Google Cloud Platform: Single NIC BIG-IP VE

To deploy BIG-IP VE in a single NIC configuration in the Google Cloud Platform environment, complete these tasks.

This is a specific example, which you can use to test a single NIC deployment. When done, you should be able to send traffic to your application servers through BIG-IP VE.

Step Task Details
1 Choose an F5 license Choose an F5 license. You can get a trial license if you need one.
2 Create firewall rules

You can add firewall rules to your network before you deploy, or to the instance itself, during or after the deployment.

  • Port 22 for SSH access.
  • Port 8443 for the BIG-IP Configuration utility.
  • A port for your application server, like HTTPS port 443.
3 Deploy a BIG-IP VE instance Go to Cloud Launcher and select the F5 image you want to deploy.
4 Change the external IP to static When you deploy BIG-IP VE, the external IP address is ephemeral, meaning it changes when BIG-IP VE reboots. Change the external IP to static (Networking -> External IP addresses -> Type).
5 Set an admin password for BIG-IP VE Use SSH to connect to the BIG-IP VE instance and set an admin password, which you will use to connect to the Configuration utility. For connection details, see this doc.
6 License BIG-IP VE Use the admin account to log in to the BIG-IP Configuration utility (https://<public-ip-address:8443>).
7 Provision BIG-IP VE Enable the modules you need.
8 Create a pool and add members to it Create a pool that contains your application servers.
9 Create a virtual server Create a virtual server, which provides a destination for your inbound web traffic and points to the pool of web servers.

Sample single-NIC configuration

The following diagram shows a basic single NIC deployment of BIG-IP VE in the Google Cloud Platform environment. Follow the steps in this guide to create this deployment.


As the diagram shows, all access to the BIG-IP VE is through the same IP address and virtual network interface (vNIC). When you first boot BIG-IP VE, the system automatically creates networking objects (vNIC 1.0, an internal VLAN, and an internal self IP address) for you, and sets the port for the BIG-IP Configuration utility to 8443.

Because only one self IP address is available in this configuration, the BIG-IP VE high availability feature is not available. (You cannot create an active-standby pair.) If you have two or more applications that need access to the same port, you have options, including:

  • BIG-IP VE supports Server Name Indicator (SNI), which allows a single virtual IP address to host multiple domains. For more information, see
  • If you are using Windows/IIS web sites, add a DNS record for each domain name and have them both point to the same IP address. The browser sends the URL in the host header field of the request to serve the correct web site.
  • Use BIG-IP iRules to make pool decisions based on header content.

Follow the steps in this guide, or, if you’d prefer, watch a video of the deploy:

Deploy BIG-IP VE in Google Cloud

To use BIG-IP VE in Google Cloud, deploy it in your project.

  1. In the Google Cloud Platform Console, in the top left corner, click the Products & services icon.

  2. In the left pane, click Cloud Launcher.

  3. In the Search for solutions field, type F5 and from the results, click the image you want.

  4. Click Launch on Compute Engine.


  5. Complete the fields. For the machine type, choose at least 2 vCPU and 4 GB memory. For each vCPU, add at least 2 GB of memory.


    Note: Port 22 allows SSH access to BIG-IP VE; port 8443 provides access to the web-based BIG-IP Configuration utility.

  6. Click Deploy.

The instance launches. Wait at least five minutes before you use SSH to connect.

Set an admin password for BIG-IP VE

The first time you boot BIG-IP VE, you must connect to the instance and create a strong admin password. You will use the admin account and password to access the BIG-IP Configuration utility.

This management interface may be accessible to the Internet, so the password must be strong.

  1. Use an SSH tool to connect to the BIG-IP VE instance as admin.

    • In the Google console, if you use SSH -> Open in browser window, on the window that opens, click the Settings icon, click Change Linux Username, type admin, and click Change.
    • In the Google console, if you use SSH -> View gcloud command, type admin@ before the instance name, for example: gcloud compute –project "teamproject" ssh –zone "us-central1-f" "admin@instancename".
    • If you use PuTTY, before you connect, add your key in the Google console (Compute Engine -> Metadata -> SSH Keys).

    For more information about how to connect, see

  2. To ensure you are at the tmsh command prompt, type tmsh.

  3. Change the admin password:

    modify auth password admin

    The terminal screen displays the message:

    changing password for admin

    new password:

  4. Type the new password and press Enter.

    The terminal screen displays the message:

    confirm password

  5. Re-type the new password and press Enter.

  6. Ensure that the system retains the password change and press Enter.

    save sys config

    The terminal screen displays the message:

    Saving Ethernet mapping...done

For more details about how SSH connections work in Google Cloud Platform, see this topic.

License BIG-IP VE

You must enter license information before you can use BIG-IP VE.

  1. Open a web browser and log in to the BIG-IP Configuration utility by using https with the external IP address and port 8443, for example: https://<external-ip-address>:8443. The username is admin and the password is the one you set previously.

  2. On the Setup Utility Welcome page, click Next.

  3. On the General Properties page, click Activate.

  4. In the Base Registration key field, enter the case-sensitive registration key from F5.

    For Activation Method, if you have a production or Eval license, choose Automatic and click Next.

    If you chose Manual, complete these steps:

    1. In the Step 1: Dossier field, copy all of the text and then click Click here to access F5 Licensing Server.


      A separate web page opens.

    2. On the new page, click Activate License.

    3. In the Enter your dossier field, paste the text and click Next.


    4. Accept the agreement and click Next.

    5. On the Activate F5 Product page, copy the license text in the box. Now go back to the BIG-IP Configuration utility and paste the text into the Step 3: License field.


    6. Click Next.

The BIG-IP VE system registers the license and logs you out. When the configuration change is successful, click Continue to provision BIG-IP VE.

Provision BIG-IP VE

You must confirm the modules you want to run before you can begin to work in the BIG-IP Configuration utility.

  1. Open a web browser and log in to the BIG-IP Configuration utility.

  2. On the Resource Provisioning screen, change settings if necessary and click Next.

  3. On the Device Certificates screen, click Next.

  4. On the Platform screen, in the Admin Account field, re-enter the password for the admin account and click Next.


    BIG-IP VE logs you out.

  5. When you log back in, on the Setup Utility -> Network screen, in the Advanced Network Configuration area, click Finished.


Create a pool and add members to it

Traffic goes through BIG-IP VE to a pool. Your application servers should be members of this pool.

  1. Open a web browser and go to the BIG-IP Configuration utility, for example: https://<external-ip-address>:8443.

  2. On the Main tab, click Local Traffic -> Pools.

  3. Click Create.

  4. In the Name field, type web_pool. Names must begin with a letter, be fewer than 63 characters, and can contain only letters, numbers, and the underscore (_) character.

  5. For Health Monitors, move https from the Available to the Active list.

  6. Choose the load balancing method or retain the default setting.

  7. In the New Members section, in the Address field, type the IP address of the application server.

  8. In the Service Port field, type a service port, for example, 443.

  9. Click Add.

    The list now contains the member.

  10. Add additional pool members as needed and click Finished.

Create a virtual server

A virtual server listens for packets destined for the external IP address. You must create a virtual server that points to the pool you created.

  1. In the BIG-IP Configuration utility, on the Main tab, click Local Traffic -> Virtual Servers.

  2. Click Create and populate the following fields.

    Field Value
    Name A unique name
    Destination Address/Mask BIG-IP VE’s private IP address
    Service Port 443
    HTTP Profile http
    SSL Profile (Client) clientssl
    SSL Profile (Server) serverssl
    Source Address Translation Auto Map
    Default Pool web_pool

    Note: These settings are for demonstration only. For details about securing a web application with SSL, see the product documentation at

  3. Click Finished.

Traffic to the BIG-IP VE external IP address will now go to the pool members. To test in a browser, type: https://<external-IP-address>.

Other resources

About SSH keys in Google Cloud Platform

You need SSH keys to connect to an instance of BIG-IP VE.

If you use any of the Google tools (Open in browser window, View gcloud command), Google creates keys automatically for you. BIG-IP VE copies the keys locally while they are valid. When they expire, BIG-IP removes them.

By default, all non-expired keys listed in Compute Engine -> Metadata -> SSH Keys have access to the BIG-IP VE instance. You can change this by editing the instance and blocking project-wide keys.

The process for generating keys changes, depending on how you decide to connect.


If you choose Open in browser window

Each time you connect to BIG-IP VE, Google creates new keys and adds them to the metadata service. These keys expire every two minutes, and Google creates new keys each time you connect.

If you choose View gcloud command

Each time you connect to BIG-IP VE, Google searches for keys in your home directory (for example, ~/.ssh/google_compute_engine or If keys exist, Google uses them to connect. If keys do not exist, you receive a prompt to create them. These keys do not expire.

If you use PuTTY

Before you can connect, you must add your key to the metadata service and then use it when you connect. You can add the keys before, during, or after you deploy BIG-IP VE.

About routes

If you want to configure a static route that relies on a gateway in the same subnet as the self IP address, you must first disable the setting that enforces single NIC setup:

modify sys db provision.1nicautoconfig value disable

Confirm that the value is correct by typing list sys db provision.1nicautoconfig.

The return value should be disable.

If you do not change this value, any time you reboot BIG-IP VE, the manually-configured static route will cause validation errors during load sys config.