Monday, January 27, 2014

F5-BIG-IP Redundancy Configuration

Used BIG-IP Config Utility (GUI) to setup the Redundancy.

Followed Steps as mentioned in Creating an Active-Standby Configuration Using the Setup Utility

    | external                 external |
    |                                   |
[bigip1]-----------------------------[bigip2]
    |   HA                        HA    |
    | internal                internal  |

Three different networks needs to be configured for internal/external and HA VLANs

After giving IP addresses to each interface (internal, external and HA). Make sure, you are able to ping external/internal and HA interface from each BIG-IP appliance to other BIG-IP appliance.

You need to create Floating IP for internal and external interfaces only. This configuration has to be done on each bigip appliance.

After the second device has discovered (Steps in "Discovering a peer device" Section in Creating an Active-Standby Configuration Using the Setup Utility) the first device, the two devices have a trust relationship and constitute a two-member device group. Also, each device in the pair contains a default traffic group named Traffic-Group-1. By default, this traffic group contains the floating IP addresses that you defined for VLANs internal and external.

At this time, both the devices are paired, and prompt changes to Active (bigip2 in my case):-
root@(bigip2)(cfg-sync Awaiting Initial Sync)(Active)(/Common)(tmos)#

and on standby it looks like

root@(bigip1)(cfg-sync Awaiting Initial Sync)(Standby)(/Common)(tmos)#


Go ahead and change some config on e.g. bigip2 (Say create a pool and add member node to it). You can see the prompt changed to "Changes Pending" on Active and Standby as below:-
root@(bigip2)(cfg-sync Changes Pending)(Active)(/Common)(tmos)#

root@(bigip1)(cfg-sync Changes Pending)(Standby)(/Common)(tmos)#

Now, its time to Sync the Config.

Follow Synchronizing the BIG-IP configuration section. If all goes well, then the prompt changes to:-
root@(bigip2)(cfg-sync In Sync)(Active)(/Common)(tmos)#
root@(bigip1)(cfg-sync In Sync)(Standby)(/Common)(tmos)#

You can also verify that the config done on Active (bigip2) is not present on Standby (bigip1).

Sync status for device groups





F5-BIG-IP LTM Useful Commands

Version
(tmos)# show sys version
11.4.1

Running Config
root@(bigip1)(cfg-sync Disconnected)(Active)(/Common)(tmos)# show running-config 

Save Configuration
tmsh sys save config 
or
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos)# save sys config
Saving running configuration...
  /config/bigip.conf
  /config/bigip_base.conf
  /config/bigip_user.conf

Show IP Address of All Interfaces
 tmsh show sys ip-address 

Transferring files to or from an F5 system
scp -p <local_filename> <username>@<server>:<remote_filename>
scp -p myfile.bin root@10.90.101.50:/var/tmp/myfile.bin

Failover of Active BIG-IP
run /sys failover standby

Logging on BIG-IP
Configuring the BIG-IP system to log TCP RST packets

Auto-Last Hop Feature
Good Blog on Auto-Last-Hop

BIG-IP IP Interface Configuration

BIG-IP VLAN Configuration


Sunday, January 26, 2014

Howto License F5 BIG-IP LTM Appliance

Licensing a F5 BIG-IP® Local Traffic Manager™ (LTM) Virtual Edition (VE) is a multiple Step process. Let me run through it Step-by-Step.

These steps assumes following:-

  1. You already know howto bring-up BIG-IP Virtual Appliance on your Hypervisor. I used KVM for this. 
  2. You already have got the 'Registration Key' from F5 to activate this appliance.

Steps

  1. Bring UP BIG-IP Virtual Appliance (Login: root Password: default)
  2. Assign IP Address to it (Use 'config' command on BIG-IP to assign IP, Subnet and Default Gateway), so that it can be accessed via your Web Browser. 
  3. This is how Non-Lisensed BIG-IP's prompt would look:-                                           [root@localhost:NO LICENSE:Standalone] config #
  4. Open web interface to BIG-IP https://<mgmtIP> (Login: admin Password: admin)
  5. Goto Setup-Utility->License and select Manual Method (Make sure you already have the "Registration Key" Typically 25 Digit Value), 
  6. Enter the Registration Key, and press Next Tab
  7. A Dossier would be generated by BIG-IP (based on your Registration Key). Copy this Dossier and Click on Step 2 which opens a new window and takes you to F5's Licencing Server ie. F5 Licencing Server
  8. Enter the Dossier here, and click Next. 
  9. Accept the Licencing Agreement here and Click Next
  10. The next page has your License. Copy the whole License.
  11. Now go back to the Local BIG-IP browser window form which you got the Dossier (see Step 6 above), and you would see "Step 3: License". Please paste the License here and click Next
  12. If all goes fine, your device is Licensed and Activated....
  13. Please Note the prompt would change now to:- (with 'Active' word)[root@localhost:Active:Standalone] config # 




Thursday, January 9, 2014

BIG-IP VM Appliance Configuration (KVM)

Hypervisor: KVM
Host OS: Centos 

VM Minimum Requirements:-
1. Cores 2
2. Memory 4 Gig

Get the qcow2 image of the Appliance VM

Deploying VM:-
I used Virtual Machine Manager to create the VM. 

Some VM properties:-
Target Dev: virtio
Boot Options: From HDD

VM comes up with single interface. You can add Two or More Interfaces (For Internal, External and HA)

Other details regarding Deployment are explained at following link:- BIG-IP VE KVM deployment

Management Port is eth0 with default address 192.168.1.245/24 (You need to change this to reflect your network Mgmt Address)

After VM is started, either you can go to VMs console from Virtual Machine Manager. 
Username: root Password: default

You can not get to the BIG-IP Configuration Utility via any browser https://<mgt IP>
Login: admin Password: admin

Now, you need to license the VM once you have the license in place the prompt would say 'Active' in Prompt
e.g.  
[root@hostname:Active]#