In the last post, we set up a basic configuration, but didn’t do much in the way of optimizing how it works. Today, we’ll look at F5 BIG-IP profiles. These are a way to modify the way the virtual server works. You can do things that change the behavior of the BIG-IP virtual server. For example, adding SSL or inserting X-Forwarded-For Headers into the web logs.
When you add a profile on your Virtual Server, you are telling the BIG-IP to decode the information, and allow it to modify the data. For example, we used the default TCP profile on our original VIP. What it allows the BIG-IP to do is proxy data on both sides of the connection. It tells it that it is a TCP connection and to decode the incoming IP traffic as TCP. After processing the traffic, re-assemble it as it sends it out.
For most of what we really want to do in an ADC, we need to decode the actual application traffic. Add an HTTP profile to the VIP. This tells the BIG-IP to take all of those pieces of the HTTP traffic and decode it into its application pieces. For instance, the URI is decoded. Also, the cookies are decoded. The Headers such as Host Header, Content-Length, etc. are all decoded and checked. When this is all decoded, the BIG-IP acts as a full proxy and resends that data to the web server. This is where you can make application decisions such as sending /app2/ to a second set of servers, or perhaps sending a client to a different site based on a user agent header with mobile in it.
A simple addition to your application you can do is called an X-Forwarded-For header, which gives the web servers the client ip so they can use it for logging (click here if you want a better way to do this). This is done with the HTTP profile, where you add an inserted header into the server-side requests.
Other optimizations you can make are simply adding optimized TCP profiles to your VIP that are related to where your traffic is from. For example, internal traffic can use the “tcp-lan-optimized” profile. Traffic on the internet should use something such as tcp-mobile-optimized. This uses TCP settings and congestion algorithms that are specifically chosen for mobile. Hopefully, this will make your application faster. Don’t get deceived by the mobile part in the name of the profile. It has better settings than the tcp-wan-optimized profile.