VMware ESXi: BIG-IP VE Setup

To deploy BIG-IP Virtual Edition (VE) on ESXi, you will perform these tasks.

Step Details
1 Choose the license you want to buy, the BIG-IP VE modules you want, and the throughput you need. See K14810: Overview of BIG-IP VE license and throughput limits on the AskF5 Knowledge Base for details.
2 Confirm that you are running a hypervisor version that is compatible with a BIG-IP VE release. See BIG-IP Virtual Edition Supported Platforms for details.
3 Verify that the host hardware meets the recommended requirements.
4 If you plan to use SR-IOV, enable it on the hypervisor.
5 Download a BIG-IP VE image and deploy it.
6 For a single NIC configuration, remove the internal, external, and HA NICs and power on the VM.
7 If you are running a multi-NIC configuration without DHCP, manually assign an IP address for the BIG-IP Config Utility.

After you complete these tasks, you can log in to the BIG-IP VE system and run the Setup utility to perform basic network configuration.

About single NIC and multi-NIC configurations

A typical BIG-IP VE configuration might include four NICs: one for management, one for internal, one for external, and one for high availability.

However, if you want to create a VM for a quick test, you can create a configuration with just one NIC. In this case, BIG-IP VE creates basic networking objects for you.

When BIG-IP VE first boots, it determines the number of active NICs. If BIG-IP VE detects one NIC, then:

  • Networking objects (vNIC 1.0, a VLAN named Internal, and an associated self IP address) are created automatically for you.
  • The port for the Configuration utility is moved from 443 to 8443.
  • High availability (failover) is not supported, but config sync is.
  • VLANs must have untagged interfaces.

If BIG-IP VE detects multiple NICs, then you create the networking objects. The port for the Configuration utility remains 443.

You can change the number of NICs after first boot and move from single to multi-NIC and vice versa.

Note

If there is no DHCP server in your environment and no IP address automatically assigned, then the networking objects will not be created and the port will not be moved.

Prerequisites for BIG-IP Virtual Edition

Host CPU requirements

The host hardware CPU must meet the following requirements.

  • The CPU must have 64-bit architecture.
  • The CPU must have virtualization support (AMD-V or Intel VT-x) enabled.
  • The CPU must support a one-to-one, thread-to-defined virtual CPU ratio, or on single-threading architectures, support at least one core per defined virtual CPU.
  • In VMware ESXi 5.5 and later, do not set the number of virtual sockets to more than 2.
  • If your CPU supports the Advanced Encryption Standard New Instruction (AES-NI), SSL encryption processing on BIG-IP VE will be faster. Contact your CPU vendor for details about which CPUs provide AES-NI support.

Host memory requirements

Number of cores Memory required
1 2 Gb
2 4 Gb
4 8 Gb
8 16 Gb

Configure SR-IOV on the hypervisor

To increase performance, you can enable Single Root I/O Virtualization (SR-IOV). You need an SR-IOV-compatible network interface card (NIC) installed and the SR-IOV BIOS must be enabled. You must also load the ixgbe driver and blacklist the ixgbevf driver.

  1. In vSphere, access the command-line tool, esxcli.

  2. Check to see what the ixgbe driver settings are currently. For example:

    esxcli system module parameters list -m ixgbe
    
  3. Set the ixgbe driver settings.

    In this example, 16,16 is for a 2 port card with 16 virtual functions.

    esxcli system module parameters set -m ixgbe -p "max_vfs=16,16"
    
  4. Reboot the hypervisor so that the changes to take effect.

    When you next visit the user interface, the SR-IOV NIC will appear in the Settings area of the guest as a PCI device.

  5. Using vSphere, add a PCI device, and then add two virtual functions.

    05:10.0 | Intel Corporation 82599 Ethernet Controller Virtual Function
    
    05:10.1 | Intel Corporation 82599 Ethernet Controller Virtual Function
    
  6. Use either the console command line or user interface to configure the VLANs that will serve as pass-through devices for the virtual function. For each interface and VLAN combination, specify a name and a value.

    Name - pciPassthru0.defaultVlan
    
    Value - 3001
    

To complete SR-IOV configuration, after you deploy BIG-IP VE, you must add three PCI device NICs and map them to your networks.

Virtual machine memory requirements

The guest should have a minimum of 4 GB of RAM for the initial 2 virtual CPUs. For each additional CPU, you should add an additional 2 GB of RAM.

If you license additional modules, you should add memory.

Provisioned memory Supported modules Details
4 GB or fewer Two modules maximum. AAM can be provisioned as standalone only.
4-8 GB Three modules maximum.

BIG-IP DNS does not count toward the module limit.

Exception: Application Acceleration Manager (AAM) cannot be provisioned with any other module; AAM is standalone only.

8 GB Three modules maximum. BIG-IP DNS does not count toward the module-combination limit.
12 GB or more All modules. N/A

Important

To achieve licensing performance limits, all allocated memory must be reserved.

Virtual machine storage requirements

The amount of storage you need depends on the BIG-IP modules you want to use, and whether or not you intend to upgrade.

Provisioned storage Supported modules Details
9 GB (LTM_1SLOT) Local Traffic Manager (LTM) module only; no space for LTM upgrades. You can increase storage if you need to upgrade LTM or provision additional modules.
40 GB (LTM) LTM module only; space for installing LTM upgrades. You can increase storage if you decide to provision additional modules. You can also install another instance of LTM on a separate partition.
60 GB (ALL_1SLOT) All modules except Secure Web Gateway (SWG); no space for installing upgrades. The Application Acceleration Manager (AAM) module requires 20 GB of additional storage dedicated to AAM. If you are not using AAM, you can remove the datastore disk before starting the VM.
82 GB (ALL) All modules except SWG and space for installing upgrades. The Application Acceleration Manager (AAM) module requires 20 GB of additional storage dedicated to AAM. If you are not using AAM, you can remove the datastore disk before starting the VM.

For production environments, virtual disks should be deployed Thick (allocated up front). Thin deployments are acceptable for lab environments.

Note

To change the disk size after deploying the BIG-IP system, see Increase disk space for BIG-IP VE.

Virtual machine network interfaces

When you deploy BIG-IP VE, a specific number of virtual network interfaces (vNICs) are available.

Four vNICs are automatically defined for you.

  • For management access, one VMXNET3 vNIC or Flexible vNIC.
  • For dataplane access, three VMXNET3 vNICs.

Each virtual machine can have a maximum of 10 virtual NICs.

Deploy BIG-IP Virtual Edition in ESXi

To deploy BIG-IP VE, download a template from F5 and deploy it in your environment.

  1. In a browser, open the F5 Downloads page and log in.

  2. On the Downloads Overview page, click Find a Download.

  3. Under Product Line, click the link similar to BIG-IP v.x/Virtual Edition.

  4. Click the link similar to x.x.x_Virtual-Edition.

  5. If the End User Software License is displayed, read it and then click I Accept.

  6. Click one of the VMware files that ends with scsi.ova.

  7. Start the vSphere client and log in.

  8. From the vSphere File menu, choose Deploy OVF Template.

  9. Browse to the .ova file and click Next.

    The template is verified.

  10. Click Next and complete the wizard. Note the following.

    Section Details
    Configuration Choose from the available configurations. You can change CPU or RAM later.
    Storage If you decide to increase storage later, you must also adjust the BIG-IP directories to use the extra storage space. See Increase disk space for BIG-IP VE.
    Datastore Choose Thick for production environments. Thin is sufficient for lab environments.
    Source Networks The wizard leads you through creating four networks: internal, external, management, and high availability (HA).
    Ready to Complete If you want to deploy with the four default networks, then select the Power on after deployment check box. If you want a single NIC deployment, do not select this check box.
  11. Click Finish.

  12. For a single NIC deployment, edit the virtual machine’s properties and remove Network adapter 2, 3, and 4. Then power on the virtual machine.

The virtual machine is created, as well as two user accounts:

  • The root account provides access locally, using SSH, or the F5 Configuration utility. The root account password is default.
  • The admin account password is admin. The admin account provides access through the web interface.

You should change passwords for both accounts before bringing a system into production.

If you need to create a redundant configuration, place the two BIG-IP VE virtual appliances (the active-standby pair) on separate physical hosts. You can accomplish this in one of two ways:

  • Manually create a virtual machine peer on each host.
  • If you are using VMware Dynamic Resource Scheduler (DRS), create a DRS rule with the Separate Virtual Machine option that includes each BIG-IP VE in the pair.

Set the BIG-IP VE management IP address and passwords

When you deploy BIG-IP VE:

  • If you have DHCP in your environment, a management IP address is assigned.
  • If you do not have DHCP, a generic management IP address (192.168.1.245) is assigned.
  • A password is assigned to the default accounts: root (default) and admin (admin).

In ESXi 5.5 u2, 6.0, 6.5, and later, you can specify a specific management IP address (IPv4 or IPv6) and different default passwords.

There are many ways to do this.

Important

This functionality is supported in a multi-NIC environment only.

Use Common OVF Tool to set management IP address and default passwords

You can edit the OVA (template) properties so that when you deploy BIG-IP VE, you can specify values for the management IP address and default passwords. To edit the OVA, you can use the Common OVF Tool (COT).

For more information about COT, see Common OVF Tool (COT) documentation.

  1. Copy the OVA to a machine with enough free space (at least two times the OVA file size).

  2. Run a command like the following:

    cot edit-properties <source filename>.ova -p net.mgmt.addr=""+string -p net.mgmt.gw=""+string -p user.root.pwd=""+string -p user.admin.pwd=""+string -u -o <destination filename>.ova
    

    Note

    +string specifies the type of each parameter, but leaves the value for each parameter empty.

The OVA properties are updated.

Then, when you deploy the OVA file, you can specify the values.

Note

After you set the IP address and password, if you want to set it again, you must first delete this file on BIG-IP: /shared/vadc/.ve_cust_done

OVA properties file for setting management IP address and default passwords

You can edit the OVA (template) properties so that when you deploy BIG-IP VE, you can specify values for the management IP address and default passwords.

Before deploy, you can extract the contents of the OVA file to edit the OVF properties directly.

Modify the OVF file and add the following properties to the <ProductSection> area of the descriptor file.

<Category>Network properties</Category>
        <Property ovf:key="net.mgmt.addr" ovf:type="string" ovf:value="" ovf:userConfigurable="true">
        <Label>mgmt-addr</Label>
        <Description>F5 BIG-IP VE's management address in the format of "IP/prefix"</Description>
        </Property>
        <Property ovf:key="net.mgmt.gw" ovf:type="string" ovf:value="" ovf:userConfigurable="true">
        <Label>mgmt-gw</Label>
        <Description>F5 BIG-IP VE's management default gateway</Description>
        </Property>
        <Category>User properties</Category>
        <Property ovf:key="user.root.pwd" ovf:type="string" ovf:value="" ovf:userConfigurable="true">
        <Label>root-pwd</Label>
        <Description>F5 BIG-IP VE's SHA-512 shadow or plain-text password for "root" user</Description>
        </Property>
        <Property ovf:key="user.admin.pwd" ovf:type="string"ovf:value="" ovf:userConfigurable="true">
        <Label>admin-pwd</Label>
        <Description>F5 BIG-IP VE's SHA-512 shadow or plain-text password for "admin" user</Description>
        </Property>

OVF tool for setting management IP address and default passwords

You can edit the OVA (template) properties so that when you deploy BIG-IP VE, you can specify values for the management IP address and default passwords.

Using VMware’s OVF tool, here is an example of code you would use to deploy BIG-IP VE with these settings.

ovftool
            --sourceType=OVA \
            --acceptAllEulas \
            --noSSLVerify \
            --diskMode=thin \
            --skipManifestCheck \
            --X:logToConsole \
            --X:logLevel=verbose \
            --datastore='mylab' \
            --name='vmname' \
            --vmFolder='myfolder' \
            --deploymentOption='dualcpu' \
            --net:"Internal=Internal" \
            --net:"Management=Management" \
            --net:"HA=HA" \
            --net:"External=External" \
            --X:injectOvfEnv \
            --prop:net.mgmt.addr="10.10.10.124/22" \
            --prop:net.mgmt.gw="10.10.11.254" \
            --prop:user.root.pwd ="mypassword" \
            --prop:user.admin.pwd="mypassword" \
            <path_to_bigip.ova> \
            "vi://user[@userdomain]:password@domain.com/<datacenter-name>/host/<esxi-host>"

Edit vApp to set the management IP address and default passwords

After you deploy a VM running BIG-IP VE, you can manually assign a management IP address and root and admin passwords. Use this procedure if you want to set these values one time on a specific VM.

Note

These instructions may differ slightly, based on your version of vSphere.

  1. Stop the VM.

  2. Right-click the VM and choose Edit Settings.

  3. Click the vApp Options tab.

  4. In the Authoring section, expand the Properties area.

  5. Click New.

  6. On the Edit Property Settings window, complete the fields.

    Category Label Key ID Type
    BIG-IP VE admin-pwd user.admin.pwd String

    Important: The password can be plain text or SHA-512 encrypted.

  7. Click OK.

  8. Create three more properties, using these values:

    Category Label Key ID Type
    BIG-IP VE root-pwd user.root.pwd String
    BIG-IP VE mgmt-addr net.mgmt.addr String
    BIG-IP VE mgmt-gw net.mgmt.gw String

    Important: The Key ID must be the exact value shown in the table.

  9. Scroll up and you should now have these settings available:

    ../_images/set_ip_and_passwords.png
  10. Populate these fields and click OK.

  11. Start the VM. The properties are applied.

After you set the IP address and password, if you want to set it again, you must first delete this file: /shared/vadc/.ve_cust_done

Use Customization Specification to set management IP address

You can prompt the user to enter an IP address and mask after BIG-IP VE is deployed. To do this, you can create a VMware Custom Specification that you can use over and over on multiple VMs.

Note

  • These instructions may differ slightly, based on your version of vSphere.
  • This procedure is for setting the management IP address; not for setting default passwords.
  • You can do this procedure after you deploy, not during.
  1. Ensure the BIG-IP VE instance is powered off.

  2. Create a Custom Specification policy.

    1. Open the vSphere Client Home page.

    2. In the Navigator pane, under Policies and Profiles, click Customization Specification Manager.

    3. Click Create a new specification.

      Page Setting Value
      Specify Properties Target VM Operating System Linux
      Set Computer Name Use the virtual machine name Recommended
      Set Computer Name Domain Your domain
      Time Zone Area Your area/time zone
      Configure Network Manually select custom settings

      Create four NICs (management, internal, external, HA). For the management NIC, click Edit the selected adapter. Then for IPv4 or IPv6, click Prompt the user for an address when the specification is used and click OK.

      If you enter static values, they are applied. However, if you want to re-use this Custom Spec, you likely want to prompt the user.

      Note: For IPv6, you must set values for both IPv4 and IPv6.

      Enter DNS and Domain Settings   Not supported. You may have to enter a value to move past this page.
  3. Edit the VM to use this policy.

    1. Right-click the VM and choose Guest OS -> Customize Guest OS.
    2. Select your specification from the list and click Next.
    3. Enter the IP address and mask and click Finish.

Note

After you set the IP address and password, if you want to set it again, you must first delete this file: /shared/vadc/.ve_cust_done

Use BIG-IP configuration utility tool to set management IP address

If your network has DHCP, an IP address is automatically assigned to BIG-IP VE during deployment. You can use this address to access the BIG-IP VE Configuration utility or tmsh command-line utility.

If no IP address was assigned, you can assign one by using the BIG-IP Configuration utility tool.

  1. Connect to the virtual machine by using the hypervisor’s console.

  2. At the login prompt, type root.

  3. At the password prompt, type default.

  4. Type config and press Enter.

    The F5 Management Port Setup screen opens.

  5. Click OK.

  6. Select No and follow the instructions for manually assigning an IP address and netmask for the management port.

    You can use a hypervisor generic statement, such as tmsh show sys management-ip to confirm that the management IP address was set properly.

    You can now log into the BIG-IP VE Config utility, and license and provision BIG-IP VE.

Configure SR-IOV on the guest

Before you can complete these steps, you must have configured Single Root I/O Virtualization (SR-IOV) on the hypervisor.

After deploying BIG-IP VE, to configure SR-IOV on the guest, you must add three PCI device NICs and map them to your networks.

  1. In vSphere, delete the existing Source Networks for External, Internal, and HA.

    Important: Leave the Source Network for Management.

  2. Edit the settings for the virtual machine to add a PCI device.

    If your hypervisor was set up correctly, there will be 16 virtual functions on each port (05:10.x and 05:11:x).

  3. Map the new device to the VLAN for your internal subnet.

  4. Repeat steps 2 and 3 for the external and HA VLANs.

  5. When all four destination networks are correctly mapped, click Next.

    The Ready to Complete screen opens.

See Also