each time a policy is published to that Application
• A-Code:– X-WA-Info: [S10201.C76511.A13938.RA0.U2264335089].[OT/html.OG/pages].[P/0.0].[O/0.1].[EH0/0].[DH0/0]
• Indicates which node within the Policy matched the incoming request• R-Code:
– X-WA-Info: [S10201.C76511.A13938.RA0.U2264335089].[OT/html.OG/pages].[P/0.0].[O/0.1].[EH0/0].[DH0/0]
• Identifies the application match of a response to the Policy as defined by object extension, content type or node rule– Value of zero indicates match on the request
38
How to decode wa-info
• wainfodecode [wa-info header]• X-WA-Info:[S10201.C100017.A13710.RA0.U794647444].[OT/html.OG/pages]
[root@bigip11:Active] config # wainfodecode [S10201.C100017.A13710.RA0.U794647444].[OT/html.OG/pages]
S10201: Response was served from the origin web server, because the request was for new content.
C100017: Local-policy: /Common/Generic Policy - EnhancedA13710: Request Policy Node: PagesRA0: Response match did not supersede request matchUCI hash: 2f5d5b94Object type: htmlObject group: pages[root@bigip11:Active] config #