F5 Networks F5CAB2 Exam Questions Instant Access

Question 1

An application is configured so that the same pool member must be used for an entire session, as well as for HTTP and FTP traffic. A user reports that a session has terminated, and the user must restart the session. The BIG-IP Administrator determines that the active BIG-IP device failed over to the standby BIG-IP device. Which configuration settings should the BIG-IP Administrator verify to ensure proper behavior when BIG-IP failover occurs?

ACookie persistence and session timeout

BStateful failover and network failover detection

Csyn-cookie insertion threshold and connection low-water mark

DPersistence mirroring and Match Across Services

Answer : D

In this scenario, two specific High Availability and Persistence requirements must be met to ensure session continuity during a failover.

Persistence Mirroring: By default, persistence records (which map a client to a specific server) exist only on the memory of the active BIG-IP. If a failover occurs, the standby unit has no knowledge of these sessions and will re-load-balance the client, likely to a different server. Enabling Persistence Mirroring ensures that the persistence table is synchronized in real-time to the standby peer.

Match Across Services: The requirement specifies that the session must persist across both HTTP and FTP. These are different Virtual Servers (and likely different ports). The Match Across Services setting in the persistence profile allows the BIG-IP to use the same persistence record for any Virtual Server that shares the same IP address and pool, regardless of the service port.

Question 2

Which three iRule events are likely to be seen in iRules designed to select a pool for load balancing? (Choose three.)

ACLIENT_DATA

BSERVER_DATA

CHTTP_REQUEST

DHTTP_RESPONSE

ECLIENT_ACCEPTED

FSERVER_SELECTED

GSERVER_CONNECTED

Answer : A, C, E

In the BIG-IP system, pool selection must occur on the client-side of the connection, before the system attempts to connect to a pool 3member. The events listed 4are the primary entry points for making these decisions:

CLIENT_ACCEPTED (E): This is a Layer 4 event triggered when the BIG-IP accepts a TCP connection. It is the earliest point where a pool can be assigned based on the client's source IP address or the destination port.

CLIENT_DATA (A): This event is triggered when the system receives a 'chunk' of data on the client-side. It is often used for non-HTTP protocols (like custom TCP protocols) to inspect the payload and select a pool based on its contents.

HTTP_REQUEST (C): This is a Layer 7 event. It occurs once the BIG-IP has fully parsed the HTTP headers. This is the most common event for pool selection, allowing the administrator to route traffic based on the URI, Host header, or cookies.

Events like SERVER_SELECTED or SERVER_CONNECTED occur after the load balancing decision has already been made, and HTTP_RESPONSE or SERVER_DATA occur after the server has already started communicating back, making them too late for initial pool selection.

Question 3

What type of Virtual Server is configured with no Pool-members, and proxies traffic to the destination IP address specified by the client device?

AForwarding (IP)

BStandard

CPerformance (Layer 4)

DStateless

Answer : A

A Forwarding (IP) virtual server is unique because it does not perform load balancing in the traditional sense.

No Pool Members: Unlike a Standard virtual server, which requires a pool to direct traffic, a Forwarding (IP) virtual server typically has no pool assigned.

Destination-Based Routing: The BIG-IP system looks at the destination IP address in the original packet header sent by the client. It then consults the BIG-IP system's local routing table to determine where to send the packet.

Transparency: It acts as a high-performance router/gateway, often used to forward traffic from internal servers to the internet or across different subnets while still allowing the BIG-IP to apply features like SNAT or bandwidth controllers.

Stateful Tracking: While it forwards traffic based on the routing table, it still creates an entry in the connection table to track the flow (unless it is a Stateless virtual server).

Question 4

The BIG-IP Administrator wants to provide quick failover between the F5 LTM devices that are configured as an HA pair with a single-selfip using the MAC Masquerade feature for this quick failover and runs this command: tmsh modify /cm traffic-group traffic-group-1 mac 02:12:34:56:00:00 However, the Network Operations team has identified an issue with the use of the same MAC address being used within different VLANs. As a result, the administrator decides to implement the Per-VLAN Mac Masquerade in order to have a unique MAC address on each VLAN: tmsh modify /sys db tm.macmasqaddr_per_vlan value true. What would be the resulting MAC address on a tagged VLAN of 1501? (Choose one answer)

A02:12:34:56:01:15

B02:12:34:56:dd:05

C02:12:34:56:05:dd

D02:12:34:56:15:01

Answer : C

According to F5 BIG-IP documentation regarding High Availability and MAC Masquerade behavior, the system allows for more granular control over Layer 2 addresses during failover events.

Standard MAC Masquerade: By default, when a traffic group is assigned a MAC masquerade address (like 02:12:34:56:00:00), the BIG-IP system uses that exact MAC address for all traffic associated with that traffic group across all VLANs. This ensures that upstream switches do not need to relearn ARP entries for the Virtual IP, but it can cause issues in environments where multiple VLANs share the same physical infrastructure or monitoring tools that flag identical MACs across segments.

Per-VLAN MAC Masquerade: When the system database variable tm.macmasqaddr_per_vlan is set to true, the BIG-IP system calculates a unique MAC address for each VLAN. It does this by taking the base MAC masquerade address configured in the traffic group and adding the VLAN ID (tag) to it.

Calculation Logic:

Base MAC: 02:12:34:56:00:00

VLAN ID: 1501

To find the suffix, the VLAN ID is converted from decimal to hexadecimal:

$1501$ in decimal = 05DD in hex.

The system then applies this offset to the last two octets of the base MAC address.

00:00 + 05:DD = 05:DD.

Result: The final MAC address for VLAN 1501 becomes 02:12:34:56:05:dd.

This ensures that every VLAN has a unique Layer 2 identity while still reaping the benefits of 'gratuitous ARP-less' failover provided by MAC masquerading.

Question 5

self-IPs, routes and their status/statistics]

What is required for a virtual server to support clients whose traffic arrives on the internal VLAN and pool members whose traffic arrives on the external VLAN?

AThat support is never available.

BThe virtual server must be enabled for both VLANs.

CThe virtual server must be enabled on the internal VLAN.

DThe virtual server must be enabled on the external VLAN.

Answer : C

4647

Virtual Servers have a setting called VLAN and Tunnel Traffic which defines where the BIG-IP 'listens' for new connections.4849

Ingress Logic: A virtual server is an entry point. It must be enab50led on the VLAN where the Client resides. If a client is on the '51Internal' VLAN, the Virtual Server must be enabled there to receive the traffic.

Egress Logic: The BIG-IP system uses the TMM Routing Table and Self-IPs to reach pool members. It does not need the Virtual Server to be 'enabled' on the destination VLAN (External) to send traffic there.

Default Behavior: By default, Virtual Servers are enabled on 'All VLANs.' However, if restricted for security, the administrator must ensure the Virtual Server is active on the client-facing (ingress) VLAN.

Question 6

and their status/statistics]

A BIG-IP Administrator wants to add a new Self IP to the BIG-IP device. Which item should be assigned to the new Self IP being configured?

ARoute

BVLAN

CInterface

DTrunk

Answer : B

A Self IP is an IP address on the BIG-IP system that you associate with a specific VLAN.

VLAN Association: A Self IP cannot exist independently; it must be bound to a VLAN to define which network segment the BIG-IP can communicate with.

Layer 2 to Layer 3 Mapping: While a VLAN is associated with physical interfaces or trunks (Layer 2), the Self IP provides the Layer 3 identity for the BIG-IP on that VLAN.

Traffic Processing: Self IPs are used by the BIG-IP for health checking backend servers, acting as a default gateway for servers, and for HA heartbeat communication.

Question 7

A BIG-IP Administrator explicitly creates a traffic group on a BIG-IP device. Which two types of configuration objects can be associated with this traffic group? (Choose two.)

AiRules

BApplication Instances

CVirtual Addresses

DVLANs

EFloating Self IPs

Answer : C, E

A Traffic Group is a collection of related configuration objects that fail over together from one BIG-IP device to another. Only 'floating' objects can be members of a traffic group.

Virtual Addresses (C): A virtual address (the IP part of a Virtual Server) is a floating object. It is assigned to a traffic group so that the entire IP moves to the standby unit during a failover.

Floating Self IPs (E): These are used as gateways for backend servers or SNAT addresses. By associating them with a traffic group, they remain reachable by the backend network regardless of which BIG-IP is currently active.

Why other options are incorrect:

iRules (A): iRules are configuration logic files; they are synchronized across devices but are not 'hosted' by a traffic group.

VLANs (D): VLANs are local to the hardware interfaces/trunks of each specific device and do not fail over.

F5 Networks BIG-IP Administration Data Plane Concepts F5CAB2 Exam Questions