vCMP® Systems: Configuration - AskF5

vCMP® Systems: Configuration - AskF5

vCMP

®

Systems: Configuration

Version 11.4

Table of Contents

Table of Contents

Legal Notices.....................................................................................................7

Acknowledgments.............................................................................................9

Chapter 1:  vCMP Overview.....................................................................................................13

vCMP overview................................................................................................................14

vCMP components...........................................................................................................14

BIG-IP license considerations for vCMP..........................................................................15

vCMP provisioning overview............................................................................................15

vCMP best practices........................................................................................................16

Chapter 2:  Initial vCMP Setup.................................................................................................19

Overview: Initial vCMP setup...........................................................................................20

vCMP deployment worksheet................................................................................20

Activating the BIG-IP license for a vCMP VIPRION..............................................21

Configuring the management port and administrative user accounts...................21

Provisioning the BIG-IP system for vCMP.............................................................22

Accessing the vCMP host.....................................................................................22

Creating trunks......................................................................................................22

Creating VLANs.....................................................................................................23

Creating a vCMP guest.........................................................................................23

Setting a vCMP guest to the Deployed state.........................................................25

Provisioning a BIG-IP module within a guest........................................................25

Creating a self IP for a VLAN................................................................................26

Overview: Verifying initial vCMP configuration.................................................................27

Creating a pool to process HTTP traffic................................................................27

Creating a virtual server to manage HTTP traffic..................................................27

Chapter 3:  Create an Active-Standby Configuration............................................................29

Overview: Creating an active-standby DSC configuration................................................30

About DSC configuration on a VIPRION system...................................................30

DSC prerequisite worksheet............................................................................................32

Task summary..................................................................................................................33

Specifying an IP address for config sync..............................................................33

Specifying an IP address for connection mirroring................................................34

Specifying the HA capacity of a device.................................................................35

Establishing device trust........................................................................................35

Creating a Sync-Failover device group..................................................................36

Syncing the BIG-IP configuration to the device group...........................................37

Specifying IP addresses for failover communication.............................................38

Syncing the BIG-IP configuration to the device group...........................................38

3

Table of Contents

Implementation result.......................................................................................................39

Chapter 4:  Understanding Clusters........................................................................................41

Cluster overview...............................................................................................................42

Viewing cluster properties................................................................................................42

Cluster properties..................................................................................................42

Viewing cluster member properties..................................................................................43

Cluster member properties....................................................................................43

Enabling and disabling cluster members.........................................................................44

Changing a cluster-related management IP address.......................................................44

Cluster-related IP addresses.................................................................................44

Chapter 5:  Understanding vCMP Hosts.................................................................................47

Overview: Managing vCMP hosts....................................................................................48

Viewing host properties for slots......................................................................................48

vCMP host properties............................................................................................48

Chapter 6:  Understanding vCMP Guests...............................................................................51

About vCMP guests.........................................................................................................52

About network modes for a vCMP guest..........................................................................52

Modifying the properties of a vCMP guest.......................................................................53

Viewing the properties of a vCMP guest...............................................................53

Overview: Blade swap for vCMP guest............................................................................54

Disabling a vCMP guest........................................................................................54

Migrating a vCMP guest........................................................................................54

Migrating a single slot guest..................................................................................55

Hot swapping a VIPRION blade............................................................................55

About software image selection and live installation........................................................56

About vCMP guest states.................................................................................................56

About system resource allocation....................................................................................57

About CPU cores allocation..................................................................................57

About virtual disks allocation.................................................................................58

About hardware processors allocation..................................................................58

vCMP guest modification considerations.........................................................................58

Chapter 7:  Working with vCMP Virtual Disks........................................................................59

Overview: Managing virtual disks.....................................................................................60

Detaching virtual disks from a vCMP guest.....................................................................60

Viewing virtual disks not attached to a vCMP guest........................................................60

Attaching a detached virtual disk to a vCMP guest..........................................................60

Deleting a virtual disk from the BIG-IP system................................................................61

Chapter 8:  Managing vCMP Statistics...................................................................................63

4

Table of Contents

Overview: Managing statistics..........................................................................................64

Viewing virtual disk statistics............................................................................................64

Viewing vCMP guest statistics with the BIG-IP Configuration utility................................64

Viewing disk usage statistics............................................................................................65

5

Table of Contents

6

Legal Notices

Publication Date

This document was published on May 15, 2013.

Publication Number

MAN-0376-04

Copyright

Copyright

©

2012-2013, F5 Networks, Inc. All rights reserved.

F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5 assumes no responsibility for the use of this information, nor any infringement of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent, copyright, or other intellectual property right of F5 except as specifically described by applicable user licenses. F5 reserves the right to change specifications at any time without notice.

Trademarks

Access Policy Manager, Advanced Client Authentication, Advanced Routing, APM, Application Security

Manager, ARX, AskF5, ASM, BIG-IP, BIG-IQ, Cloud Extender, CloudFucious, Cloud Manager, Clustered

Multiprocessing, CMP, COHESION, Data Manager, DevCentral, DevCentral [DESIGN], DNS Express,

DSC, DSI, Edge Client, Edge Gateway, Edge Portal, ELEVATE, EM, Enterprise Manager, ENGAGE, F5,

F5 [DESIGN], F5 Management Pack, F5 Networks, F5 World, Fast Application Proxy, Fast Cache, FirePass,

Global Traffic Manager, GTM, GUARDIAN, IBR, Intelligent Browser Referencing, Intelligent Compression,

IPv6 Gateway, iApps, iControl, iHealth, iQuery, iRules, iRules OnDemand, iSession, L7 Rate Shaping,

LC, Link Controller, Local Traffic Manager, LTM, Message Security Manager, MSM, OneConnect,

OpenBloX, OpenBloX [DESIGN], Packet Velocity, Policy Enforcement Manager, PEM, Protocol Security

Manager, PSM, Real Traffic Policy Builder, Rosetta Diameter Gateway, Scale

N

, Signaling Delivery

Controller, SDC, SSL Acceleration, StrongBox, SuperVIP, SYN Check, TCP Express, TDR, TMOS, Traffic

Management Operating System, Traffix Diameter Load Balancer, Traffix Systems, Traffix Systems

(DESIGN), Transparent Data Reduction, UNITY, VAULT, VIPRION, vCMP, virtual Clustered

Multiprocessing, WA, WAN Optimization Manager, WebAccelerator, WOM, and ZoneRunner, are trademarks or service marks of F5 Networks, Inc., in the U.S. and other countries, and may not be used without F5's express written consent.

All other product and company names herein may be trademarks of their respective owners.

Acknowledgments

This product includes software developed by Bill Paul.

This product includes software developed by Jonathan Stone.

This product includes software developed by Manuel Bouyer.

This product includes software developed by Paul Richards.

This product includes software developed by the NetBSD Foundation, Inc. and its contributors.

This product includes software developed by the Politecnico di Torino, and its contributors.

This product includes software developed by the Swedish Institute of Computer Science and its contributors.

This product includes software developed by the University of California, Berkeley and its contributors.

This product includes software developed by the Computer Systems Engineering Group at the Lawrence

Berkeley Laboratory.

This product includes software developed by Christopher G. Demetriou for the NetBSD Project.

This product includes software developed by Adam Glass.

This product includes software developed by Christian E. Hopps.

This product includes software developed by Dean Huxley.

This product includes software developed by John Kohl.

This product includes software developed by Paul Kranenburg.

This product includes software developed by Terrence R. Lambert.

This product includes software developed by Philip A. Nelson.

This product includes software developed by Herb Peyerl.

This product includes software developed by Jochen Pohl for the NetBSD Project.

This product includes software developed by Chris Provenzano.

This product includes software developed by Theo de Raadt.

This product includes software developed by David Muir Sharnoff.

This product includes software developed by SigmaSoft, Th. Lockert.

This product includes software developed for the NetBSD Project by Jason R. Thorpe.

This product includes software developed by Jason R. Thorpe for And Communications, http://www.and.com.

This product includes software developed for the NetBSD Project by Frank Van der Linden.

This product includes software developed for the NetBSD Project by John M. Vinopal.

This product includes software developed by Christos Zoulas.

This product includes software developed by the University of Vermont and State Agricultural College and

Garrett A. Wollman.

This product includes software developed by Balazs Scheidler ([email protected]), which is protected under the GNU Public License.

This product includes software developed by Niels Mueller ([email protected]), which is protected under the GNU Public License.

Acknowledgments

In the following statement, This software refers to the Mitsumi CD-ROM driver: This software was developed by Holger Veit and Brian Moore for use with 386BSD and similar operating systems. Similar operating

systems includes mainly non-profit oriented systems for research and education, including but not restricted to NetBSD, FreeBSD, Mach (by CMU).

This product includes software developed by the Apache Group for use in the Apache HTTP server project

(http://www.apache.org/).

This product includes software licensed from Richard H. Porter under the GNU Library General Public

License (

©

1998, Red Hat Software), www.gnu.org/copyleft/lgpl.html.

This product includes the standard version of Perl software licensed under the Perl Artistic License (

©

1997,

1998 Tom Christiansen and Nathan Torkington). All rights reserved. You may find the most current standard version of Perl at http://www.perl.com.

This product includes software developed by Jared Minch.

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit

(http://www.openssl.org/).

This product includes cryptographic software written by Eric Young ([email protected]).

This product contains software based on oprofile, which is protected under the GNU Public License.

This product includes RRDtool software developed by Tobi Oetiker (http://www.rrdtool.com/index.html) and licensed under the GNU General Public License.

This product contains software licensed from Dr. Brian Gladman under the GNU General Public License

(GPL).

This product includes software developed by the Apache Software Foundation (http://www.apache.org/).

This product includes Hypersonic SQL.

This product contains software developed by the Regents of the University of California, Sun Microsystems,

Inc., Scriptics Corporation, and others.

This product includes software developed by the Internet Software Consortium.

This product includes software developed by Nominum, Inc. (http://www.nominum.com).

This product contains software developed by Broadcom Corporation, which is protected under the GNU

Public License.

This product contains software developed by MaxMind LLC, and is protected under the GNU Lesser General

Public License, as published by the Free Software Foundation.

This product includes Intel QuickAssist kernel module, library, and headers software licensed under the

GNU General Public License (GPL).

This product includes software licensed from Gerald Combs ([email protected]) under the GNU General

Public License as published by the Free Software Foundation; either version 2 of the License, or any later version. Copyright

©

1998 Gerald Combs.

This product includes software developed by Thomas Williams and Colin Kelley. Copyright

©

1986 - 1993,

1998, 2004, 2007

Permission to use, copy, and distribute this software and its documentation for any purpose with or without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation. Permission to modify the software is granted, but not the right to distribute the complete modified source code. Modifications are to be distributed as patches to the released version. Permission to distribute binaries produced by compiling modified sources is granted, provided you

1.

distribute the corresponding source modifications from the released version in the form of a patch file along with the binaries,

10

vCMP

®

Systems: Configuration

2.

add special version identification to distinguish your version in addition to the base release version number,

3.

provide your name and address as the primary contact for the support of your modified version, and

4.

retain our contact information in regard to use of the base software.

Permission to distribute the released version of the source code along with corresponding source modifications in the form of a patch file is granted with same provisions 2 through 4 for binary distributions. This software is provided "as is" without express or implied warranty to the extent permitted by applicable law.

This product contains software developed by Google, Inc. Copyright

©

2011 Google, Inc.

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN

THE SOFTWARE.

11

Chapter

1

vCMP Overview

vCMP overview

vCMP components

BIG-IP license considerations for vCMP

vCMP provisioning overview

vCMP best practices

vCMP Overview

vCMP overview

Virtual Clustered Multiprocessing (vCMP) is a feature of the BIG-IP

® system that allows you to run multiple instances of the BIG-IP software on a single hardware platform. vCMP

® allocates a specific share of the hardware resources to each BIG-IP instance, or vCMP guest. Each guest you create behaves as a separate

BIG-IP device, having its own CPU, memory, and disk space. Each guest also has its own configuration, log files, and kernel instance.

vCMP is built on F5 Networks' CMP

® technology. CMP works with cluster members. Cluster members are slots within a chassis. CMP allows cluster members to work together to form a coherent, distributed traffic-processing system to share traffic load. vCMP takes this one step further by allowing you to create and run virtualized BIG-IP modules, using a standards-based, purpose-built hypervisor.

Important: Before you license, provision, and configure the vCMP feature, verify that you have correctly configured the hardware platform. For more information, see the relevant platform guide and configuration guide on the F5 Networks AskF5

Knowledge Base web site, http://support.f5.com

.

Important: The vCMP feature runs on both chassis and appliance type platforms. Discussions in this guide that reference slots and blades are not applicable to appliances. In virtually all cases, appliance-based systems can be thought of as a device with a single slot.

vCMP components

A vCMP

® system includes these main components.

Term

BIG-IP cluster

Definition

A BIG-IP

®

cluster is the set of available slots (cluster members) on the chassis. You manage a BIG-IP cluster using the Clusters screens in the

BIG-IP Configuration utility.

Note: This term is not applicable for appliances.

Cluster IP address vCMP daemon vCMP guest

A cluster IP address is a management IP address that you assign to a cluster to access the system. On a vCMP system, there are multiple cluster IP addresses: one for the BIG-IP cluster (to access the vCMP host), and one for each virtual cluster (to access each guest).

Note: This term is not applicable for appliances.

This daemon, named vcmpd

, performs most of the work to create and manage guests, as well as to configure the virtual network.

A vCMP guest is an object that you create on the vCMP system for the purpose of running one or more BIG-IP

® modules. A guest consists of a

TMOS

® instance, plus one or more BIG-IP modules. Each guest has its own share of hardware resources that the vCMP host allocates to it, effectively making each guest function like a separate BIG-IP device.

14

vCMP

®

Systems: Configuration

Term

vCMP host

Virtual cluster

Definition

The vCMP host is the system-wide hypervisor that makes it possible for you to create, view, and manage all guests on the system. A vCMP host allocates system resources to guests as needed.

A virtual cluster is similar to a normal cluster on a chassis, except that unlike a normal cluster, a separate virtual cluster exists for each guest on the system.

A virtual cluster contains only the portions of the slots that pertain to an individual guest. For example, if a guest spans two slots, then the two slot portions for the guest represent a virtual cluster. There is a one-to-one correlation of a virtual cluster to a guest.

Note: This term is not applicable for appliances.

Virtual disk A virtual disk is the portion of disk space on a slot that the system has allocated to a guest. For example, if a guest spans three slots, the system creates three virtual disks for that guest. Each virtual disk is implemented as an image file with an

.img

extension, such as guest_A.img.

Note: Appliance devices have just one slot.

Virtual management network The virtual management network contains the components necessary to connect a guest to the management network of the vCMP host.

VM A Virtual machine is the portion of a guest that resides on a slot. For example, a guest that spans four slots comprises four VMs.

Note: Appliance devices have just one slot.

BIG-IP license considerations for vCMP

The BIG-IP

® system license authorizes you to provision and run the vCMP

® feature. Note the following considerations:

• Each guest inherits the license of the vCMP host.

• The license must include all BIG-IP modules that are to be provisioned within the guest. Examples of

BIG-IP modules are BIG-IP Local Traffic Manager

™ and BIG-IP

®

Global Traffic Manager

.

• The license specifies the maximum number of vCMP guests that you can deploy simultaneously.

You activate the BIG-IP system license when you initially set up the system.

vCMP provisioning overview

The BIG-IP

® system allocates a portion of its resources to running vCMP

®

. The system also allocates various system resources to each vCMP guest that you create. You enable this allocation through various types of provisioning:

• First, you provision the BIG-IP system for vCMP, by logging into the system and using the Resource

Provisioning screens within the BIG-IP Configuration utility. When you do this, the BIG-IP system

15

vCMP Overview

dedicates almost all of the disk space to running the vCMP feature. (The reserved disk space protects against any possible resizing of the file system.)

• After creating a guest, you set the State of the guest to Provisioned, which installs the guest on the host and causes the BIG-IP system to allocate the necessary system resources (such as CPU cores and virtual disks) to the guest. Each guest takes you about 5 minutes to set up.

• Finally, after you deploy the guest, you provision specific BIG-IP modules within each guest, by logging into each guest and using the Resource Provisioning screens within the BIG-IP Configuration utility.

In this way, each guest can run a different combination of modules. For example, one guest can run

BIG-IP

®

LTM

® only, while a second guest can run LTM

® and BIG-IP ASM

.

vCMP best practices

F5 Networks has the following recommendations for managing a vCMP

® system.

Category

Guest configuration

Recommendation

If you need to move a guest's configuration to another slot, copy the guest configuration and then de-allocate all virtual resources (virtual disk, CPU cores, and so on) from the guest.

Note: Guest migration is not applicable for appliance devices.

Licensing

Local traffic configuration

Network setup

Self IP address configuration vCMP provisioning

Virtual disk management

Before upgrading a guest to a newer version of BIG-IP

® software later, you might need to coordinate with the vCMP host administrator to renew the license key.

When you are logged in to the vCMP host, do not configure local traffic features

(virtual servers, pools, profiles, and so on). To configure local traffic features, you must be logged in to a guest using the guest's management IP address, and the BIG-IP LTM

® module must be provisioned.

When initially setting up the BIG-IP system, physically wire each slot's management interface to an external bridge. Access to the vCMP host would otherwise be impossible, because vCMP guests can be deployed on any slot in the chassis, and the primary member for a guest's virtual cluster can migrate.

When you follow this recommendation, you do not need to re-configure the vCMP host or any external networks when the primary member of a virtual cluster changes.

Configure self IP addresses on the vCMP guests. Because a vCMP guest acts as a fully functional BIG-IP system, configure self IP addresses on each vCMP guest just as you would on a physical BIG-IP system. You can also configure self IP addresses on the vCMP host to facilitate basic network connectivity tests.

However, these self IP addresses are not visible to vCMP guests.

When you provision the vCMP feature, the BIG-IP

® system allocates most, but not all, of the disk space to the vCMP application volume. The system reserves disk space for other uses.

When a virtual disk becomes unattached from a guest, that virtual disk remains on the system. To prevent unattached virtual disks from consuming disk space over time, consider deleting unwanted virtual disks from the system.

Important: Before deciding to delete a virtual disk, make certain that there is no potential use for it. Configuration objects for guests that require that virtual disk for re-creation, will no longer be available.

16

vCMP

®

Systems: Configuration

Category

VLAN configuration

Recommendation

Configure VLANs on the vCMP host instead of on the guest, because VLANs specified in the guest are not accessible on the vCMP host.

17

Chapter

2

Initial vCMP Setup

Overview: Initial vCMP setup

Overview: Verifying initial vCMP configuration

Initial vCMP Setup

Overview: Initial vCMP setup

Virtual Clustered Multi-Processing (vCMP) is a feature of the BIG-IP

® you to run multiple instances of the BIG-IP

® system that makes it possible for software on a single hardware platform.

Using the following implementation, you can create one guest on a vCMP

® guest, configure the basic Local Traffic Manager

™ system, and then, within the objects for processing HTTP application traffic: a pool, an HTTP profile, and a standard virtual server. A vCMP guest is a virtual BIG-IP device.

Task summary

Activating the BIG-IP license for a vCMP VIPRION

Configuring the management port and administrative user accounts

Provisioning the BIG-IP system for vCMP

Accessing the vCMP host

Creating trunks

Creating VLANs

Creating a vCMP guest

Setting a vCMP guest to the Deployed state

Provisioning a BIG-IP module within a guest

Creating a self IP for a VLAN

vCMP deployment worksheet

There are a number of points during the vCMP

® deployment process at which you will need to make decisions or provide values. Use this table as a prompt for gathering the answers and values you will need, so that you can provide them when performing the vCMP initial setup.

Considerations Configuration component

Active slots

CPU core requirements

External gateway address

FQDN

Guest mode

IP address range

Link aggregation control protocol

Network mask

Cluster primary IP address

User role

How many blades are installed (and in which slots)?

How many CPU cores do you want to allocate to each guest?

What is the gateway address (next hop) for external traffic?

What is the fully-qualified domain name (FQDN) for your BIG-IP

Should your guests be in bridged or isolated mode?

® system?

What is the IP address range that is valid for the vCMP guests you create?

Do your trunks require LACP mode?

What is the network mask for the guest IP?

What is the cluster primary IP address? The management IP address assigned to the chassis' primary cluster during chassis installation is used to access the vCMP host.

Do you have a user role of Administrator? You need to have a user role of

Administrator to perform the tasks in this process.

20

vCMP

®

Systems: Configuration

Activating the BIG-IP license for a vCMP VIPRION

To activate the vCMP

® license, you need access to a browser and the base registration key. The base

registration key is a character string that the license server uses to verify the type and number of F5 Networks products that you are entitled to license. If you do not have a base registration key, contact the F5 Networks sales group ( http://www.f5.com)

.

You license vCMP from the License screen of the Setup Utility.

1.

From a workstation attached to the network on which you configured the management interface, type the following URL syntax where

<management_IP_address> is the address you configured for device management: https://<management_IP_address>

2.

At the prompts, type the user name admin and the password admin

.

3.

Click Log in.

The Setup Utility screen opens.

4.

Click Activate.

The License screen opens.

5.

In the Base Registration Key field, paste your base registration key.

6.

Click Next.

The End User License Agreement (EULA) displays.

7.

Review the EULA.

When you click Accept, the Platform screen opens.

Configuring the management port and administrative user accounts

Configure the management port, time zone, and the administrative user names and passwords.

1.

On the screen for configuring general properties, for the Management Port Configuration setting, select Manual and specify the IP address, network mask, and default gateway.

2.

In the Host Name field, type a fully-qualified domain name (FQDN) for the system.

The FQDN can consist of letters, numbers, and/or the characters underscore ( _ ), dash ( - ), or period (

. ).

3.

For the Host IP Address setting, retain the default value Use Management Port IP Address.

4.

From the Time Zone list, select a time zone.

The time zone you select typically reflects the location of the F5

® system.

5.

For the Root Account setting, type and confirm a password for the root account.

The root account provides console access only.

6.

For the Admin Account setting, type and confirm a password.

Typing a password for the admin account causes the system to terminate the login session. When this happens, log in to the F5 Configuration utility again, using the new password. The system returns to the appropriate screen in the Setup utility.

7.

For the SSH Access setting, select or clear the check box.

8.

Click Next.

9.

In the Standard Network Configuration area of the screen, click Next.

This displays the screen for enabling configuration synchronization and high availability.

21

Initial vCMP Setup

Overview: Initial vCMP setup

Activating the BIG-IP license for a vCMP VIPRION

Provisioning the BIG-IP system for vCMP

Provisioning the BIG-IP system for vCMP

You must activate the license and provision the vCMP

® feature before you can create any vCMP guests.

1.

On the Main tab, click System > Resource Provisioning.

2.

From the vCMP list, select Dedicated.

Because you are setting up the vCMP host, not the guests, verify that all other modules are set to None.

The vCMP feature must be run as a dedicated application. You license and provision the BIG-IP

® modules on the vCMP guests once you create them.

3.

Click Update.

TMOS

® now functions as the hypervisor for the vCMP system.

Accessing the vCMP host

Before you can access the vCMP

® host, configure the VIPRION

® chassis or appliance, including the management IP address. Also, you must have the Administrator user role assigned to your user account.

Perform this task to access the vCMP host after you have created and configured the VIPRION chassis or appliance.

Important: After you access the vCMP host, you do not create self IP addresses on the vCMP host. While self IP addresses on hypervisors are completely functional for basic traffic like ICMP (ping) and verifying that the host self IP addresses work correctly is an integral part of testing and hypervisor traffic switch verification, these self IP addresses are not visible nor useful from a guest perspective. You create self IP addresses that process guest traffic from the individual guests, because otherwise the guests could not "see" or make use of them.

1.

From a system on the external network, display a browser window.

2.

In the URL field, type the management IP address that you previously assigned to the chassis, as follows: https://<ip_address>

The browser displays the login screen for the BIG-IP

®

Configuration utility.

Creating trunks

To configure trunks for the VIPRION

® chassis or appliance, the four external interfaces must be cabled to your Internet gateway, external bridge, or vendor switch.

The first objects you configure are trunks that tie the internal and external vendor switch interfaces to the corresponding VIPRION chassis or appliance interfaces.

1.

Use a browser to log in to the management IP address of the VIPRION

®

This logs you in to the vCMP

® host.

chassis or appliance.

2.

On the peer (vendor) switch on the external network, create a trunk that includes the four external interfaces to which you have physically connected the external interfaces of the four blades.

22

vCMP

®

Systems: Configuration

If the peer switch is configured to use Link Aggregation Control Protocol (LACP), you must enable

LACP.

3.

Create a trunk, and if the peer switch is configured to use LACP, enable LACP on the new trunk: a) On the Main tab, expand Network, and click Trunks.

The Trunks screen opens.

b) At the upper right corner of the screen, click Create.

The New Trunk screen opens.

c) Assign the name trunk_ext

, and assign an external interface of blade 1 to the trunk.

d) Enable LACP mode, if required.

e) Click Finished.

4.

Repeat the previous step, but this time, configure a trunk that ties the vendor switch internal interface to the VIPRION internal interface. Assign the name trunk_int.

Creating VLANs

You create VLANs and associate them with interfaces or trunks so that traffic will route to pool members in that VLAN's network space.

1.

Use a browser to log in to the management IP address of the VIPRION

®

This logs you in to the vCMP

® host.

chassis or appliance.

2.

On the Main tab, expand Network, and click VLANs.

The VLANs screen opens.

3.

Click Create.

The New VLAN screen opens.

4.

Configure a VLAN named external

, and assign it to the trunk named trunk_ex as an untagged interface.

5.

Click Finished.

6.

Repeat steps 3 through 5, but this time, configure a VLAN named internal

, and assign it to the trunk named trunk_int

.

7.

Repeat steps 3 through 5 one more time, but this time, configure a VLAN named

HA

, assign it to the trunk named trunk_int as a tagged interface.

Creating a vCMP guest

To create a vCMP

® guest, you need a VIPRION

® chassis or appliance configured with a management IP address, some base network objects such as trunks and VLANs, and you must license and provision the system to run the vCMP feature.

You create a vCMP guest when you want to configure and run one or more BIG-IP

® modules as though the modules were running together on their own BIG-IP device. For example, you can create a guest that runs

BIG-IP

®

Local Traffic Manager

™ and BIG-IP

®

Global Traffic Manager

. You specify on which slots the guest runs and how many cores you want for each guest.

Note: This procedure creates a guest in Bridged mode.

23

Initial vCMP Setup

Note: When creating a guest, if you see an error message such as Insufficient disk space on

/shared/vmdisks. Need 24354M additional space.

, you must delete existing unattached virtual disks until you have freed up that amount of disk space.

1.

Use a browser to log in to the management IP address of the VIPRION

®

This logs you in to the vCMP

® host.

chassis or appliance.

2.

On the Main tab, click vCMP > Guest List.

3.

Click Create.

4.

From the Properties list, select Advanced.

5.

In the Name field, type a name for the guest.

6.

In the Host Name field, type the host name of the BIG-IP system.

Assign a fully-qualified domain name (FQDN). If you assign a name that is not an FQDN, the system might display an error message. If you leave this field blank, the system assigns the name localhost.localdomain

.

7.

From the Cores Per Slots list, select the number of cores you want allocated to this guest.

Tip: The number of cores allocated to a guest determines the system resources for this guest. The number you can select depends on the type of hardware you have.

Important: For appliance devices, the next three steps do not apply; the corresponding user interface controls appear only on chassis devices. For appliance devices, skip to configuring the Management

Network.

8.

From the Number of Slots list, select the maximum number of chassis slots on which you want your guest to reside.

This specifies the maximum number of slots that your guest can consume on the chassis. Note that once you configure the number of slots your guest spans, you can change this value later to suit your needs.

9.

From the Minimum Number of Slots list, select the minimum number of chassis slots that must be available for this guest to deploy.

Important: The minimum number of slots you specify must not exceed the maximum number of slots you specified.

Important: If you are creating a guest that will deploy on a B4300 blade and you plan to provision that guest with the AM module, specify a minimum of 4 cores for this guest.

10.

From the Allowed Slots List select the specific slots on which you want your guest to reside by moving the slot number to the Selected field using the Move button.

Important: If you want to allow the guest to deploy onto any slots in the chassis, add them all. Bear in mind that the number of slots in the Allowed Slots list must equal or exceed the number specified in the

Minimum Number of Slots list.

11.

From the Management Network list, select Bridged.

12.

For the IP Address setting, fill in the required information: a) In the IP Address field, type a unique management IP address that you want to assign to the guest.

You use this IP address to access the guest when you want to manage a module running within the guest.

b) In the Network Mask field, type the network mask for the management IP address.

24

vCMP

®

Systems: Configuration

c) In the Management Route field, type a gateway address for the management IP address.

13.

From the Initial Image list, select an ISO image file for installing TMOS

® software onto the guest's virtual disk.

14.

In the Virtual Disk list, retain the default value of None.

The BIG-IP system creates a virtual disk with a default name (the guest name plus the string

.img

, such as guestA.img

). Note that if an unattached virtual disk file with that default name already exists, the system displays a message, and you must manually attach the virtual disk. You can do this using the tmsh command line interface, or use the Configuration utility to view and select from a list of available unattached virtual disks.

15.

For the VLAN List setting, select both an internal and an external VLAN name from the Available list, and use the Move button to move the VLAN names to the Selected list.

16.

From the Requested State list, select Provisioned.

This allocates all necessary resources to the guest, such as CPU cores, virtual disk, and so on.

17.

Click Finish.

After clicking Finished, wait while the system installs the selected ISO image onto the guest's virtual disk.

When this process is complete, you can deploy the guest.

Note: You can also skip the Provisioned state and instead go straight to the Deployed state if you are confident of your guest configuration. Provisioning first and then deploying makes it more straightforward to make changes to the slots to which your guests are allocated if you find you need to make changes.

Setting a vCMP guest to the Deployed state

Until you deploy a vCMP

® guest, your vCMP host has no medium for provisioning and running the BIG-IP

® modules that you can use to process traffic.

1.

Ensure that you are still logged in to the vCMP host using the management IP address.

2.

On the Main tab, click vCMP > Guest List.

3.

In the Name column, click the name of the vCMP guest that you want to deploy.

4.

From the Requested State list, select either Provisioned or Deployed.

5.

Click Update.

Important: Depending on the extent of the changes made to the vCMP guest, the guest may reboot.

After moving a vCMP guest to the Deployed state, wait while the guest boots and becomes accessible. Then, you can log into the vCMP guest to provision specific BIG-IP modules.

Provisioning a BIG-IP module within a guest

Before you can access a guest to provision BIG-IP

® modules, the vCMP

® state.

guest must be in the Deployed

You determine which BIG-IP modules run within a guest by provisioning the modules. For example, if you want guestA to run LTM

® and GTM

, log into guestA and provision it with LTM and GTM. If you want guestB to run LTM and ASM

, log into guestB and provision it with BIG-IP LTM and BIG-IP ASM.

Bear in mind that guests inherit the licenses of the vCMP host on which they were created, so any BIG-IP

25

Initial vCMP Setup

modules that you want to provision on a guest must be included in the license you installed with the vCMP host.

Note: This procedure applies to guests in Bridged mode only. Guests in isolated mode can be accessed only using vconsole and tmsh

.

1.

Use a browser and the management IP address that you configured for the guest to log in to the guest.

If the system prompts you to run the Setup Utility, do not. Instead, complete this task to produce an initial configuration better suited for a vCMP guest.

The BIG-IP Configuration utility opens so that you can configure the guest.

2.

On the Main tab, click System > Resource Provisioning.

3.

In the Resource Provisioning (Licensed Modules) area, from the Local Traffic (LTM) list, select

Minimal, Nominal, or Dedicated, depending on your needs.

4.

Click Update.

Important: Depending on the extent of the changes made to the vCMP guest, the guest may reboot.

After provisioning the module from within the guest, create self IP addresses and assign a vCMP host VLAN to each one. The vCMP host VLANs that you assign to these self IP addresses are the VLANs you created before creating the guest.

Creating a self IP for a VLAN

Ensure that you have at least one VLAN or VLAN group configured before you create a self IP address.

Self IP addresses enable the BIG-IP

® system, and other devices on the network, to route application traffic through the associated VLAN or VLAN group.

1.

On the Main tab, click Network > Self IPs.

The Self IPs screen opens.

2.

Click Create.

The New Self IP screen opens.

3.

In the Name field, type a unique name for the self IP.

4.

In the IP Address field, type an IPv4 or IPv6 address.

This IP address should represent the address space of the VLAN that you specify with the VLAN/Tunnel setting.

5.

In the Netmask field, type the network mask for the specified IP address.

6.

From the VLAN/Tunnel list, select the VLAN to associate with this self IP address.

• On the internal network, select the VLAN that is associated with an internal interface or trunk.

• On the external network, select the VLAN that is associated with an external interface or trunk.

7.

From the Port Lockdown list, select Allow Default.

8.

Click Finished.

The screen refreshes, and displays the new self IP address in the list.

The BIG-IP system can send and receive traffic through the specified VLAN or VLAN group.

26

vCMP

®

Systems: Configuration

Overview: Verifying initial vCMP configuration

Verifying your vCMP configuration confirms that the setup performed up to this point is functioning properly. Once you establish that the vCMP

® configuration is correct, you will likely need to create a profile, pools, and virtual server that are tailored to your network topology before your guest can begin processing

LTM

® traffic.

Task summary

Creating a pool to process HTTP traffic

Creating a virtual server to manage HTTP traffic

Creating a pool to process HTTP traffic

You can create a pool of web servers to process HTTP requests.

1.

On the Main tab, click Local Traffic > Pools.

The Pool List screen opens.

2.

Click Create.

The New Pool screen opens.

3.

In the Name field, type a unique name for the pool.

4.

For the Health Monitors setting, from the Available list, select the http monitor, and click << to move the monitor to the Active list.

5.

From the Load Balancing Method list, select how the system distributes traffic to members of this pool.

The default is Round Robin.

6.

For the Priority Group Activation setting, specify how to handle priority groups:

• Select Disabled to disable priority groups. This is the default option.

• Select Less than, and in the Available Members field type the minimum number of members that must remain available in each priority group in order for traffic to remain confined to that group.

7.

Using the New Members setting, add each resource that you want to include in the pool: a) Type an IP address in the Address field.

b) Type

80 in the Service Port field, or select HTTP from the list.

c) (Optional) Type a priority number in the Priority field.

d) Click Add.

8.

Click Finished.

The new pool appears in the Pools list.

Creating a virtual server to manage HTTP traffic

You can create a virtual server to manage HTTP traffic as either a host virtual server or a network virtual server.

1.

On the Main tab, click Local Traffic > Virtual Servers.

27

Initial vCMP Setup

The Virtual Server List screen opens.

2.

Click the Create button.

The New Virtual Server screen opens.

3.

In the Name field, type a unique name for the virtual server.

4.

For the Destination setting, in the Address field, type the IP address you want to use for the virtual server.

The IP address you type must be available and not in the loopback network.

5.

In the Service Port field, type

80

, or select HTTP from the list.

6.

From the HTTP Profile list, select http.

7.

In the Resources area of the screen, from the Default Pool list, select a pool name.

8.

Click Finished.

The HTTP virtual server appears in the list of existing virtual servers on the Virtual Server List screen.

28

Chapter

3

Create an Active-Standby Configuration

Overview: Creating an active-standby DSC configuration

DSC prerequisite worksheet

Task summary

Implementation result

Create an Active-Standby Configuration

Overview: Creating an active-standby DSC configuration

The most common TMOS

® device service clustering (DSC

) implementation is an active-standby configuration, where a single traffic group is active on one of the devices in the device group and is in a standby state on a peer device. If failover occurs, the standby traffic group on the peer device becomes active and begins processing the application traffic.

To implement this DSC implementation, you can create a Sync-Failover device group. A Sync-Failover device group with two or more members and one traffic group provides configuration synchronization and device failover, and optionally, connection mirroring.

If the device with the active traffic group goes offline, the traffic group becomes active on a peer device, and application processing is handled by that device.

Figure 1: A two-member Sync-Failover device group for an active-standby configuration

About DSC configuration on a VIPRION system

The way you configure device service clustering (DSC

) (also known as redundancy) on a VIPRION

® system varies depending on whether the system is provisioned to run the vCMP

® feature.

For non-vCMP systems

For a device group that consists of VIPRION systems that are not licensed and provisioned for vCMP, each

VIPRION cluster constitutes an individual device group member. The following table describes the IP addresses that you must specify when configuring redundancy.

Table 1: Required IP addresses for DSC configuration on a non-vCMP system

Feature

Device trust

ConfigSync

Failover

IP addresses required

The primary floating management IP address for the VIPRION cluster.

The unicast non-floating self IP address assigned to VLAN internal

.

• Recommended: The unicast non-floating self IP address that you assigned to an internal VLAN (preferably VLAN

HA

), as well as a multicast address.

• Alternative: All unicast management IP addresses that correspond to the slots in the VIPRION cluster.

30

vCMP

®

Systems: Configuration

Feature

Connection mirroring

IP addresses required

For the primary address, the non-floating self IP address that you assigned to

VLAN

HA

. The secondary address is not required, but you can specify any non-floating self IP address for an internal VLAN..

For vCMP systems

On a vCMP system, the devices in a device group are virtual devices, known as vCMP guests. You configure device trust, config sync, failover, and mirroring to occur between equivalent vCMP guests in separate chassis.

For example, if you have a pair of VIPRION systems running vCMP, and each system has three vCMP guests, you can create a separate device group for each pair of equivalent guests. Table 4.2 shows an example.

Table 2: Sample device groups for two VIPRION systems with vCMP

Device groups for vCMP Device group members

Device-Group-A

Guest1 on chassis1

Guest1 on chassis2

Device-Group-B

Guest2 on chassis1

Guest2 on chassis2

Device-Group-C

Guest3 on chassis1

Guest3 on chassis2

By isolating guests into separate device groups, you ensure that each guest synchronizes and fails over to its equivalent guest. The following table describes the IP addresses that you must specify when configuring redundancy:

Table 3: Required IP addresses for DSC configuration on a VIPRION system with vCMP

Feature

Device trust

ConfigSync

Failover

IP addresses required

The cluster management IP address of the guest.

The non-floating self IP address on the guest that is associated with VLAN internal on the host.

• Recommended: The unicast non-floating self IP address on the guest that is associated with an internal VLAN on the host (preferably VLAN

HA

), as well as a multicast address.

• Alternative: The unicast management IP addresses for all slots configured for the guest.

Connection mirroring For the primary address, the non-floating self IP address on the guest that is associated with VLAN internal on the host. The secondary address is not required, but you can specify any non-floating self IP address on the guest that is associated with an internal VLAN on the host.

31

Create an Active-Standby Configuration

DSC prerequisite worksheet

Before you set up device service clustering (DSC

), you must configure these BIG-IP

® components on each device that you intend to include in the device group.

Table 4: DSC deployment worksheet

Configuration component

Considerations

Hardware, licensing, and provisioning

Devices in a device group must match as closely as possible with respect to product licensing and module provisioning. Heterogeneous hardware platforms within a device group are supported.

BIG-IP software version

Management IP addresses

FQDN

Each device must be running BIG-IP version 11.x. This ensures successful configuration synchronization.

Each device must have a management IP address, a network mask, and a management route defined.

Each device must have a fully-qualified domain name (FQDN) as its host name.

User name and password root folder properties

VLANs

Each device must have a user name and password defined on it that you will use when logging in to the BIG-IP Configuration utility.

The platform properties for the and traffic-group-1

).

root folder must be set correctly (

• A VLAN for the internal network, named internal

• A VLAN for the external network, named external

• A VLAN for failover communications, named

HA

Sync-Failover

You must create these VLANs on each device, if you have not already done so:

Self IP addresses You must create these self IP addresses on each device, if you have not already done so:

• Two self IP addresses (floating and non-floating) on the same subnet for VLAN internal

.

• Two self IP addresses (floating and non-floating) on the same subnet for VLAN external

.

• A non-floating self IP address on the internal subnet for VLAN

HA

.

Note: When you create floating self IP addresses, the BIG-IP system automatically adds them to the default floating traffic group, traffic-group-1

. To add a self

IP address to a different traffic group, you must modify the value of the self IP address Traffic Group property.

Port lockdown

Important: If the BIG-IP device you are configuring is accessed using Amazon

Web Services, then the IP address you specify must be the floating IP address for high availability fast failover that you configured for the EC2 instance.

For self IP addresses that you create on each device, you should verify that the Port

Lockdown setting is set to Allow All, All Default, or Allow Custom. Do not specify None.

32

vCMP

®

Systems: Configuration

Configuration component

Application-related objects

Considerations

Time synchronization The times set by the NTP service on all devices must be synchronized. This is a requirement for configuration synchronization to operate successfully.

Device certificates

You must create any virtual IP addresses and optionally, SNAT translation addresses, as part of the local traffic configuration. You must also configure any iApps

™ application services if they are required for your application. When you create these addresses or services, the objects automatically become members of the default traffic group, traffic-group-1

.

Verify that each device includes an x509 device certificate. Devices with device certificates can authenticate and therefore trust one another, which is a prerequisite for device-to-device communication and data exchange.

Task summary

Use the tasks in this implementation to create a two-member device group, with one active traffic group, that syncs the BIG-IP

® configuration to the peer device and provides failover capability if the peer device goes offline. Note that on a vCMP

® system, the devices in a specific device group are vCMP guests, one per chassis.

Important: When you use this implementation, F5 Networks recommends that you synchronize the BIG-IP configuration twice, once after you create the device group, and again after you specify the IP addresses for failover.

Task list

Specifying an IP address for config sync

Specifying an IP address for connection mirroring

Specifying the HA capacity of a device

Establishing device trust

Creating a Sync-Failover device group

Syncing the BIG-IP configuration to the device group

Specifying IP addresses for failover communication

Syncing the BIG-IP configuration to the device group

Specifying an IP address for config sync

Before configuring the config sync address, verify that all devices in the device group are running the same version of BIG-IP

® system software.

You perform this task to specify the IP address on the local device that other devices in the device group will use to synchronize their configuration objects to the local device.

Note: You must perform this task locally on each device in the device group.

1.

Confirm that you are logged in to the actual device you want to configure.

2.

On the Main tab, click Device Management > Devices.

This displays a list of device objects discovered by the local device.

33

Create an Active-Standby Configuration

3.

In the Name column, click the name of the device to which you are currently logged in.

4.

From the Device Connectivity menu, choose ConfigSync.

5.

For the Local Address setting, retain the displayed IP address or select another address from the list.

F5 Networks recommends that you use the default value, which is the self IP address for VLAN internal

. This address must be a non-floating self IP address and not a management IP address.

Important: If the BIG-IP device you are configuring is accessed using Amazon Web Services, then the internal self IP address that you specify must be the internal private IP addresses that you configured for this EC2 instance as the Local Address.

6.

Click Update.

After performing this task, the other devices in the device group can sync their configurations to the local device.

Specifying an IP address for connection mirroring

You can specify the local self IP address that you want other devices in a device group to use when mirroring their connections to this device. Connection mirroring ensures that in-process connections for an active traffic group are not dropped when failover occurs. You typically perform this task when you initially set up device service clustering (DSC

®

).

Note: You must perform this task locally on each device in the device group.

1.

Confirm that you are logged in to the actual device you want to configure.

2.

On the Main tab, click Device Management > Devices.

This displays a list of device objects discovered by the local device.

3.

In the Name column, click the name of the device to which you are currently logged in.

4.

From the Device Connectivity menu, choose Mirroring.

5.

For the Primary Local Mirror Address setting, retain the displayed IP address or select another address from the list.

The recommended IP address is the self IP address for either VLAN

HA or VLAN internal

.

Important: If the BIG-IP device you are configuring is accessed using Amazon Web Services, then the self IP address you specify must be one of the private IP addresses that you configured for this EC2 instance as the Primary Local Mirror Address.

6.

For the Secondary Local Mirror Address setting, retain the default value of None, or select an address from the list.

This setting is optional. The system uses the selected IP address in the event that the primary mirroring address becomes unavailable.

7.

Click Update.

In addition to specifying an IP address for mirroring, you must also enable connection mirroring on the relevant virtual servers on this device.

34

vCMP

®

Systems: Configuration

Specifying the HA capacity of a device

Before you perform this task, verify that this device is a member of a device group and that the device group contains three or more devices.

You perform this task when you have more than one type of hardware platform in a device group and you want to configure load-aware failover. Load-aware failover ensures that the BIG-IP

® system can intelligently select the next-active device for each active traffic group in the device group when failover occurs. As part of configuring load-aware failover, you define an HA capacity to establish the amount of computing resource that the device provides relative to other devices in the device group.

Note: If all devices in the device group are the same hardware platform, you can skip this task.

1.

On the Main tab, click Device Management > Devices.

This displays a list of device objects discovered by the local device.

2.

In the Name column, click the name of the device for which you want to view properties.

This displays a table of properties for the device.

3.

In the HA Capacity field, type a relative numeric value.

You need to configure this setting only when you have varying types of hardware platforms in a device group and you want to configure load-aware failover. The value you specify represents the relative capacity of the device to process application traffic compared to the other devices in the device group.

Important: If you configure this setting, you must configure the setting on every device in the device group.

If this device has half the capacity of a second device and a third of the capacity of a third device in the device group, you can specify a value of

100 for this device,

200 for the second device, and

300 for the third device.

When choosing the next active device for a traffic group, the system considers the capacity that you specified for this device.

4.

Click Update.

After you perform this task, the BIG-IP system uses the HA Capacity value to calculate the current utilization of the local device, to determine the next-active device for failover of other traffic groups in the device group.

Establishing device trust

Before you begin this task, verify that:

• Each BIG-IP

® device that is to be part of the local trust domain has a device certificate installed on it.

• The local device is designated as a certificate signing authority.

You perform this task to establish trust among devices on one or more network segments. Devices that trust each other constitute the local trust domain. A device must be a member of the local trust domain prior to joining a device group.

By default, the BIG-IP software includes a local trust domain with one member, which is the local device.

You can choose any one of the BIG-IP devices slated for a device group and log into that device to add other devices to the local trust domain. For example, devices

A

,

B

, and

C each initially shows only itself as a member of the local trust domain. To configure the local trust domain to include all three devices, you can simply log into device

A and add devices

B and

C to the local trust domain. Note that there is no need to repeat this process on devices

B and

C

.

35

Create an Active-Standby Configuration

1.

On the Main tab, click Device Management > Device Trust, and then either Peer List or Subordinate

List.

2.

Click Add.

3.

Type a device IP address, administrator user name, and administrator password for the remote BIG-IP

® device with which you want to establish trust. The IP address you specify depends on the type of BIG-IP device:

• If the BIG-IP device is a non-VIPRION device, type the management IP address for the device.

• If the BIG-IP device is a VIPRION device that is not licensed and provisioned for vCMP, type the primary cluster management IP address for the cluster.

• If the BIG-IP device is a VIPRION device that is licensed and provisioned for vCMP, type the cluster management IP address for the guest.

• If the BIG-IP device is an Amazon Web Services EC2 device, type one of the Private IP addresses created for this EC2 instance.

4.

Click Retrieve Device Information.

5.

Verify that the certificate of the remote device is correct.

6.

Verify that the name of the remote device is correct.

7.

Verify that the management IP address and name of the remote device are correct.

8.

Click Finished.

The device you added is now a member of the local trust domain.

Repeat this task for each device that you want to add to the local trust domain.

Creating a Sync-Failover device group

This task establishes failover capability between two or more BIG-IP

® devices. If an active device in a

Sync-Failover device group becomes unavailable, the configuration objects fail over to another member of the device group and traffic processing is unaffected. You perform this task on any one of the authority devices within the local trust domain.

Repeat this task for each Sync-Failover device group that you want to create for your network configuration.

1.

On the Main tab, click Device Management > Device Groups.

2.

On the Device Groups list screen, click Create.

The New Device Group screen opens.

3.

Type a name for the device group, select the device group type Sync-Failover, and type a description for the device group.

4.

From the Configuration list, select Advanced.

5.

In the Configuration area of the screen, select a host name from the Available list for each BIG-IP device that you want to include in the device group, including the local device. Use the Move button to move the host name to the Includes list.

The Available list shows any devices that are members of the device's local trust domain but not currently members of a Sync-Failover device group. A device can be a member of one Sync-Failover group only.

6.

For the Network Failover setting, select or clear the check box:

• Select the check box if you want device group members to handle failover communications by way of network connectivity.

• Clear the check box if you want device group members to handle failover communications by way of serial cable (hard-wired) connectivity.

You must enable network failover for any device group that contains three or more members.

36

vCMP

®

Systems: Configuration

7.

For the Automatic Sync setting, select or clear the check box:

• Select the check box when you want the BIG-IP system to automatically sync the BIG-IP configuration data whenever a config sync operation is required. In this case, the BIG-IP system syncs the configuration data whenever the data changes on any device in the device group.

• Clear the check box when you want to manually initiate each config sync operation. In this case, F5 networks recommends that you perform a config sync operation whenever configuration data changes on one of the devices in the device group.

8.

For the Full Sync setting, select or clear the check box:

• Select the check box when you want all sync operations to be full syncs. In this case, the BIG-IP system syncs the entire set of BIG-IP configuration data whenever a config sync operation is required.

• Clear the check box when you want all sync operations to be incremental (the default setting). In this case, the BIG-IP system syncs only the changes that are more recent than those on the target device. When you select this option, the BIG-IP system compares the configuration data on each target device with the configuration data on the source device and then syncs the delta of each target-source pair.

If you enable incremental synchronization, the BIG-IP system might occasionally perform a full sync for internal reasons. This is a rare occurrence and no user intervention is required.

9.

In the Maximum Incremental Sync Size (KB) field, retain the default value of

1024

, or type a different value.

This value specifies the total size of configuration changes that can reside in the incremental sync cache.

If the total size of the configuration changes in the cache exceeds the specified value, the BIG-IP system performs a full sync whenever the next config sync operation occurs.

10.

Click Finished.

You now have a Sync-Failover type of device group containing BIG-IP devices as members.

Syncing the BIG-IP configuration to the device group

Before you sync the configuration, verify that the devices targeted for config sync are members of a device group and that device trust is established.

This task synchronizes the BIG-IP

® configuration data from the local device to the devices in the device group. This synchronization ensures that devices in the device group operate properly. When synchronizing self IP addresses, the BIG-IP system synchronizes floating self IP addresses only.

Important: You perform this task on either of the two devices, but not both.

1.

On the Main tab, click Device Management > Overview.

2.

In the Device Groups area of the screen, in the Name column, select the name of the relevant device group.

The screen expands to show a summary and details of the sync status of the selected device group, as well as a list of the individual devices within the device group.

3.

In the Devices area of the screen, in the Sync Status column, select the device that shows a sync status of

Changes Pending

.

4.

In the Sync Options area of the screen, select Sync Device to Group.

5.

Click Sync.

The BIG-IP system syncs the configuration data of the selected device in the Device area of the screen to the other members of the device group.

37

Create an Active-Standby Configuration

Except for non-floating self IP addresses, the entire set of BIG-IP configuration data is replicated on each device in the device group.

Specifying IP addresses for failover communication

You typically perform this task during initial Device Service Clustering (DSC

®

) configuration, to specify the local IP addresses that you want other devices in the device group to use for continuous health-assessment communication with the local device. You must perform this task locally on each device in the device group.

Note: The IP addresses that you specify must belong to route domain

0

.

1.

Confirm that you are logged in to the actual device you want to configure.

2.

On the Main tab, click Device Management > Devices.

This displays a list of device objects discovered by the local device.

3.

In the Name column, click the name of the device to which you are currently logged in.

4.

From the Device Connectivity menu, choose Failover.

5.

For the Failover Unicast Configuration settings, click Add for each IP address on this device that other devices in the device group can use to exchange failover messages with this device. The unicast IP addresses you specify depend on the type of device:

Platform Action

Non-VIPRION

Type a self IP address associated with an internal VLAN (preferably VLAN

HA

) and the management IP address for the device.

VIPRION without vCMP

VIPRION with vCMP

Type the self IP address for an internal VLAN (preferably VLAN then these management IP addresses are not required.

HA

) and the management IP addresses for all slots in the VIPRION cluster. Note that if you also configure a multicast address (using the Use Failover Multicast Address setting),

Type a self IP address that is defined on the guest and associated with an internal VLAN on the host (preferably VLAN

HA

). You must also specify the management IP addresses for all of the slots configured for the guest. Note that if you also configure a multicast address (using the Use Failover Multicast Address setting), then these management

IP addresses are not required.

6.

To enable the use of a failover multicast address on a VIPRION

® platform (recommended), then for the

Use Failover Multicast Address setting, select the Enabled check box.

7.

If you enabled Use Failover Multicast Address, either accept the default Address and Port values, or specify values appropriate for the device.

If you revise the default Address and Port values, but then decide to revert to the default values, click

Reset Defaults.

8.

Click Update.

After you perform this task, other devices in the device group can send failover messages to the local device using the specified IP addresses.

Syncing the BIG-IP configuration to the device group

Before you sync the configuration, verify that the devices targeted for config sync are members of a device group and that device trust is established.

38

vCMP

®

Systems: Configuration

This task synchronizes the BIG-IP

® configuration data from the local device to the devices in the device group. This synchronization ensures that devices in the device group operate properly. When synchronizing self IP addresses, the BIG-IP system synchronizes floating self IP addresses only.

Important: You perform this task on either of the two devices, but not both.

1.

On the Main tab, click Device Management > Overview.

2.

In the Device Groups area of the screen, in the Name column, select the name of the relevant device group.

The screen expands to show a summary and details of the sync status of the selected device group, as well as a list of the individual devices within the device group.

3.

In the Devices area of the screen, in the Sync Status column, select the device that shows a sync status of

Changes Pending

.

4.

In the Sync Options area of the screen, select Sync Device to Group.

5.

Click Sync.

The BIG-IP system syncs the configuration data of the selected device in the Device area of the screen to the other members of the device group.

Except for non-floating self IP addresses, the entire set of BIG-IP configuration data is replicated on each device in the device group.

Implementation result

You now have a Sync-Failover device group set up with an active-standby DSC

™ configuration. This configuration uses the default floating traffic group (named traffic-group-1

), which contains the application-specific floating self IP and virtual IP addresses, and is initially configured to be active on one of the two devices. If the device with the active traffic group goes offline, the traffic group becomes active on the other device in the group, and application processing continues.

39

Chapter

4

Understanding Clusters

Cluster overview

Viewing cluster properties

Viewing cluster member properties

Enabling and disabling cluster members

Changing a cluster-related management IP address

Understanding Clusters

Cluster overview

The slots in a VIPRION

® chassis work together as a single, powerful unit. This entity is called a cluster.

The size of the cluster depends on the number of running blades installed in the chassis. Blades in the cluster share the overall workload, and can be configured to mirror each others’ connections so that if a blade is taken out of service or becomes unavailable for some reason, any in-process connections remain intact.

Important: The discussion of clusters does not apply to appliances. F5 Networks clustering technology is implemented only on systems that use blades and slots.

When a blade is installed in a slot and turned on, it automatically becomes a member of the cluster.

One of the first tasks performed as part of the platform installation is to insert blades and assign a unique cluster IP address to the primary blade in the cluster. The cluster IP address is a floating management IP address used to access the primary blade to configure the system. If the primary blade becomes unavailable for any reason, the primary designation moves to a different blade, and the cluster IP address floats to that blade. This ensures that you can always access the cluster using the cluster IP address, even when the primary blade changes.

When you log in to the system using the cluster IP address, you can configure features such as trunks,

VLANs, administrative partitions, and virtual servers. If you have a redundant system configuration, you can configure failover IP addresses, as well as connection mirroring between clusters.

Viewing cluster properties

You can use the BIG-IP

®

Configuration utility to view the properties for the cluster.

1.

Use a browser to log in to the management IP address of the VIPRION

®

This logs you in to the vCMP

® host.

chassis or appliance.

2.

On the Main tab, click System > Clusters.

The Cluster screen opens, showing the properties of the cluster, and listing the cluster members.

Cluster properties

The Cluster screen displays the properties of the cluster.

Property

Name

Cluster IP Address

Network Mask

Primary Member

Software Version

Description

Displays the name of the cluster.

Displays the IP address assigned to the cluster. Click this IP address to change it.

Displays the network mask for the cluster IP address.

Displays the number of the slot that holds the primary blade in the cluster.

Displays the version number of the BIG-IP

® software that is running on the cluster.

42

Property

Software Build

Hotfix Build

Chassis 400-level BOM

Status

vCMP

®

Systems: Configuration

Description

Displays the build number of the BIG-IP software that is running on the cluster.

Displays the build number of any BIG-IP software hotfix that is running on the cluster.

Displays the bill-of-materials (BOM) number for the chassis.

Displays an icon and descriptive text that indicates whether there are sufficient available members of the cluster.

Viewing cluster member properties

You can use the BIG-IP

®

Configuration utility to view the properties for cluster members.

1.

Use a browser to log in to the management IP address of the VIPRION

®

This logs you in to the vCMP

® host.

chassis or appliance.

2.

On the Main tab, click System > Clusters.

The Cluster screen opens, showing the properties of the cluster, and listing the cluster members.

3.

To display the properties for one cluster member, click the slot number of that member.

The Cluster Member properties screen opens, showing the properties of that member.

Cluster member properties

In addition to displaying the properties of the cluster, the Cluster screen also lists information about members of the cluster. The table lists the information associated with each cluster member.

Property

Status

Slot

Blade serial number

Enabled

Primary

HA State

Description

The Status column indicates whether the cluster member is available or unavailable.

The Slot column indicates the number of the slot.

Click this number to display the properties of that cluster member.

The Blade Serial Number column displays the serial number for the blade currently in that slot.

The Enabled column indicates whether that cluster member is currently enabled.

The Primary column indicates whether that cluster member is currently the primary slot.

The HA State column indicates whether the cluster member is used in a redundant system configuration for high availability.

43

Understanding Clusters

Enabling and disabling cluster members

To gracefully drain the connections from a cluster member before you take that blade out of service, you can mark that cluster member disabled. Before you can return that member to service, you need to enable it.

Important: Perform this task while logged in to the vCMP

® host; not from a guest.

1.

Use a browser and the cluster management IP address of the vCMP

®

(hypervisor) and access the BIG-IP

®

Configuration utility.

host to log in to the vCMP host

2.

On the Main tab, click System > Clusters.

The Cluster screen opens, showing the properties of the cluster, and listing the cluster members.

3.

Locate the cluster member you want to enable or disable, and select the box to the left of the Status icon.

4.

Click Enable or Disable/Yield.

Changing a cluster-related management IP address

You can use the BIG-IP

®

Configuration utility to view or change the properties for a vCMP

® cluster.

Important: Perform this task while logged in to the vCMP host; not from a guest.

1.

Use a browser and the cluster management IP address of the vCMP

®

(hypervisor) and access the BIG-IP

®

Configuration utility.

host to log in to the vCMP host

2.

On the Main tab, click System > Clusters.

The Cluster screen opens, showing the properties of the cluster, and listing the cluster members.

3.

On the menu bar, click Management IP Address.

The Management IP Address screen opens.

4.

Locate the specific management IP address or cluster member IP address that you would like to change, and type the new IP address.

5.

Click Update.

The specific management IP address or cluster member IP address that you edited is changed. You can now use that new address to access the cluster.

Cluster-related IP addresses

The cluster-related addresses that you can modify are defined in the table.

Setting Type

Cluster IP address

Cluster IP address

Setting

IP Address

Network Mask

Description

Specifies the management IP address that you want to assign to the cluster. This IP address is used to access the Configuration utility, as well as to function as a cluster identifier for the peer cluster in a device service clustering configuration.

Specifies the network mask for the cluster IP address.

44

vCMP

®

Systems: Configuration

Setting Type

Cluster IP address

Cluster Member IP

Address

Cluster Member IP

Address

Cluster Member IP

Address

Cluster Member IP

Address

Setting Description

Management Route

Specifies the gateway for the cluster IP address.

Typically, this is the default route.

Slot 1 IP Address

Specifies the management IP address associated with slot 1 of the cluster. You can also set this value to None.

Slot 2 IP Address

Slot 3 IP Address

Slot 4 IP Address

Specifies the management IP address associated with slot 2 of the cluster. You can also set this value to None.

Specifies the management IP address associated with slot 3 of the cluster. You can also set this value to None.

Specifies the management IP address associated with slot 4 of the cluster. You can also set this value to None.

45

Chapter

5

Understanding vCMP Hosts

Overview: Managing vCMP hosts

Viewing host properties for slots

Understanding vCMP Hosts

Overview: Managing vCMP hosts

With vCMP

® initial setup successfully completed to process application traffic, you will likely want to manage the configuration of the vCMP host to optimize performance.

The vCMP host is the system-wide hypervisor that makes it possible for you to create, view, and manage all guests on the system. A vCMP host allocates system resources to guests as needed.

vCMP host configuration encompasses these activities:

• Viewing host properties

• Creating additional VLANs for guests if needed

• Adding additional vCMP guests

• Managing application volumes

Note: To manage a vCMP system, you must have the Administrator user role assigned to your user account.

Important: Do not configure BIG-IP

® module features (such as BIG-IP Local Traffic Manager

™ virtual servers, pools, and profiles) when logged in to the vCMP host. Use the vCMP host to create and manage vCMP guests and to perform Layer 2 network configuration only. Attempting to configure BIG-IP modules while logged in to the vCMP host produces unwanted results. Always log in to the relevant vCMP guest to configure the features of a BIG-IP module.

Viewing host properties for slots

You must have created at least one vCMP

® guest on the system to view host properties.

Use the BIG-IP

®

Configuration utility to view the host properties for all slots on the system or for a single slot. The host properties that you can view are:

• The state of each guest

• The slot numbers on which each guest runs

• The number of CPU cores allocated to each guest

1.

Use a browser to log in to the management IP address of the VIPRION

®

This logs you in to the vCMP

® host.

chassis or appliance.

2.

On the Main tab, click vCMP > Host Properties.

3.

View host properties for all slots, or in the upper right corner of the screen, from the View list, select a slot number.

The screen displays the host properties for the chosen slots.

vCMP host properties

This topic describes the vCMP

® host properties on the BIG-IP

® system.

48

vCMP

®

Systems: Configuration

Property Name

State

On Slots

Number of Cores

Value

Configured, Provisioned, or

Deployed

One or more numeric values in the range of 1 through 4.

A numeric value

Description

The state of the named guest.

The slot numbers pertaining to each guest.

The number of CPU cores currently allocated to the named guest.

49

Chapter

6

Understanding vCMP Guests

About vCMP guests

About network modes for a vCMP guest

Modifying the properties of a vCMP guest

Overview: Blade swap for vCMP guest

About software image selection and live installation

About vCMP guest states

About system resource allocation

vCMP guest modification considerations

Understanding vCMP Guests

About vCMP guests

A vCMP

®

BIG-IP

®

guest is an object that you create on the vCMP system for the purpose of running one or more modules. For example, a typical guest might run both BIG-IP Local Traffic Manager

™ and BIG-IP

Global Traffic Manager

. Each guest has its own portion of system resources (such as CPU cores and disk space) allocated to it, which makes the guest appear as if it were a separate BIG-IP device. On a vCMP system, the number of guests that you can run simultaneously, depends on licensing and hardware type.

In addition to running BIG-IP modules, each guest contains its own instance of TMOS

®

. This TMOS instance gives you the ability to provision, configure, and manage certain network components (such as self IP addresses) and any BIG-IP modules within the guest.

The illustration shows three guests running on a BIG-IP system.

Guest 1 runs on a single slot only.

Guest

2 and

Guest 3 each run on all available slots.

Figure 2: Example illustration of guests running on a BIG- IP system

Important: In addition to other considerations, when considering whether to create a single slot or multi-slot guest, bear in mind that recovery from a blade hot swap is much more straightforward for multi-slot guests.

About network modes for a vCMP guest

You can configure each vCMP

® guest to operate in one of two modes: Bridged or Isolated. The mode you choose specifies whether the guest is bridged to or isolated from the vCMP host's management network.

52

vCMP

®

Systems: Configuration

About the Bridged network mode

Bridged mode is the default network mode for a vCMP guest. This mode provides full Layer 2 access between guests, and creates a bridge between each guest's management interface, the host's management interface, and devices connected to the host's front-panel management port. Typically, you configure a guest's management port to be on the same IP network as the host's management port, with a gateway identical to the host's management gateway. This allows you to make TCP connections (for SSH, HTTP, and so on) easily from either the host or the external network to the guest, or from the guest to the host or external network. Although the guest and the host share the host's Ethernet connection, the guest appears as a separate device on the local network, with its own MAC address and IP address.

About the Isolated network mode

Isolated mode isolates the guest from the management network. As in Bridged mode, a guest in Isolated mode cannot communicate with other guests on the system. Also, the only way that a guest can communicate with the vCMP host is through the console port or through a self IP address on the guest that allows traffic through port 22.

Note: Although a guest in Isolated mode cannot communicate directly with the management network, you can configure the guest to communicate to external networks indirectly. You do this by configuring network routing or a firewall on the guest's operating system.

About deployed guests and network modes

If the guest is already deployed:

• Setting the network mode from Bridged to Isolated causes the vCMP host to remove all of the guest's management interfaces from its bridged management network. This has the effect of immediately disconnecting the guest's VMs from the physical management network.

• Setting the network mode from Isolated to Bridged causes the vCMP host to dynamically add the guest's management interfaces to the bridged management network. This immediately connects all of the guest's

VMs to the physical management network.

Changing this property while the guest is in the Configured or Provisioned state has no immediate effect.

Modifying the properties of a vCMP guest

You can use the BIG-IP

®

Configuration utility to modify the properties of an existing vCMP

® guest.

1.

On the Main tab, click vCMP > Guest List.

2.

In the Name column, click the name of the vCMP guest that you want to modify.

3.

From the Properties list, select Advanced.

4.

Change the values of the properties you want to modify.

5.

Click Update.

Important: Depending on the extent of the changes made to the vCMP guest, the guest may reboot.

Viewing the properties of a vCMP guest

You can use the BIG-IP

®

Configuration utility to view the properties of vCMP

® guests.

53

Understanding vCMP Guests

1.

On the Main tab, click vCMP > Guest List.

2.

In the Name column, click the name of the vCMP guest that you want to view.

The system displays the properties of the guest.

Overview: Blade swap for vCMP guest

When you remove and replace blades, and want to preserve the existing configuration, you may need to migrate a guest. This is true when you need to swap all of the blades upon which your guest resides. On multiple slot guests, configuration information is stored on all blades, so when you remove a blade, the configuration is retained. But when you swap a single slot guest, or all slots of a multiple slot guest, you must take care to migrate the guest before you swap. This task guides you through the process of migrating your guest to another slot for the duration of the hot swap process and then migrating it back after the swap.

Although this task preserves your guest and all of its settings, the easier (and preferable) method is to just save the BIG-IP

® configuration objects configured on your guest (as a UCS file), create a new guest, and then import the UCS file to the new guest.

For more information on archiving and importing BIG-IP configuration objects, refer to the F5 Networks

AskF5

®

Knowledge Base web site, http://support.f5.com

.

When you swap out a blade that hosts a single slot vCMP

® guest, migrate the guest to another slot before you swap out the blade to preserve the BIG-IP configuration objects through the swap process.

Migrating a single-slot guest to another slot copies the virtual disk and the configuration objects it contains.

When you swap out the blade and redeploy the guest, the guest can resume traffic processing.

Disabling a vCMP guest

When you disable a guest, the BIG-IP

® system deallocates its resources (such as CPU cores, physical memory, and virtual disks). Once disabled, you can edit the vCMP

® guest, or you can migrate the guest to another slot and its resources are available for consumption by another guest.

1.

On the Main tab, click vCMP > Guest List.

2.

In the Name column, find the name of the vCMP guest that you want to disable.

3.

Select the check box to the left of the guest name.

4.

Click Disable.

The BIG-IP system releases the resources dedicated to the guest.

Migrating a vCMP guest

When you migrate a guest from a slot about to be hot swapped, you determine where that guest will migrate using the Allowed Slots List.

1.

On the Main tab, click vCMP > Guest List.

2.

Analyze the vCMP

® guest allocation to determine on which slot your guest is currently deployed and to which slot (or slots) you want it to migrate.

3.

In the Name column, click the name of the vCMP guest that you want to modify.

The system displays the properties of the guest.

54

vCMP

®

Systems: Configuration

4.

From the Properties list, select Advanced.

5.

From the Allowed Slots List, use the Move button to move the current slot number to the Available field and the slot to which you want the guest to migrate to the Selected field. (If it doesn't matter to which specific slot the guest migrates, you can also just remove the current slot from the Allowed Slots list.

This identifies the specific slots to which you want your guest to migrate.

6.

Click Provision or Deploy.

7.

Click Update.

Important: The system will begin migrating the virtual disk for the vCMP guest.

Migrating a single slot guest

For this task you must be logged in to the vCMP

® host using its management IP address, and you are in the process of migrating a single slot guest from a blade so that it can be hot swapped. Additionally, this task begins when you have either temporarily disabled guests or created dummy guests so that when you re-deploy the guest, it will migrate to the slot you intend.

When you re-deploy a guest that has been disabled (change its state from configured to deployed), the vCMP host migrates that guest to the next open set of available resources. Use this procedure to migrate the guest from the blade before you perform the hot swap, and then use this procedure again to migrate the guest back to the blade after the hot swap.

Important: Migrating a single slot guest to another slot is essential before performing a blade hot-swap if you want to preserve the BIG-IP

® configuration objects defined for that guest.

1.

Ensure that you are still logged in to the vCMP host using the BIG-IP system's management IP address.

2.

On the Main tab, click vCMP > Guest List.

3.

In the Name column, click the name of the vCMP guest that you want to deploy.

4.

From the Requested State list, select either Provisioned or Deployed.

5.

Click Update.

Important: Depending on the extent of the changes made to the vCMP guest, the guest may reboot.

The guest migrates to the next available set of resources. It takes some time for the guest to boot and become accessible.

Hot swapping a VIPRION blade

You can hot swap a VIPRION

® blade when you need to replace it. Steps for performing a hot swap are platform dependent.

Refer to the appropriate platform guide for instructions on removing and replacing a blade on an active

VIPRION chassis.

Option Description

For VIPRION 2400 chassis

Refer to "Removing a blade" and "Installing a blade" in the

Platform Guide: VIPRION 2400.

55

Understanding vCMP Guests

Option

For VIPRION 4400 chassis

Description

Refer to "Removing a blade" and "Installing a blade" in the

Platform Guide: VIPRION 4400.

Once the new blade boots, the vCMP

® host adds it to the cluster, and you can migrate guests to it.

About software image selection and live installation

When you initially create a vCMP

® guest, you choose the ISO image to install for that guest. Then, when you move the guest to the Provisioned state, the vCMP host installs that ISO image onto each of the newly-created virtual disk images pertaining to that guest.

Important: The initial software image is used only when the system first creates the virtual disk images.

Subsequent software upgrades are done within the guest using the live installation process.

About vCMP guest states

A vCMP

® guest is always in one of these states:

Configured

This is the initial (and default) state for newly-created guests. In this state, the guest is not running, and no resources are allocated to the guest. The BIG-IP

® system does not create virtual disks for a guest until you set that guest to the Provisioned state. If you move a guest from another state to the Configured state, the BIG-IP system does not delete the virtual disks previously attached to that guest. The guest's virtual disks persist on the system. Other resources, however, such as CPU cores, are automatically de-allocated. When the guest is in the Configured state, you cannot configure the BIG-IP modules that are licensed to run within the guest; instead, you must first provision and deploy the guest, then you can provision the BIG-IP modules within the guest.

Provisioned

When you move a vCMP guest to the Provisioned state, the system allocates resources (CPU, memory, network interfaces, and disk space) to that guest. If this is a new guest, the system also creates virtual disks for the guest and installs the selected ISO image on them. A guest does not run while in the

Provisioned state.

Deployed

After provisioning a guest, you deploy it. For guests in this state, the BIG-IP system attempts to start and maintain a VM on each slot for which the guest has resources allocated. If you reconfigure the properties of a guest after its initial deployment, the system immediately propagates some of those changes to all of that guest's VMs. The system immediately propagates the list of allowed VLANs.

When you set up and deploy multiple guests at once, there is good reason to move each guest first to the

Provisioned state. This allows you to verify that the guest allocations are satisfactory before you commit the guests to full deployment. This allows you to confirm that the virtual disk installations are successful before deploying the guests. If there is a problem with one guest’s allocation or virtual disk installation, you might need to rearrange the resource allocations for your guests. Keeping the guests in the Provisioned state until you are confident in your allocations prevents you from having to shut down deployed guests to make these changes.

56

vCMP

®

Systems: Configuration

About system resource allocation

The system resources that the BIG-IP

® system allocates to each guest are: CPU cores, physical memory, and virtual disk space. The system allocates resources to a guest when you set the state of the guest to

Provisioned.

About CPU cores allocation

For single-slot guests, when the system allocates CPU cores to a guest, the system determines the best slot for the guest to run on. From the slots identified on the Allowed Slots list, the system selects the slot with the most unallocated CPU cores. For all-slot guests, the system allocates CPU cores from the available slots

(as defined by the Allowed Slots setting for this guest).

This illustration shows that the BIG-IP

® system has allocated two CPU cores to guest1, which is deployed on slot 1. Note that guest0 has no CPU cores allocated to it because the guest has not yet been deployed.

Figure 3: BIG-IP system with CPU core allocations for guests

Note the following:

• If an unavailable slot becomes available later, the system automatically re-allocates the CPU cores to each all-slot guest and to any single-slot guests previously allocated to this slot.

• If rebooted for any reason, the BIG-IP system persists any single-slot guest to the slot it was deployed on previously, thereby retaining the same CPU core allocation for that guest. However, if you change a guest's state at any time from Deployed to Configured, the BIG-IP system de-allocates the CPU cores for that guest.

57

Understanding vCMP Guests

About virtual disks allocation

A virtual disk is a portion of the total disk space on the BIG-IP

® system that the system allocates to a vCMP

® guest. The system allocates one virtual disk and a dedicated chunk of memory to each slot on which the guest resides.

You cannot explicitly create virtual disks; instead, the BIG-IP system creates virtual disks whenever you set the state of a guest to Provisioned and the guest does not already have an attached virtual disk.

About hardware processors allocation

On systems that include SSL and compression hardware processors, the vCMP

® feature shares these hardware resources among all guests on the system.

vCMP guest modification considerations

Before modifying a vCMP

® guest, be aware of the following facts in regard to vCMP guest properties.

Property name

Virtual Disk

Note

If you change this value from a specific file name to None, the BIG-IP

® system detaches that virtual disk file from the guest. In this case, the virtual disk remains on the system as an unattached virtual disk. If you want to delete the virtual disk, you must do this explicitly, using the Virtual Disk

List screen of the BIG-IP Configuration utility.

Note: Guests in the Provisioned or Deployed state do not allow modification of this property. You can only modify the Virtual Disk property by first changing the State property to Configured.

VLAN List

State

Management Network

The system immediately propagates the modification to all VMs of the guest, if the guest is in the Deployed state.

If you change this value from Deployed or Provisioned to Configured, the BIG-IP system automatically de-allocates all resources except for the guest's virtual disk.

Changing the value of the Network Mode property while the guest is in the Deployed state, has consequences:

• Changing the mode from Bridged to Isolated causes the vCMP host to remove all of the guest's management interfaces from its bridged management network. This has the effect of immediately disconnecting the guest's VMs from the physical management network.

• Changing the mode from Isolated to Bridged causes the vCMP host to dynamically add the guest's management interfaces to the bridged management network. This immediately connects all of the guest's VMs to the physical management network.

Changing the Network Mode property while the guest is in the Configured or Provisioned state has no immediate effect.

58

Chapter

7

Working with vCMP Virtual Disks

Overview: Managing virtual disks

Detaching virtual disks from a vCMP guest

Viewing virtual disks not attached to a vCMP guest

Attaching a detached virtual disk to a vCMP guest

Deleting a virtual disk from the BIG-IP system

Working with vCMP Virtual Disks

Overview: Managing virtual disks

With vCMP

® initial setup successfully completed to process application traffic, you will likely want to manage the configuration of your vCMP virtual disks to optimize performance.

Detaching virtual disks from a vCMP guest

Before you can detach a virtual disk from a guest, you must change the Requested State property on the guest to Configured.

You can detach a virtual disk from the guest, but retain the virtual disk on the BIG-IP

® can attach it to another guest later. To detach a virtual disk from a vCMP

® system so that you guest, you modify the guest's properties by setting the Virtual Disk property to None.

Attention: Unattached virtual disks consume disk space on the system. To prevent unattached virtual disks from depleting available disk space, routinely monitor the number of unattached virtual disks that exist on the system.

1.

On the Main tab, click vCMP > Guest List.

2.

In the Name column, click the name of the vCMP guest that you want to view.

3.

From the Virtual Disk list, select the default value, None.

4.

Click Update.

Important: Depending on the extent of the changes made to the vCMP guest, the guest may reboot.

The vCMP guest no longer has any virtual disk attached to it.

Viewing virtual disks not attached to a vCMP guest

You can view virtual disks that are not attached to a vCMP

® may be unused, but still consuming disk space.

guest, so you can monitor virtual disks that

1.

On the Main tab, click vCMP > Virtual Disk List.

2.

Locate the Virtual Disk List area of the screen.

3.

To the right of the list of virtual disk names, note any disks that do not have any guest names associated with them. These disks are unattached.

Attaching a detached virtual disk to a vCMP guest

Before you begin this task, ensure that:

• The guest to which you are attaching the virtual disk is in the Configured state.

60

vCMP

®

Systems: Configuration

• The virtual disk cannot currently be attached to another guest.

It is possible for a virtual disk to become detached from a vCMP

™ guest. A disk that is no longer attached to a guest is known as an unattached virtual disk.

You can attach an unattached virtual disk to another guest either when you create the guest or when you modify the Virtual Disk property of a guest.

1.

On the Main tab, click vCMP > Guest List.

2.

In the Name column, click the name of the vCMP guest that you want to view.

3.

From the Properties list, select Advanced.

4.

From the Virtual Disk list, select a file name.

The guest uses the newly-selected virtual disk when being deployed.

5.

Click Update.

Important: Depending on the extent of the changes made to the vCMP guest, the guest may reboot.

Deleting a virtual disk from the BIG-IP system

Using the BIG-IP

®

Configuration utility, you can delete a virtual disk from the system. You do this by using the Virtual Disk List screen.

Important: This is the only way to delete a virtual disk from the system. If you delete the associated guest instead, the system retains the virtual disk for re-use by another guest later.

1.

On the Main tab, click vCMP > Virtual Disk List.

2.

Locate the Virtual Disk List area of the screen.

3.

In the Name column, locate the name of the virtual disk that you want to delete.

4.

To the left of the virtual disk name, select the check box.

5.

Click Delete.

The system prompts you to confirm the delete action.

6.

Click Delete.

61

Chapter

8

Managing vCMP Statistics

Overview: Managing statistics

Viewing virtual disk statistics

Viewing vCMP guest statistics with the

BIG-IP Configuration utility

Viewing disk usage statistics

Managing vCMP Statistics

Overview: Managing statistics

With vCMP

® initial setup successfully completed to process application traffic, you will likely want to analyze your vCMP statistics to better manage performance.

Viewing virtual disk statistics

Using the BIG-IP

® allocated to vCMP

®

Configuration utility, you can view information about the virtual disks that are currently guests:

• The virtual disk names

• The slot number corresponding to each virtual disk image

• The size in gigabytes of each virtual disk

• The name of the guest to which each virtual disk is currently allocated

1.

On the Main tab, click vCMP > Virtual Disk List.

2.

Locate the Virtual Disk List area of the screen.

The following table shows sample statistics for three separate virtual disks.

Virtual Disk Name

GuestA.img

GuestB.img

GuestC.img

Slot ID

1

1

1

Operating System Status

TMOS

Unknown

TMOS

Ready

Unknown

Ready

Disk use

64.4G

64.4G

64.4G

Viewing vCMP guest statistics with the BIG-IP Configuration utility

Using the BIG-IP

®

Configuration utility, you can list the names of, and information about, the vCMP guests that are currently on the system.

®

1.

Log out of the guest.

2.

On an external system, open a browser window and access the vCMP host, using the vCMP host's management IP address.

3.

Using your user credentials, log in to the BIG-IP Configuration utility.

4.

On the Main tab, click vCMP.

The system displays a list of vCMP guest names, as well as this information:

• The state configured for the guest

• The slot numbers on which the guest is running or slated to run

• The guest's management IP address and netmask

64

vCMP

®

Systems: Configuration

Viewing disk usage statistics

Using the BIG-IP

®

Configuration utility, you can view information about the vCMP

® disk usage:

• Disk name

• The slot numbers corresponding to the disk name

• The number of virtual disks

• The total vCMP application volume size, in gigabytes

• The available vCMP application volume size, in gigabytes

1.

On the Main tab, click vCMP > Virtual Disk List.

2.

Locate the Disk Usage area of the screen.

The following table shows sample statistics.

Disk Slot ID

HD1 2

Number of Virtual

Disks

Total Volume Size

(GB)

Available Volume

Size (GB)

1 84 14

65

Index

A

administrative user accounts configuring

21

allocating

CPU cores

57

virtual disks

58

application volumes

14

AWS floating IP address

32

B

base registration key, about

21

BIG-IP clusters defined

14

BIG-IP modules and guest states

56

blade hot swapping

55

Bridged mode described

52

bridges and management interfaces

16

C

cluster definition

42

cluster IP address modifying

44

cluster IP addresses defined

14

cluster management IP addresses configuring

22

cluster member properties described

43

viewing

43

cluster members enabling and disabling

44

cluster properties described

42

viewing

42

cluster-related IP addresses described

44

clusters, See BIG-IP clusters

See also virtual clusters

CMP system

14

configsync configuring for VIPRION systems

30

config sync addresses specifying

33

configuration synchronization syncing to group

37–38

Configured state described

56

connection mirroring configuring

34

connections creating pools for

27

connections (continued) preserving on failover

34

core allocation

48

,

57

CPU core allocation

48

,

57

CPU cores and guest states

56

as resource

57

D

Deployed state described

56

deployment worksheet

20

device discovery for device trust

35

device groups configuring for VIPRION systems

30

creating

36

devices and mirroring limit

34

device trust configuring for VIPRION systems

30

establishing

35

disk space consuming

16

reserving

14–16

disk usage

65

DSC deployment worksheet

32

E

Ethernet connection sharing

52

F

failover configuring for VIPRION systems

30

failover devices targeting

35

failover IP addresses specifying

38

floating IP address for AWS

32

floating IP addresses configuring

22

FQDN (fully-qualified domain name)

21

front-panel management port

52

fully-qualified domain name (FQDN)

21

G

guest accessibility

16

guest configuration moving and copying

16

guest properties

58

Index

67

Index

guest properties (continued) viewing

53

guests and management network

52

and VLAN groups

16

configuring for LTM

20

,

60

,

64

configuring LTM on

27

creating

23

defined

14

,

52

migrating, single-slot

54–55

modifying and deleting

53

number of

52

provisioning BIG-IP modules for

25

setting to Deployed state

25

states of and CPU allocation

48

upgrading

16

guest states described

56

listed

48

guest-to-external-network communication

52

guest-to-guest communication

52

guest-to-host TCP connections

52

guest-to-vCMP host communication

52

H

hardware platforms and failover

35

host, See vCMP host

host properties

48

hosts managing

48

hypervisor

48

hypervisors

14

I

initial vCMP configuration

27

ISO images and guest states

56

selecting and installing

56

Isolated mode described

52

L

license, activating for vCMP

21

license keys renewing

16

licenses activating

22

licensing and guests

15

live install process

56

load-aware failover about

35

local trust domain and device groups

36

defined

35

LTM configuration and vCMP host

16

68

M

MAC addresses

52

management gateways

52

management interfaces bridging

52

wiring

16

management IP address

42

management IP addresses configuring

22

management network and guests

52

management port configuring

21

management ports

52

memory as resource

57

migration of virtual cluster members

16

mirroring configuring for VIPRION systems

30

modes of guests

52

module instances running

52

N

network, See management network

network failover configuring

36

network modes changing

52

described

52

next-active devices controlling

35

P

pools creating for HTTP traffic

27

pre-deployment questions

20

Provisioned state and resource allocation

57

described

56

setting

56

provisioning and resource allocation

16

provisioning sequence

15

R

resource allocation about

57

and guest states

56

resources allocating

15–16

for guests

52

S

self IP addresses and VLANs

26

creating

16

,

26

single-slot guests migrating

54

single slot migration choosing destination

54

slots and guest states

56

number of

48

viewing properties for

48

software upgrades

56

states of guests

48

statistics and disk usage

65

viewing for guests

64

viewing for virtual disks

64

Sync-Failover device groups creating

36

system provisioning

22

system resource allocation, See resource allocation

system resources allocating

15

T

TCP connections to vCMP host or guest

52

TMOS hypervisors

14

traffic groups creating

30

,

33

trunks creating external

22

trust domains and local trust domain

35

V

vcmpd daemon defined

14

vCMP guests

See also guests

about

14

See also guests

vCMP host accessing

22

and LTM configuration

16

vCMP host (continued) and VLAN configuration

16

defined

14

vCMP host properties described

48

viewing

48

vCMP host-to-guest TCP connections

52

vCMP system provisioning

14

VIPRION system licenses

22

VIPRION systems provisioning

22

virtual clusters defined

14

virtual disk images

56

virtual disks and disk space consumption

16

and guest states

56

attaching

60

defined

14

deleting

61

detaching and re-attaching

60

viewing unattached

60

virtual disk space as resource

57

virtual disk statistics viewing

64

virtual machines

14

virtual management network defined

14

virtual resources de-allocating

16

virtual servers creating for HTTP traffic

27

VLAN configuration and vCMP host

16

VLAN groups and guests

16

VLANs and self IP addresses

26

creating

23

VMs defined

14

disconnecting

52

propagating changes to

56

X

x509 certificates for device trust

35

Index

69

Index

70

Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement

Table of contents