WIXLIB

F5 Networks TrainingGetting Started with BIG-IPProgrammabilityTry It Yourself Lab GuideNovember 2017

Chapter 1 - Try It Yourself Lab1-2Getting Started with BIG-IP ProgrammabilityTry It Yourself Lab GuideFirst Printing; November, 2017 2017, F5 Networks, Inc. All rights reserved.Support and Contact InformationObtaining Technical SupportWebtech.f5.com (Ask F5)Phone(206) 272-6888Email (support issues)support@f5.comEmail (suggestions)feedback@f5.comContacting F5 NetworksWebwww.f5.comEmailsales@f5.com & info@f5.comF5 Networks, Inc.F5 Networks, Ltd.F5 Networks, Inc.F5 Networks, Inc.Corporate Office401 Elliott Avenue WestSeattle, Washington 98119T (888) 88BIG-IPUnited KingdomChertsey Gate WestChertsey Surrey KT16 8APUnited KingdomAsia Pacific5 Temasek Boulevard#08-01/02 Suntec Tower 5Singapore, 038985JapanAkasaka Garden City 19F4-15-1 Akasaka, Minato-kuTokyo 107-0052 JapanT (206) 272-5555F (206) 272-5557T (44) 0 1932 582-000F (44) 0 1932 582-001T (65) 6533-6103F (65) 6533-6106T (81) 3 5114-3200F (81) 3 ining@f5.comJapanTraining@f5.comGetting Started with BIG-IP Programmability1-2

Chapter 1 - Try It Yourself Lab1-3Legal NoticesCopyrightCopyright 2017, F5 Networks, Inc. All rights reserved.F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5assumes no responsibility for the use of this information, nor any infringement of patents or other rightsof third parties which may result from its use. No license is granted by implication or otherwise under anypatent, copyright, or other intellectual property right of F5 except as specifically described by applicableuser licenses. F5 reserves the right to change specifications at any time without notice.Trademarks3DNS, Access Policy Manager, Acopia, Acopia Networks, Advanced Client Authentication, AdvancedRouting, APM, Application Security Manager, ARX, AskF5, ASM, BIG-IP, Cloud Extender,CloudFucious, CMP, Data Manager, DevCentral, DevCentral [DESIGN], DSI, DNS Express, DSC, EdgeClient, Edge Gateway, Edge Portal, EM, Enterprise Manager, F5, F5 [DESIGN], F5 Management Pack,F5 Networks, F5 World, Fast Application Proxy, Fast Cache, FirePass, Global Traffic Manager, GTM,IBR, Intelligent Browser Referencing, Intelligent Compression, IPv6 Gateway, iApps, iControl, iHealth,iQuery, iRules, iRules OnDemand, iSession, IT agility. Your way., L7 Rate Shaping, LC, LinkController, Local Traffic Manager, LTM, Message Security Module, MSM, Netcelera, OneConnect,Packet Velocity, Protocol Security Module, PSM, Real Traffic Policy Builder, ScaleN, SSL Acceleration,StrongBox, SuperVIP, SYN Check, TCP Express, TDR, TMOS, Traffic Management Operating System,TrafficShield, Transparent Data Reduction, UNITY, VIPRION, vCMP, WA, WAN OptimizationManager, WANJet, WebAccelerator, WOM, and ZoneRunner, are trademarks or service marks of F5Networks, Inc., in the U.S. and other countries, and may not be used without F5's express written consent.All other product and company names herein may be trademarks of their respective owners.MaterialsThe material reproduced on this manual, including but not limited to graphics, text, pictures, photographs,layout and the like ("Content"), are protected by United States Copyright law. Absolutely no Contentfrom this manual may be copied, reproduced, exchanged, published, sold or distributed without the priorwritten consent of F5 Networks, IncPatentsThis product may be protected by one or more patents indicated at:http://www.f5.com/about/policies/patentsGetting Started with BIG-IP Programmability1-3

Chapter 1 - Try It Yourself Lab1-4Lab 1 – Try It YourselfIntroduction: Escaping New Lines, cURL, jq and PipesEscaping New LinesAlmost every command shell available on Linux and macOS uses the same syntax to split long commandlines into multiple shorter ones. This is sometimes called line escaping or line continuation. Forexample, the following commandecho Hello Worldcould be made shorter by inserting a backslash at the split point, such asecho Hello \Worldor evenecho \Hello \WorldAll three examples print “Hello World”. Notice there is a space in front of the backslash and there is nobackslash on the final line of the split command.Windows shells allow the same technique, but use different characters, depending on the shell. Whenusing the COMMAND (CMD) shell, replace the backslash with a caret or circumflex character ( ).When using PowerShell, replace the backslash with a backtick or grave accent character ( ).macOS and Linux (most shells)Windows (COMMAND shell)Windows (PowerShell)echo \Hello \Worldecho Hello Worldecho Hello WorldcURLcURL is a command line tool for getting or sending data or files using URL syntax. The simplest form ofthe command iscurl www.example.comwhich performs an HTTP GET to http://www.example.com. Our examples are typically more complex,such ascurl -s -k -u admin:admin1 -X POST \-H 'Content-Type: application/json' \-d '{"send": "GET /\r\n", "recv": "F5 Training Services"}' i.mon jq .Notice this command has been written for Linux or macOS because it uses a backslash for line escaping.Getting Started with BIG-IP Programmability1-4

Chapter 1 - Try It Yourself Lab1-5Dissecting the above command we inspect every component, one at a time. Notice the “-sku” flags aboveare three flags concatenated for brevity. Below, we’ll examine each flag individually.curlCommand name-sSilent mode, do not show cURL progress meter-kFor HTTPS, cURL expects a Secure SSL (TLS)connection. Use this flag if the server doesn’t havethe proper cert (typical for lab testing)-u admin:admin1Specify credentials as username:password-X POSTUse POST method (GET is default)-H 'Content-Type: application/json'Specify header (required to send REST data)-d '{"send": "GET /\r\n", "recv": "."}'JSON data to send (note the outer single-quotes r the curl command notice the upright bar ( ) character which is called a pipe and is available inLinux, macOS, Windows COMMAND and Windows PowerShell. It takes the output from the commandon the left (curl) and sends it to the input of the command on the right (jq).jqjq or JSON Query is a JSON processor and it runs on Linux, macOS and Windows. It is designed toquery specific parts of a JSON output and then format the output for easier reading. However, we willonly be using formatting part of jq. The syntax “jq .” tells jq to neatly format all of the JSON output.Exercise 1: Create a Monitor, Pool and Virtual ServerIn this exercise, three rest commands are required to create a pool monitor, a pool and a virtual server.You are shown the tmsh command used to execute each step. You are also shown the abbreviated RESTsyntax. Finally, you are given the exact curl command needed to perform this task. Use this command inyour lab environment.Note the curl command syntax is for Linux or macOS. If you are using Windows, change the backslashto the appropriate character for COMMAND or PowerShell (as described above).1. Create the monitor.TMSHcreate ltm monitor http wiki.mon send "GET /\r\n" recv "F5 Training Services"RESTPOST /ltm/monitor/http {"name": "wiki.mon", "send": "GET /\r\n", "recv": "F5 Training Services"}CURLcurl -sku admin:admin1 -X POST \-H 'Content-Type: application/json' \-d '{"name": "wiki.mon","send": "GET /\r\n", "recv": "F5 Training Services"}' \https://192.168.1.31/mgmt/tm/ltm/monitor/http jq .Using the Config Utility or tmsh, confirm the monitor was properly created.Getting Started with BIG-IP Programmability1-5

Chapter 1 - Try It Yourself Lab1-62. Create the pool.TMSHcreate ltm pool wiki.pool members add { 192.168.2.1:80 192.168.2.2:80 } monitor wiki.monRESTPOST ltm/pool {"name": "wiki.pool","members": ["192.168.2.1:80", "192.168.2.2:80"],"monitor": "wiki.mon"}CURLcurl -sku admin:admin1 -X POST \-H 'Content-Type: application/json' \-d '{"name": "wiki.pool","member": ["192.168.2.1:80","192.168.2.2:80"],"monitor": "wiki.mon"}' \https://192.168.1.31/mgmt/tm/ltm/pool jq .Using the Config Utility or tmsh, confirm the pool was properly created.3. Create the virtual server.TMSHcreate ltm virtual wiki.vs destination 10.10.1.101:443profiles add { clientssl } source-address-translation { type automap }pool wiki.poolRESTPOST ltm/virtual {"name": "wiki.vs", "destination": "10.10.1.101:443","profiles": "clientssl", "sourceAddressTranslation": {"type": "automap"},"pool": "wiki.pool"}CURLcurl -sku admin:admin1 -X POST \-H 'Content-Type: application/json' \-d '{"name": "wiki.vs", "destination": "10.10.1.101:443", \"profiles": "clientssl", "sourceAddressTranslation": {"type": "automap"}, \"pool": "wiki.pool"}' \https://192.168.1.31/mgmt/tm/ltm/pool jq .Using the Config Utility or tmsh, confirm the pool was properly created.Can you connect to the newly created virtual server?Exercise 2: Perform the tasks necessary to set up aBIG-IP SystemThese tasks are normally performed by the BIG-IP Setup Wizard. In the previous exercise, you wereshown the tmsh syntax as well as the actual curl command syntax. In this example, you are only giventhe abbreviated REST syntax. Use this information to craft your own curl commands.4. Set the time zone.RESTPUT cm/device/bigip1 {"time-zone": "America/New York"}The time zone is set to “America/Los Angeles” by default. Using the Config Utility or tmsh, confirm thetime zone changed.Note, it is recommended that you use tmsh, because the Config Utility will be in Setup Mode. However, if youstill prefer to use Config Utility, skip ahead to Step 14 and then return here to confirm the Time Zone has beenset correctly.Getting Started with BIG-IP Programmability1-6

Chapter 1 - Try It Yourself Lab1-75. Set the host name.RESTPATCH sys/global-settings {"hostname": "bigip1.f5trn.com"}The time zone is set to “America/Los Angeles” by default. Using the Config Utility or tmsh, confirm thehost name changed.6. Set the DNS server.RESTPUT sys/dns {"nameServers": ["172.16.20.20"]}The time zone is set to “America/Los Angeles” by default. Using the Config Utility or tmsh, confirm theDNS server changed.7. Set the NTP server.RESTPUT sys/ntp {"servers": ["172.16.20.20"]}8. Create external VLAN, attach interface, and create self and floating IP Addresses.RESTPOST net/vlan {"name": "external", "tag": 4093}RESTPUT net/vlan/external {"interfaces": [{"name": "1.1"}], "tag": 4093}RESTPOST net/self {"name": "10.10.1.31", "address": "10.10.1.31/16","vlan": "external", "allowService": []}RESTPOST net/self {"name": "10.10.1.33", "address": "10.10.1.33/16","vlan": "external", "allowService": [],"traffic-group": "traffic-group-1"}Using the Config Utility or tmsh, confirm the external self and floating IP addresses exist.9. Create internal VLAN, attach interface and create self and floating IP Addresses.RESTPOST net/vlan {"name": "external", "tag": 4093}RESTPUT net/vlan/external {"interfaces": [{"name": "1.1"}], "tag": 4093}RESTPOST net/self {"name": "10.10.1.31", "address": "10.10.1.31/16","vlan": "external", "allowService": []}RESTPOST net/self {"name": "10.10.1.33", "address": "10.10.1.33/16","vlan": "external", "allowService": [],"traffic-group": "traffic-group-1"}Using the Config Utility or tmsh, confirm the internal self and floating IP addresses exist.Getting Started with BIG-IP Programmability1-7