To deploy BIG-IP VE in a single NIC configuration in the Google Cloud Platform environment, complete these tasks.
This is a specific example, which you can use to test a single NIC deployment. When done, you should be able to send traffic to your application servers through BIG-IP VE.
|1||Choose an F5 license||Choose an F5 license. You can get a trial license if you need one.|
|2||Create firewall rules||
You can add firewall rules to your network before you deploy, or to the instance itself, during or after the deployment.
|3||Deploy a BIG-IP VE instance||Go to Cloud Launcher and select the F5 image you want to deploy.|
|4||Change the external IP to static||When you deploy BIG-IP VE, the external IP address is ephemeral, meaning it changes when BIG-IP VE reboots. Change the external IP to static ().|
|5||Set an admin password for BIG-IP VE||Use SSH to connect to the BIG-IP VE instance and set an admin password, which you will use to connect to the Configuration utility. For connection details, see this doc.|
|6||License BIG-IP VE||Use the admin account to log in to the BIG-IP Configuration utility (
|7||Provision BIG-IP VE||Enable the modules you need.|
|8||Create a pool and add members to it||Create a pool that contains your application servers.|
|9||Create a virtual server||Create a virtual server, which provides a destination for your inbound web traffic and points to the pool of web servers.|
The following diagram shows a basic single NIC deployment of BIG-IP VE in the Google Cloud Platform environment. Follow the steps in this guide to create this deployment.
As the diagram shows, all access to the BIG-IP VE is through the same IP address and virtual network interface (vNIC). When you first boot BIG-IP VE, the system automatically creates networking objects (vNIC 1.0, an internal VLAN, and an internal self IP address) for you, and sets the port for the BIG-IP Configuration utility to 8443.
Because only one self IP address is available in this configuration, the BIG-IP VE high availability feature is not available. (You cannot create an active-standby pair.) If you have two or more applications that need access to the same port, you have options, including:
Follow the steps in this guide, or, if you’d prefer, watch a video of the deploy:
To use BIG-IP VE in Google Cloud, deploy it in your project.
In the Google Cloud Platform Console, in the top left corner, click the Products & services icon.
In the left pane, click Cloud Launcher.
In the Search for solutions field, type
F5 and from the results, click the image you want.
Click Launch on Compute Engine.
Complete the fields. For the machine type, choose at least 2 vCPU and 4 GB memory. For each vCPU, add at least 2 GB of memory.
Note: Port 22 allows SSH access to BIG-IP VE; port 8443 provides access to the web-based BIG-IP Configuration utility.
The instance launches. Wait at least five minutes before you use SSH to connect.
The first time you boot BIG-IP VE, you must connect to the instance and create a strong admin password. You will use the admin account and password to access the BIG-IP Configuration utility.
This management interface may be accessible to the Internet, so the password must be strong.
Use an SSH tool to connect to the BIG-IP VE instance as admin.
admin, and click Change.
admin@before the instance name, for example:
gcloud compute –project "teamproject" ssh –zone "us-central1-f" "admin@instancename".
For more information about how to connect, see https://cloud.google.com/compute/docs/instances/connecting-to-instance.
To ensure you are at the tmsh command prompt, type
Change the admin password:
modify auth password admin
The terminal screen displays the message:
changing password for admin
Type the new password and press Enter.
The terminal screen displays the message:
Re-type the new password and press Enter.
Ensure that the system retains the password change and press Enter.
save sys config
The terminal screen displays the message:
Saving Ethernet mapping...done
For more details about how SSH connections work in Google Cloud Platform, see this topic.
You must enter license information before you can use BIG-IP VE.
Open a web browser and log in to the BIG-IP Configuration utility by using
https with the external IP address and port 8443, for example:
The username is
admin and the password is the one you set previously.
On the Setup Utility Welcome page, click Next.
On the General Properties page, click Activate.
In the Base Registration key field, enter the case-sensitive registration key from F5.
For Activation Method, if you have a production or Eval license, choose Automatic and click Next.
If you chose Manual, complete these steps:
In the Step 1: Dossier field, copy all of the text and then click Click here to access F5 Licensing Server.
A separate web page opens.
On the new page, click Activate License.
In the Enter your dossier field, paste the text and click Next.
Accept the agreement and click Next.
On the Activate F5 Product page, copy the license text in the box. Now go back to the BIG-IP Configuration utility and paste the text into the Step 3: License field.
The BIG-IP VE system registers the license and logs you out. When the configuration change is successful, click Continue to provision BIG-IP VE.
You must confirm the modules you want to run before you can begin to work in the BIG-IP Configuration utility.
Open a web browser and log in to the BIG-IP Configuration utility.
On the Resource Provisioning screen, change settings if necessary and click Next.
On the Device Certificates screen, click Next.
On the Platform screen, in the Admin Account field, re-enter the password for the admin account and click Next.
BIG-IP VE logs you out.
When you log back in, on the Advanced Network Configuration area, click Finished.screen, in the
Traffic goes through BIG-IP VE to a pool. Your application servers should be members of this pool.
Open a web browser and go to the BIG-IP Configuration utility, for example:
On the Main tab, click.
In the Name field, type
Names must begin with a letter, be fewer than 63 characters, and can contain only letters, numbers, and the underscore (_) character.
For Health Monitors, move
https from the Available to the Active list.
Choose the load balancing method or retain the default setting.
In the New Members section, in the Address field, type the IP address of the application server.
In the Service Port field, type a service port, for example,
The list now contains the member.
Add additional pool members as needed and click Finished.
A virtual server listens for packets destined for the external IP address. You must create a virtual server that points to the pool you created.
In the BIG-IP Configuration utility, on the Main tab, click.
Click Create and populate the following fields.
|Name||A unique name|
|Destination Address/Mask||BIG-IP VE’s private IP address|
|SSL Profile (Client)||clientssl|
|SSL Profile (Server)||serverssl|
|Source Address Translation||Auto Map|
Note: These settings are for demonstration only. For details about securing a web application with SSL, see the product documentation at askf5.com.
Traffic to the BIG-IP VE external IP address will now go to the pool members. To test in a browser, type:
You need SSH keys to connect to an instance of BIG-IP VE.
If you use any of the Google tools (Open in browser window, View gcloud command), Google creates keys automatically for you. BIG-IP VE copies the keys locally while they are valid. When they expire, BIG-IP removes them.
By default, all non-expired keys listed inhave access to the BIG-IP VE instance. You can change this by editing the instance and blocking project-wide keys.
The process for generating keys changes, depending on how you decide to connect.
If you choose Open in browser window
Each time you connect to BIG-IP VE, Google creates new keys and adds them to the metadata service. These keys expire every two minutes, and Google creates new keys each time you connect.
If you choose View gcloud command
Each time you connect to BIG-IP VE, Google searches for keys in your home directory (for example,
~/.ssh/google_compute_engine or google_compute_engine.pub). If keys exist, Google uses them to connect. If keys do not exist, you receive a prompt to create them. These keys do not expire.
If you use PuTTY
Before you can connect, you must add your key to the metadata service and then use it when you connect. You can add the keys before, during, or after you deploy BIG-IP VE.
If you want to configure a static route that relies on a gateway in the same subnet as the self IP address, you must first disable the setting that enforces single NIC setup:
modify sys db provision.1nicautoconfig value disable
Confirm that the value is correct by typing
list sys db provision.1nicautoconfig.
The return value should be
If you do not change this value, any time you reboot BIG-IP VE, the manually-configured static route will cause validation errors during
load sys config.