Microsoft Azure: Multi-NIC BIG-IP VE¶
When you deploy BIG-IP VE from the Azure Marketplace, BIG-IP VE has a single NIC and only one available IP address.
If you prefer a configuration with multiple NICs and/or IP addresses, you can deploy BIG-IP VE by using:
- An Azure template
- The Azure command-line interface (CLI)
F5 maintains templates that you can use to create a multi-NIC deployments. For more information, see https://github.com/F5Networks.
For more information about multiple NICs in Azure, see https://azure.microsoft.com/en-gb/updates/ga-multiple-ips-per-nic.
When you create a multi-NIC configuration of BIG-IP VE in Azure, you can specify which NIC to use for which traffic.
You may want to have management and data (application) traffic on the same NIC. If you do:
- You can use a smaller Azure instance type (one that supports fewer NICs)
- The configuration is simpler and has only one external facing IP address
A configuration with separate NICs and IP addresses is more of a traditional BIG-IP VE setup, with a management, internal, and external subnet, for example.
About management and data traffic on separate NICs¶
When you deploy BIG-IP VE with multiple NICs, you can use a separate NIC for management, data (application), and internal traffic.
In this configuration, each NIC can have one or more IP addresses associated with it. For example, your external NIC can now have multiple IP addresses, each of which you can use as a virtual server.
This deployment shows three subnets:
- An external, public subnet, where you’ll create a virtual server to accept Internet traffic.
- An internal, private subnet, where your application servers live.
- A management subnet, where you can access the BIG-IP Configuration utility; you use the Configuration utility to configure BIG-IP VE.
Traffic flows from clients through BIG-IP VE to application servers.
Note: This example shows a single, standalone BIG-IP VE. To use config sync with two or more BIG-IP VEs in the same availability set, add all virtual server IP addresses to traffic group none.
Use separate NICs for management and data traffic¶
When you deploy BIG-IP VE with multiple NICs, you can separate your management, data (application), and internal traffic so that each has its own NIC.
To create this multi-NIC configuration in Azure, you need the following resources:
- An Azure instance type that supports more than one NIC. For more information, see https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes-general.
- A VNET with multiple subnets (for example, management, internal, and external).
- Three NICs, each on a unique subnet. The first NIC is for management.
- A public IP address, associated with the external NIC, for the virtual server.
- An availability set, if you plan to do add more BIG-IP VE instances.
Depending on your region and the version of BIG-IP VE you want to deploy, you must choose a BIG-IP VE image. To view the list of available images:
- In the Azure CLI, see https://docs.microsoft.com/en-us/azure/virtual-machines/linux/cli-ps-findimage.
- In PowerShell, see: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/cli-ps-findimage.
The publisher is
Then you can deploy an instance of BIG-IP VE. If necessary, select the availability set during deployment.
After you deploy BIG-IP VE, you must:
- Ensure that the network security group (NSG) allows traffic through port 443. The BIG-IP Configuration utility is accessible through this port.
- If you used an SSH key, use an SSH tool to connect to BIG-IP VE and set the admin password by using the tmsh command modify auth password admin.
- In BIG-IP VE, configure a self IP for each private IP address assigned to a NIC in Azure. Then create a corresponding VLAN. Finally, create a pool and virtual server.