Network Settings¶
Network settings overview¶
An administrator can configure L2 network settings for the rSeries system, such as port groups, LAGs, interfaces, VLANs, LACP, LLDP, and STP. You can configure these network settings from the webUI.
Port groups overview¶
The front-panel ports on F5 r2000/r4000 and F5 r5000/r10000 platforms support port group functionality. Port groups enable you to configure the mode of the physical port, which controls the port speed and whether the port is bundled or unbundled. Until configured, the rSeries system uses port speeds of 100G, 25G, or 10G, depending on the port and the platform. You can change them based on what optical transceiver module type you are using.
Note: F5 r2000/r4000 platforms have pre-defined configuration modes. These port group options are 4x25GbE, 8x10GbE, and 4x10GbE+2x25GbE.
Before configuring any interfaces, VLANs, or LAGs, you can set up port groups so that physical interfaces on the platform are configured for the proper speed and bundling. Depending on the port group mode, a different FPGA version is loaded, and the speed of the port is adjusted accordingly. The system creates the port group components.
Changing the mode for a port group reboots the system, removes stale interfaces from your configuration, and removes any references to stale interfaces from your configuration. You will then need to reconfigure any previously-configured protocols to use the modified port group.
Configure port groups from the webUI¶
You can configure port groups to use a specific mode depending on how you are connecting your system.
Important: Changing the port group mode impacts the view of physical interfaces published by the system. The previous interfaces that corresponded to the previous port group mode are deleted, and new ones are created. All configuration associated with the deleted interfaces is also lost.
Log in to the webUI using an account with admin access.
On the left, click Network Settings > Port Groups.
For a specific port group, select a Mode from the list.
For F5 r5000/r10000, you can choose one of these modes:
| Option | Description |
|---|---|
| 100GbE | Create one interface at 100G speed. |
| 40GbE | Create one interface at 40G speed. |
| 25GbE | Create one interface at 25G speed. |
| 10GbE | Create one interface at 10G speed. |
| 4x10Gb | Creates four interfaces at 10G speed (requires use of a breakout cable). |
For F5 r2000/r4000, you can choose a pre-defined configuration as a mode:
| Option | Description |
|---|---|
| 4x25GbE | Creates four interfaces at 25G speed. |
| 4x10GbE +2x25GbE | Creates four interfaces at 10G speed and two interfaces at 25G speed. |
| 8x10GbE | Creates eight interfaces at 10G speed. |
Click Save.
When you change the port group mode on ports for a specific group, the system resets. The previous interfaces that corresponded to the previous port group mode are deleted, and the associated (underlying) configuration is also lost.
Port Mappings Overview¶
Port mappings show how the front-panel interfaces on F5 r5000/r10000 systems are configured for capacity bandwidth and allocated bandwidth using pipelines and pipeline groups.
| Pipeline | Pipeline Group |
|---|---|
| Display port mappings | Corresponds to a traffic-processing pipeline. There are eight virtual ports per pipeline. Each pipeline has 100Gb of throughput. |
| Contains two pipelines and corresponds to FPGA sockets. The system FPGAs are configured in the bitstream to support the different ports. No bitstream supports all ports simultaneously. |
Display port mappings from the webUI¶
You can view how port mappings are configured from the webUI.
Log in to the webUI using an account with admin access.
On the left, click Network Status & Details > Port Mappings.
The current configuration for port mappings displays.
Port Profiles Overview¶
The front-panel ports on F5 r2000/r4000 systems support port profile functionality. Port profiles enable you to change which mode, or port speed, that port uses. SFP28 ports operate at 25GbE by default, and SFP+ ports operate at 10GbE by default. Only these configurations are available:
| Configuration | Description |
|---|---|
| 8x10G | All eight 10G (SFP+) ports run at 10G speed. This is the default configuration. |
| 2x25G - 4x10G | Two 25G (SFP28) ports run at 25G speed, and four 10G (SFP+) ports run at 10G. |
| 4x25G | All four 25G (SFP28) ports run at 25G speed. |
Changing the mode for a port profile reboots the system, and then removes stale interfaces and any references to stale interfaces from your configuration. You must reconfigure any previously-configured protocols to use your modified port group.
Note: All tenants must be in “configured” state before you can change the port profile. You cannot change the profile while a tenant is in “deployed” state.
Interfaces Overview¶
rSeries systems include a set number of front-panel interfaces (or ports). The number of available interfaces varies depending on hardware model.
Note: For the F5 r2000/r4000 platforms, you can now add the same VLAN ID to multiple members. Adding the same VLAN ID to multiple members could result in L2 loops. Special considerations should be made to the network topology to avoid L2 loops.
Configure Interfaces from the webUI¶
Before you begin, you must already have created the VLANs that you want to associate with the interface.
Note: If you intend to create LAGs, you should wait to associate VLANs with interfaces, because an interface cannot be used as a LAG member if it is associated with a VLAN.
You can configure interfaces from the webUI.
Log in to the webUI using an account with admin access.
On the left, click Network Settings > Interfaces.
A table showing all interfaces displays.Click an interface name.
For Description, enter text to describe the interface.
For Status, select whether the interface is Enabled or Disabled.
These settings are informational, use set values, and cannot be changed: Operational Status, Speed, MAC Address, Interface Type, and LACP State.
For MTU, the maximum transmissions unit is set to the default value of 9600 (read only). This is the largest size that the system allows for an IP datagram passing through a physical interface.
Note: Changing the MTU at the platform level would affect all tenants, so this is configurable at the tenant level for greater control.
Forward Error Correction is set to the default value of Auto (read only) and detects and corrects a limited number of errors in transmitted data.
Note: Since this setting is enabled automatically, your upstream switch must also support Forward Error Correction (FEC).
For Native VLAN (Untagged), select the VLAN ID to use for untagged frames received on an interface (either a single interface or LAG).
Note: An interface or LAG can have only one Native VLAN assigned to it. You can use a Native VLAN with multiple LAGs or interfaces. You cannot use a VLAN, however, as both a Native and Trunk VLAN for the same interface.
For Trunk VLANs (Tagged), select one or more VLAN IDs, if available, and not a member of another LAG; this is used for tagged traffic. You can use the same VLAN ID as the Trunk VLAN across all interfaces or LAGs. You cannot use a VLAN, however, as both a Native and Trunk VLAN for the same interface.
Note: A Trunk VLAN or a Native VLAN is required to pass traffic. If you do not select either a Native VLAN or a Trunk VLAN, the port will not carry any traffic.
Click Save.
Network Utilization and Diagnostics¶
You can monitor the amount of data being transmitted across a network over a given period. These statistics are crucial for maintaining optical performance, preventing congestion, and ensuring fair usage.
Network diagnostics help in troubleshooting by providing a range of network utilities to detect and solve network-related problems.
Display and Reset Interface Statistics from the webUI¶
You can view statistics for physical interfaces configured on the system from the webUI. The table shows, for each interface, the amount of data that was input and output in multiple forms. You can also see in/out errors and frame check sequence (FCS) errors that occurred on each of the interfaces, and you can reset to clear the data.
Log in to the webUI using an account with admin access.
On the left, click Network Status & Details > Interface Statistics.
In the Interface Counters area, change the way the statistics are displayed in the Data Format by selecting Normalized or Unformatted. Selecting Normalized converts the byte representation to kilobytes, megabytes, or terabytes, depending on the size. This provides better data readability, especially when there are massive amounts of traffic passing through the interfaces.
Set the Auto Refresh interval for refreshing the data displayed or click the refresh icon to update the data immediately.
Select one or more interfaces, then click Reset to clear the data.
Display Network Utilization from the webUI¶
You can view the amount of data being transmitted across an interface currently. If multiple interfaces are available, you can select an interface, data type, and change the time series to view historical data and analyze data transmission. To see the network utilization, follow these steps:
Log in to the webUI using an account with admin access.
On the left, click Network Status & Details > Interface Statistics.
In the Network Utilization area, you can view the current and historical statistics for each configured Interface. You can change the way the statistics are displayed in the Data Type by selecting Bits or Packets.
To hide or view the data, click Hide or Show.
Link Aggregation Group (LAG) Overview¶
A link aggregation group (LAG) is a logical group of interfaces that function as a single interface. The LAG (like a trunk on tenant systems) distributes traffic across multiple links, which increases bandwidth by adding the bandwidth of multiple links together. For example, four fast Ethernet (100 Mbps) links, if aggregated, create a single 400 Mbps link. LAGs also enhance connection reliability by providing link failover if a member link becomes unavailable.
Types of LAGs¶
There are two types of LAGs:
| Static | Ports in the LAG are manually configured, and the group of ports assigned to a static LAG is always made up of active members. This is the default type of LAG. |
| Link Aggregation Control Protocol (LACP) | When LACP is enabled on a LAG, the ports configure automatically into groups without manual configuration. The LACP protocol detects error conditions on member links and redistributes traffic to other member links, preventing any loss of traffic on a failed link. |
Create LAGs from the webUI¶
You can create a link aggregation group (LAG) from the webUI.
Log in to the webUI using an account with admin access.
On the left, click Network Settings > LAGs. The screen shows LAGs that are configured.
Click Add.
For Name, enter a name for the LAG.
For Description, enter text to describe the LAG.
For LAG Type, select one of these options:
| Option | Description |
|---|---|
| STATIC | Manually configure the links. The link state of LAG members is not dynamically updated. This is the default value for LAGs. |
| LACP | Automatically bundle links. |
If you select LACP, configure these additional settings:
| Option | Description |
|---|---|
| LACP Interval | Specify an interval at which interfaces send LACP packets. Select FAST (every second) or SLOW (every 30 seconds). |
| LACP Mode | Specify the negotiation state for LACP. Select ACTIVE (in an active negotiating state) or PASSIVE (do not initiate negotiation until peer contacts first). |
For Configured Members, select one or more interfaces (not members of another LAG) to assign to the LAG.
Note: Only interfaces that are configured with the same speeds can be members of the LAG. The interfaces cannot be associated with VLANs. You can add up to 20 members to a LAG.
For Native VLAN (Untagged), select the VLAN ID to use for untagged frames received on a trunk interface.
For Trunk VLANs (Tagged), select one or more VLAN IDs, if available and not a member of another LAG.
Note: A trunk VLAN or a native VLAN is required to pass traffic. If you do not select either a native VLAN or a trunk VLAN, the port will not carry any traffic.
Click Save.
The LAG is created and shown in the list. You can add up to 256 LAGs.
Configure LAGs from the webUI¶
You can edit the properties of an existing link aggregation group (LAG) from the webUI.
Log in to the webUI using an account with admin access.
On the left, click NETWORK SETTINGS > LAGs. The screen shows LAGs that are configured.
Click a LAG name.
For LAG Type, select one of these options:
| Option | Description |
|---|---|
| STATIC | Manually configure the links. The link state of LAG members is not dynamically updated. This is the default value for LAGs. |
| LACP | Automatically bundle links. |
If you select LACP, configure these additional settings:
| Option | Description |
|---|---|
| LACP Interval | Specify an interval at which interfaces send LACP packets. Select FAST (every second) or SLOW (every 30 seconds). |
| LACP Mode | Specify the negotiation state for LACP. Select ACTIVE (in an active negotiating state) or PASSIVE (do not initiate negotiation until peer contacts first). |
For Configured Members, select one or more interfaces (not members of another LAG) to assign to the LAG.
Note: Only interfaces that are configured with the same speeds can be members of the LAG. The interfaces cannot be associated with VLANs. You can add up to 20 members to a LAG.
For Native VLAN (Untagged), select the VLAN ID to use for untagged frames received on a trunk interface.
For Trunk VLANs (Tagged), select one or more VLAN IDs, if available and not a member of another LAG.
Note: A trunk VLAN or a native VLAN is required to pass traffic. If you do not select either a native VLAN or a trunk VLAN, the port will not carry any traffic.
Click Save & Close.
Display LACP Details from the webUI¶
You can view the LACP details on the webUI to troubleshoot. For example, you can determine why an interface member of an LACP LAG on the system is not working as expected.
Steps to View LACP Details:¶
Log in to the webUI using an account with admin access.
On the left, click Network Settings > LACP Details. The screen shows state information about whether LACP is Up, Down, or Defaulted for LACP interfaces. The lower portion of the screen shows details that can be used for troubleshooting LACP issues.
Set the Auto Refresh interval for refreshing the data displayed or click the refresh icon to update the data immediately.
VLAN Overview¶
A VLAN is a logical subset of hosts on a local area network (LAN) that operates in the same IP address space. Grouping hosts together in a VLAN has distinct advantages. For example, with VLANs, you can:
Reduce the size of broadcast domains, thereby enhancing overall network performance.
Reduce system and network maintenance tasks substantially. Functionally related hosts do not need to physically reside together to achieve optimal network performance.
Enhance security on your network by segmenting hosts that must transmit sensitive data.
For the most basic rSeries system configurations, you might create multiple VLANs. That is, you create a VLAN for each of the internal and external networks, as well as a VLAN for high availability communications. You then associate each VLAN with the relevant interfaces or LAGs.
Create VLANs from the webUI¶
You can create a VLAN and associate physical interfaces or LAGs with that VLAN. In this way, any host that sends traffic to an interface is logically a member of the VLAN or VLANs to which that interface or LAG belongs.
Steps to Create a VLAN:¶
Log in to the webUI using an account with admin access.
On the left, click Network Settings > VLANs. The screen shows VLANs that are configured for the system.
Click Add.
For Name, enter a name for the VLAN.
Note: VLAN names must follow these rules: - Start with an alphabetic character (Aa-Zz). - Can be up to 56 characters in length. - After the first character, can contain alphanumeric characters, periods (.), hyphens (-), and underscores (_). - VLAN names must be unique.
For VLAN ID, enter a number between 1-4094 for the VLAN. The VLAN ID identifies the traffic from hosts in the associated VLAN for an associated interface or LAG.
Click Save & Close to create the VLAN. You can also click Save & Create Another, to save the current VLAN and create a new VLAN.
The VLAN is created and displayed in the VLAN list. You can use the VLANs when configuring interfaces, creating LAGs, and deploying tenants (one VLAN can be shared by more than one tenant).
VLAN Listeners Overview¶
VLAN listeners are created and deleted by the system at runtime. They are used to program the destination for broadcast packets and L2 destination lookup failures (DLFs).
The system creates a listener when you configure a VLAN for a tenant.
| VLAN Listener (listener) | Created when a VLAN is used by a single tenant or when a VLAN is not shared among tenants. VLAN listeners that are created for tenant VLANs that do not include any members are indicated with the value 0.host for interface. |
|---|---|
Display VLAN Listeners from the webUI¶
You can view VLAN listeners when you need to troubleshoot data path issues and check whether the correct VLANs are assigned to the tenants from the webUI.
Log in to the webUI using an account with admin access.
On the left, click Network Status & Details > VLAN Listeners. The screen shows VLAN listeners that are active on the system.
Set the Auto Refresh interval for refreshing the data displayed or click the refresh icon to update the data immediately.
You can see the VLAN listeners that are associated with specific interfaces, VLANs, and other related information. If something does not look correct, review the configuration for that object.
IP tunnels overview¶
When you configure rSeries systems for network virtualization, the system represents the connection as a tunnel, which provides a Layer 2 interface on the virtual network. You can use the tunnel interface in both layer 2 and layer 3 configurations. After you create the network virtualization tunnels, you can use the tunnels like you use VLANs.
F5 r5000/r10000 systems support the following tunneling protocols:
GENEVE
GTP
GRE
IP in IP
EtherIP
NVGRE
VXLAN
By configuring IP tunneling protocols on rSeries systems, you provide tenants with custom configuration details needed to even out traffic load balancing across Traffic Management Microkernels (TMMs) inside the tenant.
You can configure these tunneling protocols on the rSeries system:
| Tunneling Protocol | Description |
|---|---|
| GENEVE (Generic Network Virtualization Encapsulation) | Uses a compact tunnel header encapsulated in UDP over IP. |
| GTP (GPRS Tunneling Protocol) | Uses a new disaggregation (DAG) mode for GTP-U traffic that assigns a unique tunnel endpoint identifier (TEID) to each GTP control connection to the peers. This enables a BIG-IP tenant to redistribute the GTP-U traffic among all TMMs. |
| NVGRE (Network Virtualization using Generic Routing Encapsulation) | Uses Generic Routing Encapsulation (GRE) to tunnel layer 2 packets over layer 3 networks. |
| VXLAN (Virtual Extensible Local Area Network) | Uses IP plus UDP to encapsulate layer 2 Ethernet frames within layer 4 UDP datagrams, using 4789 as the default UDP port number. |
For information on configuring tunneling protocols on BIG-IP tenants, see BIG-IP TMOS: Tunneling and IPsec.
IP Tunnel Configuration from the webUI¶
Configure GTP Tunnels from the webUI¶
You can enable the GTP (GPRS Tunneling Protocol) TEID (Tunnel Endpoint Identifier) hash from the webUI. This enables the system to use the TEID instead of the default L4 port mode for DAG hashing.
**Important**: This setting applies to all tenants running on the system.
Steps to Configure GTP Tunnels:¶
Log in to the webUI using an account with admin access.
On the left, click Network Settings > IP Tunnels.
Set GTP-U TEID Hash to:
Enabled: Indicates that TEID is extracted, and L4 Ports are overloaded with TEID values instead of L4 port values.
Disabled: Indicates that there is no change to packet parsing.
The default value is Disabled.
Click Save.
All tenants running on the system now use GTP tunnels.
Configure GENEVE Tunnels from the webUI¶
You can configure the default settings for GENEVE (Generic Network Virtualization Encapsulation) tunnels from the webUI.
Steps to Configure GENEVE Tunnels:¶
Log in to the webUI using an account with admin access.
On the left, click Network Settings > IP Tunnels.
On the card titled GENEVE, click edit icon.
For Enabled, select:
True: Enable GENEVE tunnels on the system.
False: Disable GENEVE tunnels.
For Destination Port, edit the port number (0 to 65535). The default value is 6081.
Click Save.
Configure NVGRE Tunnels from the webUI¶
You can configure the default settings for NVGRE (Network Virtualization using Generic Routing Encapsulation) tunnels from the webUI.
Steps to Configure NVGRE Tunnels:¶
Log in to the webUI using an account with admin access.
On the left, click Network Settings > IP Tunnels.
On the card titled NVGRE, click edit icon.
For EtherType, edit the EtherType for NVGRE tunnel traffic. Allowed values are a hexadecimal value with a leading “0x” followed by 4 digits. The default value is 0x6558 (Transparent Ethernet Bridging).
Click Save.
Configure VXLAN Tunnels from the webUI¶
You can configure the default settings for VXLAN (Virtual Extensible LAN) tunnels from the webUI.
Steps to Configure VXLAN Tunnels:¶
Log in to the webUI using an account with admin access.
On the left, click Network Settings > IP Tunnels.
On the card titled VXLAN, click edit icon.
For Destination Port, edit the port number (0 to 65535). The default value is 4789.
For GPE Enabled, select:
True: Enable support for the VXLAN GPE tunnel type.
False: Disable support for the VXLAN GPE tunnel type.
For GPE Destination Port, edit the port number. The default value is 4790.
For NSH Enabled, select:
True: Enable the VXLAN GPE NSH tunnel type.
False: Disable the VXLAN GPE NSH tunnel type.
Click Save.
Disable IP Tunnels from the webUI¶
You can disable IP tunnels from the webUI.
Reset IP Tunnels to Default Values from the webUI¶
You can reset IP tunnels to their default values from the webUI.
Steps to Reset IP Tunnels:¶
Log in to the webUI using an account with admin access.
On the left, click Network Settings > IP Tunnels.
Click Reset button on the card corresponding to the protocol that you want to reset.
Link Layer Discovery Protocol (LLDP) Overview¶
The rSeries system supports Link Layer Discovery Protocol (LLDP), a Layer 2 industry-standard protocol (IEEE 802.1AB) that enables a network device to advertise its identity and capabilities to multi-vendor neighbor devices on a network. The protocol also enables a network device to receive information from neighbor devices. LLDP transmits device information in LLDP frames using the TLV (Type-Length-Value) format.
In general, this protocol:
Advertises connectivity and management information about the local rSeries device to neighbor devices on the same IEEE 802 LAN.
Receives network management information from neighbor devices on the same IEEE 802 LAN.
Operates with all IEEE 802 access protocols and network media.
Configure LLDP from the webUI¶
Before you can configure LLDP, make sure that the interfaces you will use are up and running with VLANs configured.
Steps to Configure LLDP:¶
Log in to the webUI using an account with admin access.
On the left, click Network Settings > LLDP.
Set Enable LLDP to Enabled.
Type a System Name and optionally, a System Description.
For TX Interval, enter a number (0-65535) for the interval (in seconds) at which LLDP packets are sent to neighbors. The default value is 30 seconds.
For TX Hold, enter a number (0-65535). The default value is 4 seconds.
For Reinitiate Delay, enter a number (0-65535) to specify the minimum time interval, in seconds, an LLDP port waits before re-initializing an LLDP transmission. The default value is 2 seconds.
For TX Delay, enter a number (0-65535) to specify the minimum time delay, in seconds, between successive LLDP frame transmissions. The default value is 2 seconds.
For Max Neighbors Per Port, enter a number to specify the maximum number of LLDP neighbors for which LLDP data is retained. The default value is 10.
In the Interfaces table, select the interface and LAG (if any) for which you want to enable LLDP. Interfaces must be configured one at a time. For each one selected:
a) Select Enabled.
b) For TLV Advertisement State, select TX (Transmit only), RX (Receive only), or TXRX (Transmit and Receive).
c) For TLV Map, select the TLV device information that you want to transmit and/or receive, such as MAC Phy configuration, management address, MFS (maximum frame size), port description, port ID, and power MDI.
Click Save.
To remove an interface that has been enabled for LLDP:
a) In the Interfaces table, select the interface you want to remove.
b) Click Remove.
c) Click Save.
LLDP is configured on the system for the specified interfaces and LAGs.
Remove LLDP Interfaces from the webUI¶
You can remove LLDP interfaces from the webUI.
Steps to Remove LLDP Interfaces:¶
Log in to the webUI using an account with admin access.
On the left, click Network Settings > LLDP.
In the Interfaces table, select the interfaces you want to remove. For each interface selected:
a) Click Remove.
Click Save.
The LLDP interfaces are removed.
Display LLDP Details from the webUI¶
LLDP enables a network device to advertise information about itself to other devices on the network and enables network devices to receive information from neighboring devices. If using LLDP, you can display state information for the LLDP-enabled interfaces and LAGs on the system. When LLDP is enabled to receive data in a working network, any device information received from neighbors is included in a table.
Steps to Display LLDP Details:¶
Log in to the webUI using an account with admin access.
On the left, click Network Status & Details > LLDP Details. The screen shows LLDP state information for interfaces in the system (similar to information shown at the CLI using
show lldp).In the Neighbors table, examine the identification, configuration, and capabilities of neighboring devices. This information provides details useful for troubleshooting many configuration problems.
Set the Auto Refresh interval for refreshing the data displayed or click the refresh icon to update the data immediately.
Spanning Tree Protocol (STP) Overview¶
The rSeries system supports a set of industry-standard, Layer 2 protocols known as spanning tree protocols. A spanning tree is a logical tree-like depiction of the bridges on a network and the paths that connect them. Spanning tree protocols block redundant paths on a network, preventing bridging loops. If a blocked, redundant path is needed later because another path has failed, the spanning tree protocols clear the path again for traffic.
**Note:** Spanning tree protocols are supported only on F5 r5000/r10000 platforms.
The spanning tree protocols that the rSeries system supports are:
Spanning Tree Protocol (STP) - 802.1d
Rapid Spanning Tree Protocol (RSTP) - 802.1w
Multiple Spanning Tree Protocol (MSTP) - 802.1s
You can configure spanning tree protocols on the system from the webUI. Only one spanning tree protocol can be configured at a time.
Central to the way that spanning tree protocols work is the use of bridge protocol data units (BPDUs). When you enable spanning tree protocols on Layer 2 devices on a network, the devices send BPDUs to each other to learn the redundant paths and update their L2 forwarding tables accordingly, electing a root bridge, building a spanning tree, and notifying each other about changes in interface status.
Note: The term bridge refers to a Layer 2 device such as a switch, bridge, or hub.
When you configure spanning tree on the rSeries system, you must first decide which protocol, or mode, you want to enable. Because MSTP recognizes VLANs, using MSTP is preferable. All bridges in a network environment that you want to use spanning tree must run the same spanning tree protocol. If a legacy bridge running RSTP or STP is added to the network, the rSeries system must switch and also use that same protocol.
Note: You cannot enable STP on individual LAG members. Live upgrades will not work if STP is not configured correctly; resolve any configuration issues before upgrading.
Note: You cannot enable STP on interfaces that are configured as virtual networks. For more information on configuring virtual wire and virtual networks, see Virtual wire overview.
STP/RSTP/MSTP Configuration from the WebUI¶
You can configure Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP) from the webUI by selecting the desired protocol from the STP Configuration page under Network Settings. You can also disable STP functionality by selecting Disabled.
Configure STP from the WebUI¶
You can configure Spanning Tree Protocol (STP) from the webUI. To disable the use of STP Modes, select Disabled.
Note: Spanning tree protocols are only supported on F5 r5000/10000 platforms.
Log in to the webUI using an account with admin access.
On the left, click Network Settings > STP.
For STP Mode, select:
STP (single instance, best on networks with legacy systems).
A message warns you that changing modes deletes any existing STP configuration settings. When you click OK, the selected mode is enabled, and additional options for that mode display (with default values set).
For Hello Time, specify the time interval, in seconds, that the system transmits spanning tree information (through BPDUs) to adjacent bridges in the network. The default value is 2.
For Max Age, specify the length of time, in seconds, that spanning tree information received from other bridges is considered valid. The default value is 20, and the valid range is from 6 to 40.
For Forwarding Delay, specify the amount of time, in seconds, that the system blocks an interface from forwarding network traffic when the spanning tree algorithm reconfigures a spanning tree. The default value is 15, and the valid range is from 4 to 30. This has no effect when running in RSTP or MSTP unless using an added legacy STP bridge.
For Hold Count, specify the maximum number of spanning tree frames (BPDUs) that the system can transmit on a port within the Hello Time interval. The default value is 6, and the valid range is from 1 to 10.
For Bridge Priority, specify the bridge in the spanning tree with the lowest relative priority becomes the root bridge. The default value is 32768, and the valid range is from 0 to 61440 in multiples of 4096.
For Interfaces, select (one at a time) the interfaces and LAGs, if any, for which you want to configure STP and specify these fields:
Option
Description
Cost
Used to calculate the cost of sending spanning tree traffic through the interface to an adjacent bridge or spanning tree region, based on the speed of the interface. The default value is 0, and the valid range is from 0 (lowest) to 200,000,000 (highest).
Port Priority
Used as the port identifier together with the port number. The default value is 128 (when an interface is selected), and the valid range is from 0 (highest) to 240 (lowest) in multiples of 16.
Edge Port
Needed only for RSTP or MSTP. When enabled, indicates the interface or LAG is an edge port that does not receive any BPDU frames. Set to EDGE-AUTO, EDGE-ENABLE, or EDGE-DISABLE. If you enable EDGE-ENABLE, and the interface later receives BPDUs, the system disables the setting automatically, because only non-edge interfaces can receive BPDUs.
Link Type
Specifies the type of optimization:
• P2P: Optimizes for point-to-point spanning tree links (connects two spanning tree bridges only). Note that P2P is the only valid STP link type for a LAG.
• Shared: Optimizes for shared spanning tree links (connecting two or more spanning tree bridges).
Note: For more information on the available interfaces and LAGs, see the NETWORK SETTINGS > Interfaces or LAGs screens.
Click Save.
The system displays a confirmation dialog confirming whether to change the STP mode.
STP is now set up for use on the system.
Configure RSTP from the WebUI¶
You can configure Rapid Spanning Tree Protocol (RSTP) from the webUI. To disable the use of STP Modes, select Disabled.
Note: Spanning tree protocols are only supported on F5 r5000/r10000 platforms.
Log in to the webUI using an account with admin access.
On the left, click Network Settings > STP.
For STP Mode, select RSTP (single instance, fast convergence).
A message warns you that changing modes deletes any existing STP configuration settings. When you click OK, the selected mode is enabled, and additional options for that mode are displayed (with default values set).
For Hello Time, specify the time interval, in seconds, that the rSeries system transmits spanning tree information (through BPDUs) to adjacent bridges in the network. The default value is 2. For RSTP, maintain this relationship:
Max Age >= 2 * (Hello Time + 1).For Max Age, specify the length of time, in seconds, that spanning tree information received from other bridges is considered valid. The default value is 20, and the valid range is from 6 to 40. Maintain these relationships:
Max Age >= 2 * (Hello Time + 1)Max Age <= 2 * (Forward Delay - 1)
For Forwarding Delay, specify the amount of time, in seconds, that the system blocks an interface from forwarding network traffic. The default value is 15, and the valid range is from 4 to 30.
For Hold Count, specify the maximum number of spanning tree frames (BPDUs) that the system can transmit on a port within the Hello Time interval. The default value is 6, and the valid range is from 1 to 10.
For Bridge Priority, configure this setting so that the system never becomes the root bridge. The default value is 32768, and the valid range is from 0 to 61440 in multiples of 4096.
For Interfaces, select (one at a time) the interfaces and LAGs, if any, for which you want to configure RSTP and specify these fields:
| Option | Description |
|---|---|
| Cost | Used to calculate the cost of sending spanning tree traffic through the interface to an adjacent bridge or spanning tree region, based on the speed of the interface. The default value is 0, and the valid range is from 0 (lowest) to 200,000,000 (highest). |
| Port Priority | Used as the port identifier together with the port number. The default value is 128 (when an interface is selected), and the valid range is from 0 (highest) to 240 (lowest) in multiples of 16. |
| Edge Port | Needed only for RSTP or MSTP. When enabled, indicates the interface or LAG is an edge port that does not receive any BPDU frames. Set to EDGE-AUTO, EDGE-ENABLE, or EDGE-DISABLE. If you enable EDGE-ENABLE, and the interface later receives BPDUs, the system disables the setting automatically, because only non-edge interfaces can receive BPDUs. |
| Link Type | Specifies the type of optimization: • P2P: Optimizes for point-to-point spanning tree links (connects two spanning tree bridges only). Note that P2P is the only valid STP link type for a LAG. • Shared: Optimizes for shared spanning tree links (connecting two or more spanning tree bridges). |
Note: For more information on the available interfaces and LAGs, see the Network Settings > Interfaces or LAGs screens.
Click Save.
The system displays a confirmation dialog confirming whether to change the STP mode.
RSTP is now set up for use on the system.
Configure MSTP from the WebUI¶
If you want to use Multiple Spanning Tree Protocol (MSTP) to define a region, you can configure it from the webUI. To disable the use of STP Modes, select Disabled.
Note: Spanning tree protocols are only supported on F5 r5000/r10000 platforms.
Log in to the webUI using an account with admin access.
On the left, click Network Settings > STP.
For STP Mode, select MSTP (multiple instances, fast convergence).
For Region Name, enter a name (string with 1 to 32 characters) that you assign to all bridges in a spanning tree region.
A spanning tree region is a group of bridges with identical region names and MSTP revision numbers, as well as identical assignment of VLANs to spanning tree instances. The default value is the bridge MAC address. A region can have multiple members with the same MSTP configuration.
For Revision, specify a global revision number that you assign to all bridges in a spanning tree region.
The default value is 0, and the valid range is 0 to 65535. All bridges in the same region must have this same configuration revision number.
For Max Hop, specify the maximum number of hops that a spanning tree frame (BPDU) can traverse before it is discarded. The default value is 20, and the valid range is from 1 to 255.
For Hello Time, specify the time interval, in seconds, that the system transmits spanning tree information (through BPDUs) to adjacent bridges in the network. The default value is 2.
For Max Age, specify the length of time, in seconds, that spanning tree information received from other bridges is considered valid. The default value is 20, and the valid range is from 1 to 255.
For Forwarding Delay, specify the amount of time, in seconds, that the system blocks an interface from forwarding network traffic when the spanning tree algorithm reconfigures a spanning tree. The default value is 15, and the valid range is from 4 to 30. This has no effect when running in RSTP or MSTP unless using an added legacy STP bridge.
For Hold Count, specify the maximum number of spanning tree frames (BPDUs) that the system can transmit on a port within the Hello Time interval. This ensures that spanning tree frames do not overload the network. The default value is 6, and the valid range is from 1 to 10.
To configure multiple instances for a region, adjust these settings for MSTP Instances:
a) Under Instances, click +.
b) In the Add MSTP Instance popup, for Instance ID, enter a positive integer and click Add.
c) Under Instances, select one of the instances. Available interfaces are listed below.
d) Under VLANs, select the VLANs to map to this instance.
e) For Bridge Priority, configure this setting so that the rSeries system never becomes the root bridge. The default value is 32768, and the valid range is from 0 to 61440 in multiples of 4096. Each MSTP instance can have its own bridge priority.
f) For Interfaces, select the interfaces (one at a time) that traffic for this instance can use and specify these fields:
| Option | Description |
|---------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Cost | Used to calculate the cost of sending spanning tree traffic through the interface to an adjacent bridge or spanning tree region, based on the speed of the interface. The default value is **0**, and the valid range is from **0 (lowest)** to **200,000,000 (highest)**. |
| Port Priority | Used as the port identifier together with the port number. The default value is **128** (when an interface is selected), and the valid range is from **0 (highest)** to **240 (lowest)** in multiples of **16**. |
| Edge Port | Needed only for RSTP or MSTP. When enabled, indicates the interface or LAG is an edge port that does not receive any BPDU frames. Set to **EDGE-AUTO**, **EDGE-ENABLE**, or **EDGE-DISABLE**. If you enable **EDGE-ENABLE**, and the interface later receives BPDUs, the system disables the setting automatically, because only non-edge interfaces can receive BPDUs. |
| Link Type | Specifies the type of optimization: <br> • **P2P**: Optimizes for point-to-point spanning tree links (connects two spanning tree bridges only). Note that P2P is the only valid STP link type for a LAG. <br> • **Shared**: Optimizes for shared spanning tree links (connecting two or more spanning tree bridges). |
Continue to configure any other instances that you might need.
Click Save.
The system displays a confirmation dialog confirming whether to change the STP mode. MSTP is set up for use on the system.
Virtual wire overview¶
A virtual wire (also known as L2 inline service) logically connects either two interfaces/physical ports or two LAGs to each other. This enables the system to forward traffic from one interface to another, in either direction. Packets received on a virtual-wire interface are forwarded to the other endpoint of the virtual wire.
Important: The endpoints of a virtual wire must be of the same type. For example, you cannot mix an interface and a LAG in a virtual wire.
A virtual network forms an internal virtual L2/L3 network in the system. Each virtual network has its own set of external network endpoints and can be configured using one of two modes: default and virtual-wire.
After you create a virtual wire, you can attach it to a tenant. A single tenant can use multiple virtual networks.
Note: Virtual wire is supported only on F5 r5000/r10000 platforms.
Note: You cannot enable spanning tree protocol (STP) on interfaces that are configured as virtual networks. For more information on configuring STP, see Spanning tree protocol (STP) overview.
Virtual wire configuration from the webUI¶
Configure virtual networks from the webUI¶
You can create a virtual network with a specified mode and interface members or link aggregation groups (LAGs).
Note: Only STATIC LAGs (not LACP) support virtual networks.
Steps to Create a Virtual Network¶
Log in to the webUI using an account with admin access.
On the left, click Network Settings > Virtual Wire.
In the Virtual Networks area, click Add.
For Name, enter a name for the virtual network.
For Mode, select virtual-wire.
Important: You cannot create a virtual wire using this virtual network if you select default.
For Member, select from available interface members and STATIC LAGs.
Click Save & Close.
After configuring virtual networks, you can create virtual wires that use these virtual networks.
Configuring Virtual Wires from the webUI¶
You can create a virtual wire that includes exactly two virtual networks.
Steps to Create a Virtual Wire¶
Log in to the webUI using an account with admin access.
On the left, click Network Settings > Virtual Wire.
In the Virtual Wires area, click Add.
For Name, enter a name for the virtual wire.
For Propagate Link Status, select whether to specify that if one interface in the virtual wire loses its connection (link is down), that state propagates to the other interface in the virtual wire. The default value is False.
For Virtual Networks, select exactly two existing virtual networks to add to this virtual wire.
The virtual wire networks must have the same member type (either interface or LAG). Mixing types is not supported.
Each virtual network must have the same number of configured members.
Click Save & Close.
After configuring virtual networks and virtual wires, you can assign virtual wires to a tenant.
Adding a Virtual Wire to a Tenant from the webUI¶
You can add a virtual wire to a configured tenant from the webUI.
Steps to Add a Virtual Wire to a Tenant¶
Log in to the webUI using an account with admin access.
On the left, click Tenant Management > Tenant Deployments.
The Tenant Deployment screen displays existing tenant deployments and associated details.
Click the name of the tenant deployment you want to modify. A drawer appears that displays the Tenant’s state information. Click edit icon on the drawer.
For Virtual Wires, select configured virtual wires to be used by the tenant.
Note: This field displays only when virtual wires are configured on the system.
Click Save.
The tenant is reconfigured to use the selected virtual wires.