I talked about my F5 BIG-IP LTM VE home lab in this post, but I didn’t do a walkthrough on how to configure it after deployment. In this post, you will learn the initial configuration of the BIG-IP LTM virtual appliance.
The BIG-IP LTM VE version that I am using is the 90-day trial version so the wizard may be a little different than the newer version since this is an older version (11.3). The latest release of version 11 is 11.6, but the latest version at the time of writing is 12. I actually took two classes few weeks ago based on version 12 at F5 Networks’ Headquarters in Seattle, WA. The two classes were the following: Administering BIG-IP and Configuring BIG-IP LTM: Local Traffic Manager.
While the 90-day trial is based on 11.3 (F5 has decided to give trial users 13.1.x), the Setup Utility wizard is pretty similar so this guide is still relevant even using the older version of LTM VE. I might buy the lab version but for now this will do the job.
Setting the Management IP address
By default, the management interface of the VE has an IP address of 192.168.1.245/24. This is only true if the management interface is not on a network with DHCP server.
As one might say, such an odd number to pick for the default management IP address. Well, if you try to convert 245 to hexadecimal then you will get F5, as shown below. Very geeky in my opinion!
There are three ways to change the management IP address in the virtual appliance: Bash shell, TMSH (TMOS shell), and Web UI. Personally, I like both CLI methods – bash and TMSH. Both CLI methods are covered in this post.
Using Bash Shell
Easiest way of accessing the CLI is by console display – right click the BIG-IP LTM virtual machine and click Open Console in vSphere client. Alternatively, one can use terminal emulator to SSH to the BIG-IP LTM virtual machine using the default management IP address.
Step 1
Log in to the CLI using the default user account. Use root as username and default as password.
Step 2
Issue the config command in bash shell.
This will bring up the F5 Management Port Setup utility.
Step 3
Once you get the prompt, like the one above, hit OK. The next prompt will ask you if you want to use the automatic configuration, hit No.
Step 4
Enter desired IP address for the management interface and hit OK.
Step 5
Enter desired subnet mask for the management interface and hit OK.
Step 6
Management’s default gateway can be optional depending on how your setup. Since I have a management network and I want to access from any network, I do want to configure a default gateway so I can access the management IP from any VLAN. Otherwise, skip step 6 and 7.
Once you hit Yes, you will be prompted to enter the default gateway’s IP address and hit OK.
Step 7
Confirm the management IP address changes by hitting Yes. You will now be back to the bash shell. Exit out of the bash shell and go to Activating License section.
Using TMOS Shell (TMSH)
TMOS is a real-time, event-driven operating system designed specifically for application delivery networking. Through TMOS, you can configure all of the basic BIG-IP system routing and switching functions, as well as enhancements such as clusters, user roles, and administrative partitions.
According to the authors of F5 Networks Application Delivery Fundamentals Study Guide, TMOS and full proxy architecture were introduced back in 2004 when F5 Networks released BIG-IP LTM version 9.
Step 1
Same as step 1 in previous section, log in to the CLI using the default user account. Use root as username and default as password.
Step 2
Enter the TMOS shell then issue the syntax found below to assign the IP address to management interface.
[root@localhost:NO LICENSE:Standalone] config # tmsh
root@(localhost)(cfg-sync Standalone)(NO LICENSE)(/Common)(tmos)# create sys management-ip 192.168.99.51/255.255.255.0To display the management interface’s IP address.
root@(localhost)(cfg-sync Standalone)(NO LICENSE)(/Common)(tmos)# list sys management-ip
sys management-ip 192.168.99.51/24 {
description configured-statically
}Step 3
Same as step 6 in previous section, the management’s default gateway is optional depending on the setup.
root@(localhost)(cfg-sync Standalone)(NO LICENSE)(/Common)(tmos)# create sys management-route default gateway 192.168.99.1To display the management interface’s default gateway.
root@(localhost)(cfg-sync Standalone)(NO LICENSE)(/Common)(tmos)# list sys management-route
sys management-route default {
gateway 192.168.99.1
network default
}Step 4
Save the configuration.
root@(localhost)(cfg-sync Standalone)(NO LICENSE)(/Common)(tmos)# save sys config
Saving running configuration...
/config/bigip.conf
/config/bigip_base.conf
/config/bigip_user.confActivating License
Before you can do anything with BIG-IP LTM, you need to activate the license. To activate the license, you need to access the BIG-IP Configuration Utility. To access the BIG-IP Configuration Utility, open your favorite web browser and enter https://BIG-IP mgmt address here in the address bar. You will then be presented with a screen just like below. To log in, use the default username and password, which is admin/admin.
Once logged in, you will be presented with the Welcome screen. To begin the Setup Utility wizard, click Next to continue.
You will now be presented with a screen that shows you to activate the BIG-IP LTM license. Click Activate.
The next screen is where you enter the license key that you received from F5 Networks. Enter the license key and choose the activation method – automatic and manual.
Automatic Method
Automatic method is the fastest and easiest way to activate BIG-IP LTM. However, it requires an interface that has access to the Internet. In this scenario, management interface has access to the Internet. Click Next to continue.
The next screen will ask you to read and accept the EULA. Click Accept to continue.
Once EULA has been accepted, a new screen will appear. This may take less than a minute or so and continue button will appear. Click the Continue button and you will be redirected to the resource provisioning page. Skip to the Resource Provisioning section of this post if you chose this method. If not, go to the next section.
Manual Method
The manual method is for environment where management interface is on a network that is not allowed to access the Internet. It involves more steps than automatic method.
Follow the steps shown in the screen. First step is to copy all text found in the dossier box. Alternatively, download the dossier file.
The second step is to go to the F5’s licensing site by clicking the link found in step 2 section of the screen. Paste the dossier to the box. Alternatively, upload the dossier file. Click Next to continue.
The next screen will ask you to read and accept the F5 Networks’ EULA. Click the check box to accept the EULA and click Next.
The next screen is where you can copy the license information for your BIG-IP LTM. Alternatively, you can download the license file.
Once pasted to License section (step 3) of the Setup utility, click Next. You will then be presented with a screen just like below. Wait for less than a minute or so to finish. Once BIG-IP is done configuring the system, click continue button.
Upon clicking the continue button, you will now be redirected to the resource provisioning page.
Resource Provisioning
The license you receive from F5 Networks will determine what software modules you can use. The 90-day trial license will have license for both LTM (Local Traffic Manager) and AVR (Application Visibility and Responsibility). I am only interested in LTM at this time so that’s the only one I am going to provision.
This section also allows you to change the provisioning for the management. For the most part, you can pick the small option especially in a home lab environment. For the LTM, we can technically provision it to dedicated since that is the only thing we’re running but you can leave it at nominal, which is the the default.
Platform
This part of the setup utility wizard allows you to make configuration to the management interface’s IP address details (again), host name, time zone, user account passwords, etc. The SSH Allow section acts as an ACL to allow certain IP addresses and/or ranges. Once you make changes to the account passwords, you will be logged out and need to log back in.
Network Configuration
Once you log back in, you will be in the network section. You have ability to continue the setup utility or finish it. In this post, I will go through the standard network configuration.
Redundancy
You will now be directed to the redundancy portion of the setup utility. This section is about High Availability feature. At this time, I suggest to uncheck both boxes and just configure it in the future when it is needed. This will be covered in future blog post. Once both boxes are unchecked, click Next to continue.
VLANs
Next up is the network configuration for the internal interface. As you know, this interface will be facing your internal servers that will be load balanced by BIG-IP LTM.
In my case, my home lab uses 10.2.0.0/24 as the internal network.
For the port lockdown, you can leave this at the default setting (Allow Default), since it’s only for home lab environment. Adjust accordingly. The Allow Default setting specifies that connections to the self IP address are allowed from the following protocols and services:
For the VLAN interfaces, you will need to know the network mapping during the BIG-IP LTM VE virtual machine deployment. If you used ESXi for deployment, it should be similar to the one below. Once you figured out which interface number it is for your internal, click Next to continue.
The next screen will ask you to configure the external interface. I left the Port Lockdown to the default. Adjust this setting based on your environment. Since this is just a home lab, I left it alone. Click the Finished button once the required settings are entered.
You will now be redirected to the home page. This will always be the page you will see every time you log back into BIG-IP Configuration utility.
Start your Application Delivery Controller training now!
The initial configuration of BIG-IP LTM is quite easy especially when the default settings are accepted. The only part that I struggled with at first was the associating the TMM (Traffic Management Microkernel) interfaces. Other than that, it was really easy to deploy the virtual appliance and do the initial configuration.
With the free 90-day license for BIG-IP LTM, people who are interested in learning F5 will be able to practice using the software. While 90 days is plenty of time, one could extend the trial by requesting a few more license keys for free. As far as I know, there is no limit on how many ones could request. Just do not abuse it.
Are you ready to improve your network security?
Let us answer more questions by contacting us. We’re here to listen and provide solutions that are right for you.
You might also like to read
Disclosure
NetworkJutsu.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.
