F5 BIG-IP LTM VE Home Lab


I mentioned that I was building an F5 BIG-IP home lab here and I just finished building it a week ago. I wanted to share how mine was set up and possibly help a few people on how to build one. While mine was built in an ESXi host, it might work on other versions of hypervisor as well.

There is a lot of players out there in the Application Delivery Controller (ADC) space but F5 controls 52% share, according to Dell’Oro Group’s 2014 report. Some of the players in the ADC space are the following: Citrix, A10, Radware, Fortinet (acquired Coyote Point), etc. I’ve seen job postings for network engineer positions where they require or desire people with F5, Citrix, or A10 experience. That said, it’s probably best to learn about ADC or commonly called as load balancer. Depending on the organization, some actually let the server team handle everything from install, configure, and maintain. However, there are several numbers of organizations that let the network team handles the load balancers.

Want to get started in learning Application Delivery?

There is no F5 Networks Press, like VMware Press or Cisco Press, so there are no official books released. That said, if you head over to Amazon to find out what books are in there, the top book is the F5 Networks Application Delivery Fundamentals Study Guide. This book, however, does not talk a whole lot about the BIG-IP LTM but focuses more on the TCP/IP side of things. It seems to be a good book to have so you can pass F5 Networks’ 101 exam (Application Delivery Fundamentals). I don’t have first hand experience with the book so just read through the reviews.

To get the official training books for BIG-IP LTM, then one has to sign up for the expensive training offered by a lot of training vendors including direct training from F5 Networks. That is, unfortunately, the only way to get very specific BIG-IP LTM book material(s).

Acquiring BIG-IP LTM

While there are used ones on eBay for people to buy, there is another way to build one using the BIG-IP LTM VE. There are three ways to acquire BIG-IP LTM VE, two of which are free (in exchange of some personal information) and one is a paid version. If one is only interested in playing with BIG-IP LTM, then the 90-day trial should suffice. One caveat is that the copy available for download is the 11.3 version and current version is 11.6, as of this writing.

The other free version is the 30-day evaluation, which includes licenses for a lot of their products, like Global Traffic Manager (GTM), Application Acceleration Manager, etc. The 30-day evaluation should be able to let one download the newest version. Last, but not the least, is actually purchasing a lab license which has a price tag of $96. The lab version includes licenses for the following products: Local Traffic Manager, Global Traffic Manager, Application Acceleration Manager, Advanced Firewall Manager, Access Policy Manager, and Application Security Manager. If one needs Carrier-Grade NAT and Policy Enforcement Manager, then it can be purchased for an additional fee. I personally opted for the 90-day trial version since I am currently interested in learning a bit of the LTM product.

BIG-IP LTM VE Setup

F5 LTM

Upon deploying the OVA, it will ask to configure four network adapters. These four adapters are used for the following: Management, Internal, External and High Availability (HA). By default, network adapter 2 is for internal and network adapter 3 is for external. So if one follows the labeling during the OVA deployment, make sure to assign the right interface number once in the setup utility.

My network devices at home are not fancy so there are no features that are normally found on SMB or enterprise’s products. That said, my BIG-IP LTM home lab required some tweaking to make it look like they are on separate networks, which is going to be covered here.

Let’s start with the network adapter 1, which is the management network, is designed for managing the BIG-IP virtual appliance. My ESXi host has three physical network adapters. Two of the network adapters are connected to my home network, which is on the same network as the external. One of the network adapters is attached to a vSwitch designed for VMkernel connection types (vSphere VMotion, iSCSI, NFS, and host management). However, I added another port group, within the same vSwitch, which is for VM network traffic. This port group is designed for anything related to management traffic only. In the future, I might upgrade my network devices so that they support VLAN to separate a lot of my network traffic. To make it look like it is on a separate network address space, the VMs in this vSwitch are assigned an IP address within the 10.1.0.0/24 network. For my home devices connect to this, I have to add a secondary IP address within that subnet. Another way of accomplishing a separate network is to create another vSwitch with no physical adapter assigned to it, this is the host-only option in VMware Workstation. However, this would mean another VM has to be in the same vSwitch to access the management side of the BIG-IP LTM.

The network adapter 2 (external), which is also connected to my home network, is designed for clients connecting to a resource. In this lab setup, the resource is a website hosted on three web servers. The BIG-IP LTM, in this case, acts like as a reverse proxy.

The network adapter 3 (internal), which is connected to a vSwitch with no physical adapter assigned to it, is designed for the real servers for the resource that is being load balanced. As mentioned above, the resource is for a website so the three servers are web servers. The load balancers can pretty much spread the load to different types of servers. For example, RADIUS, database, FTP servers, etc. could be behind of the internal side.

The network adapter 4 (high availability), which is also connected to a vSwitch with no physical adapter assigned to it (separate from internal), is designed for network traffic between two identically configured BIG-IP devices that allows them to operate in a redundant fashion.

Thoughts

I truly believe in experiential learning. While reading books, watching training videos, or attending a class are helpful, they need to be reinforced by having experience with it. Yes, attending a class (most of the time a five-day class) does have a benefit of having a lab. However, attending a five-day class does not really make the concept stick without reading the books that came with it and also redoing the lab scenarios in their own time. Having said that, building a lab to play with would be beneficial for their employer and career in the long run.

You might also like to read

F5 BIG-IP LTM VE Initial Configuration

Disclosure

NetworkJutsu.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.