Profiles

What are profiles?

The BIG-IP® local traffic management system can manage application-specific network traffic in a variety of ways, depending on the protocols and services being used. For example, you can configure the BIG-IP system to compress HTTP response data, or you can configure the system to authenticate SSL client certificates before passing requests on to a target server.

For each type of traffic that you want to manage, the BIG-IP system contains configuration tools that you can use to intelligently control the behavior of that traffic. These tools are called profiles. A profile is a system-supplied configuration tool that enhances your capabilities for managing application-specific traffic. More specifically, a profile is an object that contains user-configurable settings, with default values, for controlling the behavior of a particular type of network traffic, such as HTTP connections. After configuring a profile, you associate the profile with a virtual server. The virtual server then processes traffic according to the values specified in the profile. Using profiles enhances your control over managing network traffic, and makes traffic-management tasks easier and more efficient.

You can associate multiple profiles with one virtual server. For example TCP, HTTP and SSL with same virtual server

Profile types

The BIG-IP system provides several types of profiles. While some profile types correspond to specific protocols, such as HTTP, SSL, and FTP, other profiles pertain to traffic behaviors applicable to multiple protocols. Examples of these are connection persistence profiles and authentication profiles.

Profile Type	Description
Services profiles
HTTP	Defines the behavior of Hyptertext Transfer Protocol (HTTP) traffic.
FTP	Defines the behavior of File Transfer Protocol (FTP) traffic.
RTSP	Defines the behavior of Realtime Streaming Protocol (RTSP) traffic.
SIP	Defines the behavior of Session Initiation Protocol (SIP) traffic. The BIG-IP system routes SIP traffic based on this SIP profile, which persists on Call-ID; however, you can specify that SIP traffic persist on a value other than Call-ID by creating a SIP persistence profile, as shown following, under Persistence profiles.
iSession	Creates an optimization tunnel between two BIG-IP systems that are separated by a wide area network.
Persistence profiles
Cookie	Implements session persistence using HTTP cookies.
Destination Address Affinity	Implements session persistence based on the destination IP address specified in the header of a client request. Also known as sticky persistence.
Hash	Implements session persistence in a way similar to universal persistence, except that the BIG-IP system uses a hash for finding a persistence entry.
Microsoft® Remote Desktop	Implements session persistence for Microsoft® Remote Desktop Protocol sessions.
SIP	Implements SIP message handling. Also, implements SIP persistence based on a specified SIP header field. Note that in order to use a SIP persistence profile, you must also create a SIP profile, as shown previously, under Services profiles.
Source Address Affinity	Implements session persistence based on the source IP address specified in the header of a client request. Also known as simple persistence.
SSL	Implements session persistence for non-terminated SSL sessions, using the session ID.
Universal	Implements session persistence using the BIG-IP systems Universal Inspection Engine (UIE).
Protocol profiles
Fast L4	Defines the behavior of Layer 4 IP traffic.
Fast HTTP	Improves the speed at which a virtual server processes traffic.
HTTP Class	Forwards traffic to a destination based on examining traffic headers or content, using criteria that you specify.
TCP	Defines the behavior of TCP traffic.
UDP	Defines the behavior of UDP traffic.
SCTP	Defines the behavior of Streaming Control Transmission Protocol (SCTP) traffic.
SSL profiles
Client	Defines the behavior of client-side SSL traffic. See also Persistence Profiles.
Server	Defines the behavior of server-side SSL traffic. See also Persistence Profiles.
Authentication profiles
LDAP	Allows the BIG-IP system to authenticate traffic based on authentication data stored on a remote Lightweight Directory Access Protocol (LDAP) server.
RADIUS	Allows the BIG-IP system to authenticate traffic based on authentication data stored on a remote RADIUS server.
TACACS+	Allows the BIG-IP system to authenticate traffic based on authentication data stored on a remote TACACS+ server.
SSL Client Certificate LDAP	Allows the BIG-IP system to control a clients access to server resources based on data stored on a remote LDAP server. Client authorization credentials are based on SSL certificates, as well as defined user groups and roles.
SSL OCSP	Allows the BIG-IP system to check on the revocation status of a client certificate using data stored on a remote Online Certificate Status Protocol (OCSP) server. Client credentials are based on SSL certificates.
CRLDP	Manages status of Certificate Revocation Lists (CRLs) using the industry-standard Certificate Revocation List Distribution Point ((CRLDP) technology.
Other profiles
OneConnect	Enables client requests to reuse server-side connections. The ability for the BIG-IP system to reuse server-side connections is known as Connection PoolingTM.
Statistics	Provides user-defined statistical counters.
NTLM	Uses an encrypted challenge/response protocol to authenticate a user without sending the user’s password over the network.
Stream	Searches for and replaces strings within a data stream, such as a TCP connection.

Default profile

The BIG-IP system includes one or more default profiles for each profile type. A default profile is a system-supplied profile that contains default values for its settings. An example of a default profile is the http default profile. You can use a default profile in several ways:

You can use a default profile as is.
You can modify default profile. This is however not recommended. If you modify default profile all other profiles based on default profile will inherit the changes.
You can create a custom profile based on the default profile. This is the most recommended. It allows you to preserve the default profile settings. Custom profiles inherits settings from the default profile unless you didnt explicitly specify these settings in custom profile.

Custom and parent profiles

A custom profile is a profile that is derived from a parent profile that you specify. A parent profile is a profile from which your custom profile inherits its settings and their default values.

When creating a custom profile, you have the option of changing one or more setting values that the profile inherited from the parent profile. In this way, you can pick and choose which setting values you would like to change and which ones you would like to retain. An advantage to creating a custom profile is that by doing so, you preserve the setting values of the parent profile.

If you do not specify parent profile when you create a custom profile a BIG-IP will automatically assigns a related profile as a parent profile.

Using a custom profile as the parent profile

When creating a custom profile, you can specify another custom profile, rather than the default profile, as the parent profile. The only restriction is that the custom profile that you specify as the parent must be of the same profile type as the profile you are deriving from the parent. Once you have created the new custom profile, its settings and default values are automatically inherited from the custom profile that you specified as the parent.

Implementing a profile

Once you have created a profile for a specific type of traffic, you implement the profile by associating that profile with one or more virtual servers. You associate a profile with a virtual server by configuring the virtual server to reference the profile. Whenever the virtual server receives that type of traffic, the BIG-IP system applies the profile settings to that traffic, thereby controlling its behavior. Thus, profiles not only define capabilities per network traffic type, but also ensure that those capabilities are available for a virtual server.

At a minimum, a virtual server must reference a profile, and that profile must be associated with a UDP, FastL4, Fast HTTP, or TCP profile type. Thus, if you have not associated a profile with the virtual server, the BIG-IP system adds a UDP, FastL4, Fast HTTP, or TCP default profile to the profile list.

The default profile that the BIG-IP system chooses depends on the configuration of the virtual servers protocol setting. If the protocol setting is set to UDP, the BIG-IP system adds the udp profile to its profile list. If the protocol setting is set to anything other than UDP, the BIG-IP system adds the FastL4 profile to its profile list.