Virtualize My Lab-F5

VIRTUALIZEMYDC.CA

MARCH 27, 2015

YOU ARE HERE: HOME / OTHER / INITIAL F5 BIG-IP PROVISIONING & CONFIGURATION

Initial F5 Big-IP Provisioning & ConfigurationMARCH 29, 2014 BY ANDREY POGOSYAN LEAVE A COMMENT

Ill be honest, I dont work with load balancers all that much, other than

a configuration for a Client Access Server Array for Exchange or

maybe even Load balancing Connection servers for VMware Horizon

View. However, I think its something that I find to be quite interesting

because it touches base with both applications and networking. With

that said, I came across an article that Chris Wahl from Wahlnetwork

wrote about the F5 Lab licenses, and that got me very interested

because 1) we use F5 Load Balancers at work and 2) because I have a lab where I needed a

load balancer countless times to test a feature here and there. It is also useful for when

preparing for an exam, like Chris mentions in his article.

With that said, I went ahead and purchased a virtual lab edition license for $126 at the time of

this post. I went through CDW and in all, it took about 1 week to receive the license key. The

email with the license comes from F5 Networks, so be on the look out! Once I got my license,

it was time to download the F5 Big-IP OVA and import it into vSphere. Of course, from reading

other articles, it seems like it could also work with VMware Workstation and Fusion.

F5 BIG-IP VIRTUAL EDITION MINIMUM SYSTEM REQUIREMENTS

2 x Virtual CPUs

4GB of RAM for a 2-core CPU

8GB of RAM for a 4-core CPU

PCnet32 LANCE for Management interface

HOME ABOUT HOME LAB VMWARE CITRIX MICROSOFT @ANDREY_PO

pagina 1 van 11Initial F5 Big-IP Provisioning & Configuration - virtualizemydc.ca

27-3-2015http://www.virtualizemydc.ca/2014/03/29/load-balancers-home-lab/

3 x VMXNET3 virtual network adapters

1 x 100GB SCSI disk (default)

1 x 50GB SCSI disk (for extra modules)

More information on the system requirements can be found here.

ESXi CPU REQUIREMENTS

64 bit architecture

Support for AMD-V or Intel-VT (Must be Enabled)

Support for multi-threaded CPU

More information on the system requirements can be found here.

INSTALLING AND PROVISIONING F5 LOAD BALANCER

One of the first things we need to do, is define the necessary IP addresses for the appliance,

makes sense right? When deploying the OVA, during the deployment process, you will be

asked to provide 4 networks to use.

1. Management - For Managing your F5 Big-IP Appliance

2. Internal - Internal private network

3. External - External Network such as a DMZ subnet

4. HA - High Availability Network that will be used when creating an HA pair

pagina 2 van 11Initial F5 Big-IP Provisioning & Configuration - virtualizemydc.ca

27-3-2015http://www.virtualizemydc.ca/2014/03/29/load-balancers-home-lab/

These interfaces are pretty self-explanatory so once youve defined the proper networks for

each interface and successfully imported the appliance, well then need to turn it on in order

to provision it. Provisioning will be the very first step we take before we can start using the

appliance. The process typically involves applying the license, enabling the necessary

components such as LTM, APM, GTM, Firewall, Link Control, Carrier Grade NAT, configuring

static IP addresses, specifying a new admin password, creating the necessary access

accounts, updates, etc.

By default, if you have DHCP enabled on your management interface subnet, the F5 Big-IP

appliance should automatically obtain an IP address, that IP address will then be listed in the

Virtual Machine general info section.

You can also use IFCONFIG to pull the IP address that was automatically assigned. Another

option is to use a network scanner if you have one available.

Default Password information

Console Access: Username: root Password: default

pagina 3 van 11Initial F5 Big-IP Provisioning & Configuration - virtualizemydc.ca

27-3-2015http://www.virtualizemydc.ca/2014/03/29/load-balancers-home-lab/

Web Interface Access: Username: admin Password: admin

Upon a successful login, we should be presented with a Welcome screen and a Setup Utility

that well be using to configure the F5 appliance

When we start the Setup Utility, one of the very first steps, is to provide a license to the

appliance. The way it works, is that the License will allow you to use certain features of the

appliance. You must be connected to the internet in order to successfully activate the license,

VERY IMPORTANT. Once the license has been activated, youll see the license data, active,

optional, and inactive modules

pagina 4 van 11Initial F5 Big-IP Provisioning & Configuration - virtualizemydc.ca

27-3-2015http://www.virtualizemydc.ca/2014/03/29/load-balancers-home-lab/

Now things are starting to get interesting. The next step, is resource provisioning, in other

words, we need to specify what modules we want to enable and use. Below is a screenshot of

all the modules that are licensed and unlicensed

pagina 5 van 11Initial F5 Big-IP Provisioning & Configuration - virtualizemydc.ca

27-3-2015http://www.virtualizemydc.ca/2014/03/29/load-balancers-home-lab/

Lets cover the basics of the modules were going to play with in the lab:

Carrier Grade NAT (CGNAT) Is a Large Scale NAT, in other words, it allows for

translation of internal private IPv4 Addresses (multiple PCs) into public IPv4 addresses.

Local Traffic Manager (LTM) LTM is a module that allows us to create an abstraction

layer between the user and the infrastructure in order to leverage high availability, load

balancing, secure, and optimize application traffic between the end user and

infrastructure. Essentially, this post will concentrate on LTM since this is the load

balancing piece of this product

Application Security (ASM) Provides a security layer for applications by allowing

control through access policies and insight into application access, violations, and

tampering

Global Traffic (GTM) This is an interesting component, as this will provide GSLB (Global

Server Load Balancing), which if youve worked on DR site design, youll know that with

certain types of applications like Exchange, can leverage this module and make the

disaster recovery a lot smoother. Something I will cover in another post.

Link Controller (LC) Allows us to link multiple connections (ISP for example, mentioned

in the article) and provides features such as topology based routing, load balancing by

link costs, integrated route shaping, and so on

Access Policy (APM) APM is a feature that allows for secure access to corporate

applications through the use of policies

As you can see from modules above, not all of them are licensed, and thats normal, were

only using a lab license so in my case, these unlicensed features are not required. However

you can get them licensed, but youd have to use a different license, costs a lot more!

Heres something interesting I find about the provisioning process, as you start adding module,

youll notice that the Memory, Disk, and CPU allocation at the top will change to

accommodate the new modules (see below). Its interesting, because it gives us an idea into

the amount of resources that will be required, so keep that in mind when provision the virtual

or physical appliance

pagina 6 van 11Initial F5 Big-IP Provisioning & Configuration - virtualizemydc.ca

27-3-2015http://www.virtualizemydc.ca/2014/03/29/load-balancers-home-lab/

At the next step, we can configure the appliance to use a certificate, however for this blog

post, we wont be configuring a certificate because I will be making a separate post about it

later on

Now, we need to assign a static IP, Time zone, hostname, rood/admin password, and SSH

access

pagina 7 van 11Initial F5 Big-IP Provisioning & Configuration - virtualizemydc.ca

27-3-2015http://www.virtualizemydc.ca/2014/03/29/load-balancers-home-lab/

Once the Platform section has been completed, we can end the Setup by clicking on Finish.

We will then be logged off and will be required to log back in, however this time, youll notice

that we now see something different, we now see the Big-IP Main menu where we can start

configuring the modules that weve enabled earlier. If by some reason, you forgot to enable

module, you can always go back and do so at a later time.

pagina 8 van 11Initial F5 Big-IP Provisioning & Configuration - virtualizemydc.ca

27-3-2015http://www.virtualizemydc.ca/2014/03/29/load-balancers-home-lab/

That should be it for the initial configuration. I will be creating more post on how to configure

the load balancer with VMware View Connection servers and Exchange 2010/2013. Stay

tuned!

Be Sociable, Share!

FILED UNDER: OTHER

TAGGED WITH: BIG-IP, F5, LOAD BALANCER

Leave a Reply

SEARCH

Search this website

FOLLOW US FOR FREE!

Related

pagina 9 van 11Initial F5 Big-IP Provisioning & Configuration - virtualizemydc.ca

27-3-2015http://www.virtualizemydc.ca/2014/03/29/load-balancers-home-lab/

Stay up to date with the latest content

from virtualizemydc.ca!

Email Address

SIGN ME UP!

RECOMMENDED BLOGS

Bas Van Kaam

Chris Stark

Cormac Hogan

Derek Seaman (VCDX)

Everything Virtual Simon Davies

ESX Virtualization Vladan Seget

Frank Denneman (VCDX)

Iam all vIRTUAL Lior Kamrat

Josh Odgers (VCDX)

LazyWinAdmin Francois-Xavier Cat

VCDX133 Rene Van Den Bedem

vHorizon Dale Scriven

VMFocus Craig Kilborn

Virtually Mike Brown

Wahl Network (VCDX) Chris Wahl

Yellow-Bricks (VCDX) Duncan Epping

pagina 10 van 11Initial F5 Big-IP Provisioning & Configuration - virtualizemydc.ca

27-3-2015http://www.virtualizemydc.ca/2014/03/29/load-balancers-home-lab/

Copyright 2015 News Pro Theme on Genesis Framework WordPress Log in

pagina 11 van 11Initial F5 Big-IP Provisioning & Configuration - virtualizemydc.ca

27-3-2015http://www.virtualizemydc.ca/2014/03/29/load-balancers-home-lab/