A10 System Administration Training

This book is about initial training of A10 devices and ACOS operating system

Introduction

Introduction

Course Details

Target

This course is targeted for ;

Requirements

Achievements

After you complete this training

You will be able to;

Structure

It is as basic as it can be, i am going to explain a detail or a feature and you will do it on your lab and after you complete the lab, i will ask 5 to 8 questions about things i told and you'll measure your understanding about that section.

Introduction

How are we going to learn

Basics

As far as i know, the best way to learn is by doing. And i mean by doing is to do every configuration one by one. I am going to supply all the configurations using a public github repo but i must say again best way to learn ACOS is to do the configuration by typing just like coding.

The playground

we are going to use gns3 to create our playground and configuration testing There will be a section about how to construct the lab so we can easiliy test our configurations

In this training you will be supplied two files,

  1. A gns3 lab file that has all the required setup to be able to finish this course
  2. A list of to-do's before you must do to work with this training like downloading some files and uploading them to gns3 before we go on with the training.

Course materials

Every required is supplied through a zip file after you extract it, you can find all the needed config files or any other materials there.

Introduction

About tutor

I am a, self educated, network engineer that has experince more than 20 years. I've been working at system integrators for 10 ten years and right now own one for more than 15 years.

I am not a certified trainer or anything else.

Introduction

About Acos and A10networks

A10 networks

A10 Networks is a U.S. public company specializing in the manufacturing of application delivery controllers (software and hardware). Founded in 2004 by Lee Chen, co-founder of Foundry Networks, A10 originally serviced just the identity management market with its line of ID Series products. In early 2007, they added bandwidth management appliances (EX Series). The company had its initial public offering on March 21, 2014, raising $187.5 million.

In May 2013, A10 launched its A10 Thunder Series platforms of hardware and software application delivery controllers (ADCs)

A10 Networks released the Harmony design of the Thunder Series ADC in 2015.

Also in 2015, A10 Networks upgraded the Advanced Core Operating System (ACOS). The update allowed 100 percent of software capabilities to be addressed by APIs, whereas the previous ACOS could only address 40 percent through APIs.

In 2016, A10 acquired the cloud-native ADC company Appcito.

Acos

Acos is an 64 bit operating system that has powerfull features like

that can do;

https://www.a10networks.com/solutions/advanced-core-operating-system/

Introduction

Product line up

Introduction

Features

Course sandbox setup

Trainig Scenario & Topology

This training is best used with the gns3 lab supplied with lab that you can find below
Building the playground
topology
Connectivity and logon details

asbru için config sağla import edilebilir
securecrt için sağla

Course sandbox setup

System configuration and downloading tools

In this section we are going to need a computer with the following minimum requirements:

You will need to download gns3 and to do that you are going to create an account at gns3.org using this link

after you created the account,

Please download gns3 from this link :

---link2---

I've made a lab and shared it over gdrive so you can download it but please note that this lab is 45 gigbytes large and you should download it through your unmetered connection. Again please don't download this over your cellular tethered wifi connection.

download the lab linked here;

---link3---

And last download is the configuration files for machines in the lab which are very small in this link

---link4---

Course sandbox setup

Tools and installation

In this section we are going to ;

we are going to learn;

First Time

First Time

Unboxing

Physical devices

Virtual edition

installation

  1. VMWare
  2. Qemu/KVM installation
  3. GNS3
  4. Eve-ng installation
First Time

Management Access

Console port details

This is the "monitor" port of this device, with a terminal emulator and a serial console cable, you can access the device.

Console port is at the front of the device which is called "Console". and it is shown with green arrow here, You should remember that devices and the location of console ports vary depending to the model of device.

Most of the time it is called Console, but some vendors might use acronyms lik "Con", "IOIOI"

To be able to that you'll need to set the configuration of the port to

For windows you can use putty and for linux gtkterm is a good option, if you are a mac user you can user a tool like Serial2

Management ethernet port details

Management port is a special port seperated from the device's main thing, you'll need this port to access the device remotely or using an ethernet/ip connection.

The default settings are;

Management access

You can connect to the device using https and ssh protocols, there is another way which is api access and we have a special section to show you how it's used.

Using ssh

for ssh you can use putty in windows and openssh for remaining platforms

Using https

For https the only need is a modern browser,

First Time

Registration, licensing and flexpool

Physical devices

All physical devices that A10networks ships, comes with ADC -Application Delivery Controller- license. And if you'd like use additional features like datacenter firewall, supplied web categories, etc.. you will need to purchase additional licenses like

The methods to obtain these license will be listed later. The registration will be done on purchasing, by a a10networks salesperson. They will ask for a e-mail address to register the lead and the shipments. You will use that mail address to work with RMA or guarantee requirements.

Note : By default no physical device requires internet connectivity to work in ADC mode. And to unlock additional licenses / features you'll have to allow the device reach either from data ports or from management port to internet.

Virtual appliances

Virtual appliances downloaded from internet or by applying to trial comes with limited to 10 mbit througput and ADC features only To use the virtual appliances fully, you'll need to have trial key or paid licenses which are activated with GLM. To obtain licenses, you'll have to supply a contact mail address and use that mail address to login what we called GLM.

GLM and why we need it for ?

GLM which is Global License manager is a platform from A10networks that manages all this registration, licensing and other bureocratic stuff and also enables something called Flexpool, it resides on https://glm.a10networks.com .

Flexpool

You can buy your license in Throughput not in per device mode. This feature of a10networks allows comissioning many devices sharing one throughput and it is very effective when it comes to create High availability scenarios. It is used by sharing a "GLM Token" through out the devices.

Administration tasks

Administration tasks

Backup System Configuration

copy config

With this option you can only take a configuration backup, a complete backup includes ;

This type of backup is not a complete backup but it is better than nothing.

To take a quick configuration backup and according the length of your configuraiton, you can;

backup using gui

backup to ftp server

automated backup jobs

Administration tasks

Upgrade system OS

Administration tasks

Downgrade System Os

Administration tasks

Set time or use NTP

Administration tasks

What is VCS

Administration tasks

Certificate Management

Administration tasks

User Management & Access LDAP/TACACS

Basic server load balancing

Basic server load balancing

What is server load balancing

Basic server load balancing

Acronyms and their details

Basic server load balancing

Creating Real servers

Basic server load balancing

Creating Service Groups

Basic server load balancing

Creating Virtual Servers

Basic server load balancing

Configuring traffic distribution

Basic server load balancing

XFF or x-forwarded-for

Basic server load balancing

Https and ssl

Basic server load balancing

Certificate Management & Pki

Basic server load balancing

SSL-Offloading

High availability

High availability

A-VCS

What is A-VCS

It is the acronym of ACOS Virtual Chassis Systems.

It is a special process created to manage many ACOS devices from a single-point view however it is not the only use case. It also synchronizes ;

You must always remeber that l2 level configurations like ethernet LAG interfaces vlan tags vlan names is not in sync process. We'll get to reason of this later

Remember, A-vcs does not do anything about live traffic, configuration only !

Prequisites

Master / Slave / Election

We'll do a demo of this later in the training.

You will see all the devices in config context with their respective machine id's you will configure later in this training.

You can login to vblades without going thorugh floating ip however all the changes will be forced to done through floating ip

You can use Management port only to create a a-vcs cluster. Any l2 implementation will continue to work.

Split Brain on more than 2 device clusters

This is a dangerous situation. If by some reason the devices decide to become masters at same time any traffic processing will create network problems. So at all times the necessary precautions must be taken like

Initial config of a-vcs

On the master device

  1. Enable the vrrp to start configuring vcs we have to enable vrrp-a first

     ACOS# configure
     ACOS(config)# vrrp-a common
     ACOS(config-common)# set-id 1
     ACOS(config-common)# device-id 1
     ACOS(config-common)# enable
     ACOS-Active(config-common)# exit
     ACOS-Active(config)#
    
  2. Enable a-vcs

     ACOS-Active(config)# vcs enable
     ACOS-Active(config:1)#
    
  3. configure the floating ip address

     ACOS(config:1)# vcs floating-ip 192.168.16.10 /24
    
  4. Configure a-vcs with masters parameters After the confgiuration commands typed in, you'll need to do vcs reload to start a-vcs formation process.

     ACOS(config:1)# vcs device 1
     ACOS(config:1-device:1)# interfaces management
     ACOS(config:1-device:1)# priority 225
     ACOS(config:1-device:1)# enable
     ACOS(config:1-device:1)# exit
     ACOS(config:1)# vcs reload
    

adding second device to cluster

On first blade

adding third device to cluster

On second blade

adding fourth device to cluster

On third blade

forced a-vcs master commands

Force vBlade-1 to become master

adding a fifth device with older version to cluster and auto image upgrade process

High availability

VRRP-A

Appliance access management

Basic monitoring & troubleshooting

Basic monitoring & troubleshooting

Basics and what to look for ?

Automation

SNMP v2-v3

Logging and log destinations

Partitions