Microsoft Hyper-V: BIG-IP Virtual Edition User’s Guide¶
Get help when working with F5 BIG-IP VE in Hyper-V.
Recommendations for optimum Hyper-V throughput¶
You can increase throughput of F5® BIG-IP® Virtual Edition (VE) on Hyper-V by following the recommendations described here. F5 has certified throughput with these recommendations; however, they are not required for 1Gbps performance.
Host system recommendations¶
Optimum settings for the host system include:
- An Intel X520 network interface card (NICs) with two ports, one for the external and one for the internal interface. The NIC used for the management and/or HA interfaces can be a 1G card. For configurations that include an HA VLAN, the virtual switch can either share the NIC used by the management VLAN or use its own NIC.
- Each NIC requires a virtual switch.
- If your are using the Intel X520 NIC, the NIC drivers must be upgraded to a version at least as recent as version 3.8.35.0 NDIS 6.30.
- The driver properties for the 10G NICs must be modified to disable Virtual Machine Queue (VMQ) and Interrupt Moderation. (You can use either the Hyper-V Manager graphic user interface or the PowerShell command line interface to perform this modification.)
Hypervisor recommendations¶
Optimum settings for the Hyper-V Manager include:
- Disable Non-Uniform Memory Access (NUMA) spanning.
- Disable Virtual Machine Queue (VMQ) for the VE. You should do this even if you’ve already disabled VMQ for the hypervisor, but especially if you chose not to disable VMQ for the hypervisor NICs.
- Increase the number of licensed TMM cores to 8 and the amount of memory to 16 Gb.
BIG-IP VE considerations¶
You may also increase your VE performance by reducing the interrupt coalescing threshold for the BIG-IP VE. You can use the following tmsh command:
tmsh modify sys db scheduler.unicasleeprxlimit.ltm value 16
Licensing BIG-IP VE¶
In order to use BIG-IP VE, you must have a license from F5.
To choose the license you need, see this webpage. You can get a trial license if you need one.
To learn how to license a BIG-IP, consult the K7752 article.
Reusing licenses¶
In BIG-IP VE version 12.1.3.3+, and 13.1.0.2+ ONLY, you can revoke the license from a virtual machine and re-use it on another virtual machine.
From the Configuration utility, to revoke the license, go to Revoke.
and clickFrom tmsh, to revoke the license, run the command:
tmsh revoke sys license
This functionality works for these BIG-IP VE versions ONLY.
Per-App licenses¶
When you want to use BIG-IP VE with one back-end application, choose a Per-App license.
Per-App licenses are currently available:
- As BYOL (Bring Your Own License)
- With throughput speeds of 25 or 200 Mbps
- In BIG-IP VE 13.1.0.2 and later
This license is available for Local Traffic Manager (LTM) only, or you can use it to run LTM and Application Security Manager (ASM) as a WAF (Web Application Firewall).
Per-App licenses are also used as part of BIG-IP Cloud Edition, to license BIG-IP VE instances when they are auto-scaled from within BIG-IQ.
Per-App licensing virtual server options¶
With a Per-App license, you can create one virtual IP address and three virtual servers.
The three virtual servers in this case would have the same destination IP address, but would use different ports.
For example, you can have the following virtual servers:
Name | Description | Destination Address/Service Port |
---|---|---|
VS1 | Website traffic | 10.10.10.10:443 |
VS2 | Redirect for website traffic | 10.10.10.10:80 |
VS3 | Website instrumentation/health checking | 10.10.10.10:8080 |
If you’d prefer, the virtual server can be a wildcard. For example, the Destination Address would be 0.0.0.0 instead of 10.10.10.10 in the previous example. You can specify the Service Port, or use *.
Name | Description | Destination Address/Service Port |
---|---|---|
VS1 | Catch-all, log with iRule | 0.0.0.0:* |
VS2 | Website traffic | 0.0.0.0:443 |
VS3 | Website instrumentation/health checking | 0.0.0.0:8080 |
Licenses for BIG-IP add-on modules¶
Some add-on modules for BIG-IP will require an add-on license. For complete details, consult the Activating add-on modules procedure in the K7752 article.
Increase disk space for BIG-IP VE¶
You must increase disk space on most cloud and hypervisor platforms, if you want to provision multiple modules. For more information, refer to the following topics: Disk usage by the BIG-IP modules with application volumes, Getting Started with BIG-IP Virtual Edition, and Overview of BIG-IP VE image sizes. To increase the disk space for BIG-IP VE allowing for additional module provisioning, expand the following VE directory:
/appdata
Before proceeding with the following steps for expanding configuration disk space, use hypervisor tools to expand the disk size for the BIG-IP VE virtual machine and reboot.
Then use the BIG-IP VE tmsh
utility to increase the amount of disk space used by the four BIG-IP VE directories:
/config
/shared
/var
/var/log
Note
At the time of this release, decreasing the VE disk size is not supported.
For each of the previous directories you want to resize, complete the following steps.
Use an SSH tool to access the BIG-IP VE tmsh utility.
From the command line, log in as root.
List the current size of the directories on your disk so you can determine which ones need to be resized.
tmsh show sys disk directory
Expand the size of the directories in which you need additional space.
tmsh modify sys disk directory <directory name> new-size <new directory size in 1KB blocks>
For example, use
tmsh modify sys disk directory /config new-size 3145740
to increase the size of /config directory to 3145740 1KB blocks (or roughly 3,221,237,760 bytes).To confirm that the command you just submitted is properly scheduled, you can show the new list of directories again.
tmsh show sys disk directory
If you change your mind about a submitted size change, you can revoke the size change.
tmsh modify sys disk directory /config new-size 0
In this example, the size of the
/config
directory is left as is, revoking any scheduled size changes.
After you submit this sequence of tmsh
commands, the directory size changes will be scheduled to occur the next time the BIG-IP VE virtual machine (VM) is rebooted.
The next time the VM running BIG-IP VE reboots, the changes are applied.
See Also
Change the NIC used for BIG-IP VE management¶
By default, management traffic goes through the eth0
NIC and data traffic goes through the other available NICs.
If you need to use eth0
for data traffic, you can change the NIC that management traffic goes through.
- Use SSH to connect to BIG-IP VE.
- If you need to determine which NICs are available, stop TMM by typing
bigstart stop tmm
. Then typeip addr
to view the list of available NICs. - Change the management NIC by typing
tmsh modify sys db provision.managementeth value eth1
whereeth1
is the NIC you want to use for management. You can use any available NIC. - Press Enter.
- Reboot BIG-IP VE by typing
reboot
and then pressing Enter.
When BIG-IP VE is running again, you can use eth0
for data.
Note
If the subnet associated with the management NIC lacks DHCP, you must assign a new IP address by using the BIG-IP Configuration utility tool.
About single NIC and multi-NIC configurations¶
A typical BIG-IP VE configuration can include four NICs: one for management, one for internal, one for external, and one for high availability.
However, if you want to create a VM for a quick test, you can create a configuration with just one NIC. In this case, BIG-IP VE creates basic networking objects for you.
When BIG-IP VE first boots, it determines the number of active NICs. If BIG-IP VE detects one NIC, then:
Networking objects (vNIC 1.0, a VLAN named Internal, and an associated self IP address) are created automatically for you.
The port for the Configuration utility is moved from 443 to 8443.
Note
If there is no DHCP server in your environment and no IP address automatically assigned, then the networking objects will not be created and the port will not be moved. As an example, do the following, which uses the same IP address 192.168.80.53/24 for management and self IP:
- Disable DHCP and enable setting a static address,
tmsh modify sys global-settings mgmt-dhcp disabled
. See this routes topic for more information. - Disable single NIC auto-config,
tmsh modify sys db provision.1nicautoconfig value disable
. See this KVM topic for BIG-IP VE 13.1.X for more information. - Ensure management route will persist,
tmsh modify sys db provision.1nic value forced_enable
. - Move management port,
tmsh modify sys httpd ssl-port 8443
. See this K31003634 article for more information. - Add TCP port to the default port lockdown protocols and services,
tmsh modify net self-allow defaults add { tcp:8443 }
. - Configure static management IP address,
tmsh create sys management-ip 192.168.80.53/24 description 'provisioned by tmos_static_mgmt'
- Create and attach internal VLAN to interface 1.0,
tmsh create net vlan internal { interfaces replace-all-with { 1.0 { } } tag 4094 mtu 1450 }
. Be aware that this configuration my already exist and can produce the following error: “The requested VLAN (/Common/internal) already exists in partition Common.” - Create self IP, assign the same IP as the management IP, and assign internal VLAN to default port lockdown policy,
tmsh create net self self_1nic { address 192.168.80.53/24 allow-service default vlan internal }
. - Create management route gateway,
tmsh create sys management-route default gateway 192.168.80.1
. - Define the TMM default route,
tmsh create net route default network default gw 192.168.80.1
. - Save the configuration,
tmsh save sys config base
.
- Disable DHCP and enable setting a static address,
High availability (failover) is not supported, but config sync is supported.
VLANs must have untagged interface.
If BIG-IP VE detects multiple NICs, then you create the networking objects manually:
- The port for the Configuration utility remains 443.
- You can change the number of NICs after first boot and move from single to multi-NIC and vice versa.
- VLANs can have tagged interfaces.
About routes in a single NIC configuration¶
If you want to configure a static route that relies on a gateway in the same subnet as the self IP address, you must first disable the setting that enforces single NIC setup:
modify sys db provision.1nicautoconfig value disable
Confirm that the value is correct by typing:
list sys db provision.1nicautoconfig
The return value should be disable
.
If you do not change this value, any time you reboot BIG-IP VE, the manually-configured static route will cause validation errors during load sys config
.
Change from single NIC to multi-NIC¶
When you initially boot BIG-IP VE, if it recognized only one NIC, then some network configuration was done automatically. If you want to use more than one NIC, complete the following steps.
Use an SSH tool to connect to BIG-IP VE.
Return to the default configuration.
tmsh load sys config default
Save the changes.
tmsh save sys config
Set a database variable so that the number of NICs will be recognized on reboot.
setdb provision.1nic enable
Reboot BIG-IP VE.
reboot
When the BIG-IP VE instance is up and running, multiple NICs will be recognized and you can begin configuring BIG-IP VE.
Change from multi-NIC to single NIC¶
If you have a BIG-IP VE configuration with multiple NICs, you can simplify the configuration to have only one NIC. When you boot the BIG-IP VE and only one NIC is recognized, some networking objects are created automatically for you.
Use an SSH tool to connect to BIG-IP VE.
Return to the default configuration of BIG-IP VE.
tmsh load sys config default
Save the changes.
tmsh save sys config
Set a database variable so that the number of NICs will be recognized on reboot.
setdb provision.1nic forced_enable
Reboot BIG-IP VE.
reboot
When the BIG-IP VE instance is up and running, it will have a single NIC and related network objects will be created.
See Also