Initial F5 Big-IP Provisioning & Configuration - virtualizemydc.

ca

pagina 1 van 11

VIRTUALIZEMYDC.CA
HOME

ABOUT

HOME LAB

VMWARE

CITRIX

MICROSOFT

@ANDREY_PO

MARCH 27, 2015

YOU ARE HERE: HOME / OTHER / INITIAL F5 BIG-IP PROVISIONING & CONFIGURATION

Initial F5 Big-IP Provisioning &

Configuration
MARCH 29, 2014 BY ANDREY POGOSYAN LEAVE A COMMENT

Ill be honest, I dont work with load balancers all that much, other than
a configuration for a Client Access Server Array for Exchange or
maybe even Load balancing Connection servers for VMware Horizon
View. However, I think its something that I find to be quite interesting
because it touches base with both applications and networking. With
that said, I came across an article that Chris Wahl from Wahlnetwork
wrote about the F5 Lab licenses, and that got me very interested
because 1) we use F5 Load Balancers at work and 2) because I have a lab where I needed a
load balancer countless times to test a feature here and there. It is also useful for when
preparing for an exam, like Chris mentions in his article.
With that said, I went ahead and purchased a virtual lab edition license for $126 at the time of
this post. I went through CDW and in all, it took about 1 week to receive the license key. The
email with the license comes from F5 Networks, so be on the look out! Once I got my license,
it was time to download the F5 Big-IP OVA and import it into vSphere. Of course, from reading
other articles, it seems like it could also work with VMware Workstation and Fusion.

F5 BIG-IP VIRTUAL EDITION MINIMUM SYSTEM

REQUIREMENTS
2 x Virtual CPUs
4GB of RAM for a 2-core CPU
8GB of RAM for a 4-core CPU
PCnet32 LANCE for Management interface

http://www.virtualizemydc.ca/2014/03/29/load-balancers-home-lab/

27-3-2015

Initial F5 Big-IP Provisioning & Configuration - virtualizemydc.ca

pagina 2 van 11

3 x VMXNET3 virtual network adapters

1 x 100GB SCSI disk (default)
1 x 50GB SCSI disk (for extra modules)
More information on the system requirements can be found here.

ESXi CPU REQUIREMENTS

64 bit architecture
Support for AMD-V or Intel-VT (Must be Enabled)
Support for multi-threaded CPU
More information on the system requirements can be found here.

INSTALLING AND PROVISIONING F5 LOAD BALANCER

One of the first things we need to do, is define the necessary IP addresses for the appliance,
makes sense right? When deploying the OVA, during the deployment process, you will be
asked to provide 4 networks to use.
1. Management - For Managing your F5 Big-IP Appliance
2. Internal - Internal private network
3. External - External Network such as a DMZ subnet
4. HA - High Availability Network that will be used when creating an HA pair

http://www.virtualizemydc.ca/2014/03/29/load-balancers-home-lab/

27-3-2015

Initial F5 Big-IP Provisioning & Configuration - virtualizemydc.ca

pagina 3 van 11

These interfaces are pretty self-explanatory so once youve defined the proper networks for
each interface and successfully imported the appliance, well then need to turn it on in order
to provision it. Provisioning will be the very first step we take before we can start using the
appliance. The process typically involves applying the license, enabling the necessary
components such as LTM, APM, GTM, Firewall, Link Control, Carrier Grade NAT, configuring
static IP addresses, specifying a new admin password, creating the necessary access
accounts, updates, etc.
By default, if you have DHCP enabled on your management interface subnet, the F5 Big-IP
appliance should automatically obtain an IP address, that IP address will then be listed in the
Virtual Machine general info section.

You can also use IFCONFIG to pull the IP address that was automatically assigned. Another
option is to use a network scanner if you have one available.
Default Password information
Console Access: Username: root Password: default

http://www.virtualizemydc.ca/2014/03/29/load-balancers-home-lab/

27-3-2015

Initial F5 Big-IP Provisioning & Configuration - virtualizemydc.ca

pagina 4 van 11

Web Interface Access: Username: admin Password: admin

Upon a successful login, we should be presented with a Welcome screen and a Setup Utility
that well be using to configure the F5 appliance

When we start the Setup Utility, one of the very first steps, is to provide a license to the
appliance. The way it works, is that the License will allow you to use certain features of the
appliance. You must be connected to the internet in order to successfully activate the license,
VERY IMPORTANT. Once the license has been activated, youll see the license data, active,
optional, and inactive modules

http://www.virtualizemydc.ca/2014/03/29/load-balancers-home-lab/

27-3-2015

Initial F5 Big-IP Provisioning & Configuration - virtualizemydc.ca

pagina 5 van 11

Now things are starting to get interesting. The next step, is resource provisioning, in other
words, we need to specify what modules we want to enable and use. Below is a screenshot of
all the modules that are licensed and unlicensed

http://www.virtualizemydc.ca/2014/03/29/load-balancers-home-lab/

27-3-2015

Initial F5 Big-IP Provisioning & Configuration - virtualizemydc.ca

pagina 6 van 11

Lets cover the basics of the modules were going to play with in the lab:
Carrier Grade NAT (CGNAT) Is a Large Scale NAT, in other words, it allows for
translation of internal private IPv4 Addresses (multiple PCs) into public IPv4 addresses.
Local Traffic Manager (LTM) LTM is a module that allows us to create an abstraction
layer between the user and the infrastructure in order to leverage high availability, load
balancing, secure, and optimize application traffic between the end user and
infrastructure. Essentially, this post will concentrate on LTM since this is the load
balancing piece of this product
Application Security (ASM) Provides a security layer for applications by allowing
control through access policies and insight into application access, violations, and
tampering
Global Traffic (GTM) This is an interesting component, as this will provide GSLB (Global
Server Load Balancing), which if youve worked on DR site design, youll know that with
certain types of applications like Exchange, can leverage this module and make the
disaster recovery a lot smoother. Something I will cover in another post.
Link Controller (LC) Allows us to link multiple connections (ISP for example, mentioned
in the article) and provides features such as topology based routing, load balancing by
link costs, integrated route shaping, and so on
Access Policy (APM) APM is a feature that allows for secure access to corporate
applications through the use of policies
As you can see from modules above, not all of them are licensed, and thats normal, were
only using a lab license so in my case, these unlicensed features are not required. However
you can get them licensed, but youd have to use a different license, costs a lot more!
Heres something interesting I find about the provisioning process, as you start adding module,
youll notice that the Memory, Disk, and CPU allocation at the top will change to
accommodate the new modules (see below). Its interesting, because it gives us an idea into
the amount of resources that will be required, so keep that in mind when provision the virtual
or physical appliance

http://www.virtualizemydc.ca/2014/03/29/load-balancers-home-lab/

27-3-2015

Initial F5 Big-IP Provisioning & Configuration - virtualizemydc.ca

pagina 7 van 11

At the next step, we can configure the appliance to use a certificate, however for this blog
post, we wont be configuring a certificate because I will be making a separate post about it
later on

Now, we need to assign a static IP, Time zone, hostname, rood/admin password, and SSH
access

http://www.virtualizemydc.ca/2014/03/29/load-balancers-home-lab/

27-3-2015

Initial F5 Big-IP Provisioning & Configuration - virtualizemydc.ca

pagina 8 van 11

Once the Platform section has been completed, we can end the Setup by clicking on Finish.

We will then be logged off and will be required to log back in, however this time, youll notice
that we now see something different, we now see the Big-IP Main menu where we can start
configuring the modules that weve enabled earlier. If by some reason, you forgot to enable
module, you can always go back and do so at a later time.

http://www.virtualizemydc.ca/2014/03/29/load-balancers-home-lab/

27-3-2015

Initial F5 Big-IP Provisioning & Configuration - virtualizemydc.ca

pagina 9 van 11

That should be it for the initial configuration. I will be creating more post on how to configure
the load balancer with VMware View Connection servers and Exchange 2010/2013. Stay
tuned!
Be Sociable, Share!

Related

FILED UNDER: OTHER

TAGGED WITH: BIG-IP, F5, LOAD BALANCER

Leave a Reply

SEARCH

Search this website

FOLLOW US FOR FREE!

http://www.virtualizemydc.ca/2014/03/29/load-balancers-home-lab/

27-3-2015

Initial F5 Big-IP Provisioning & Configuration - virtualizemydc.ca

pagina 10 van 11

Stay up to date with the latest content

from virtualizemydc.ca!
Email Address

SIGN ME UP!

RECOMMENDED BLOGS

Bas Van Kaam

Chris Stark

Cormac Hogan

Derek Seaman (VCDX)

Everything Virtual Simon Davies

ESX Virtualization Vladan Seget

Frank Denneman (VCDX)

Iam all vIRTUAL Lior Kamrat

Josh Odgers (VCDX)

LazyWinAdmin Francois-Xavier Cat

VCDX133 Rene Van Den Bedem

vHorizon Dale Scriven

VMFocus Craig Kilborn

Virtually Mike Brown

Wahl Network (VCDX) Chris Wahl

Yellow-Bricks (VCDX) Duncan Epping

http://www.virtualizemydc.ca/2014/03/29/load-balancers-home-lab/

27-3-2015

Initial F5 Big-IP Provisioning & Configuration - virtualizemydc.ca

pagina 11 van 11

Copyright 2015 News Pro Theme on Genesis Framework WordPress Log in

http://www.virtualizemydc.ca/2014/03/29/load-balancers-home-lab/

27-3-2015