This document provides information collected during work on an F5 VNF demo blueprint and by no means exhausts the F5 topic. We focused only on the basic CRUD operation of F5 BIGIP in the context of LTM services. This document will provide the following information:

• what is BIGIP VE?
• where to get image from?
• how to boot & access configuration interface
• how to license it?
• how to instantiate simple load balancer service?
• handy CLI commands
• links & documentation

What is BIGIP VE?

BIGIP VE is a virtual edition (VE) of the BigIP switch. This is multi-function, very powerful appliance which most basic function is load balancing (LTM)
During our tests we’ve tested BIGIP-13.0.0.2.0.1671 release. It’s important to use 13.x release as it has built in cloud_init support if you prefer to use it. We’ve been testing it with cloud_init and without cloud_init. If you want to test it with cloud_init there are handy libraries provided by F5:

• https://github.com/f5devcentral/f5-cloud-init-examples/blob/master/cloud-config/2nic-ltm-policy-w-bigiq-license.yaml – cloud init sample script which demonstrates how to configure and license F5 during cloud_init
• https://github.com/F5Networks/f5-cloud-libs – onboarding library used in above cloud_init script

Where to get image from?

In order to get an image you need to create an account on f5.com website which afterwards will give you an access to: https://downloads.f5.com/. To get Openstack QCOW2 image go to:

BIG-IP v13.x / Virtual Edition → Virtual Edition → BIGIP-13.0.0.0.0.1645.ALL.qcow2.zip →

 

How to boot and access configuration interface

Once you upload image to Openstack, you need to boot it. Since image is really big, you’ll need big flavor. On our Rackspace we use: m1.xlarge (which has 160GB of storage). After you boot image you can access its configuration interfaces: CLI or WEB UI:

• CLI – you ssh to it and provide u: root p: default
• WEB UI – access https://<ip-address> and provide u: admin p: admin

WEB UI is pretty self-explanatory however for CLI, once you log via ssh you should use “tmsh” shell to configure BIGIP VE. Here is sample snippet of configuration executed one you enter the tmsh shell:

create net vlan internal interfaces add { 1.1 { untagged } }
create net vlan external interfaces add { 1.2 { untagged } }
create net self 192.168.20.53 address 192.168.20.53/24 vlan internal allow-service default
create net self 192.168.10.64 address 192.168.10.64/24 vlan external allow-service default
create net route sg-default-gw network 0.0.0.0/0 gw 10.1.10.2

You can execute the same directly from BIGIP prompt:

tmsh create net vlan internal interfaces add { 1.1 { untagged } }
tmsh create net vlan external interfaces add { 1.2 { untagged } }
tmsh create net self 192.168.20.53 address 192.168.20.53/24 vlan internal allow-service default
tmsh create net self 192.168.10.64 address 192.168.10.64/24 vlan external allow-service default
tmsh create net route sg-default-gw network 0.0.0.0/0 gw 10.1.10.10

How to license it?

In order to get trial license you need to go to website: https://f5.com/products/trials/product-trials and request it. The challenge with licensing is that we didn’t manage to create a licensed image through snapshooting. In order to use it, you need to license an appliance every time you spin a new one. There’s an option to have local licensing server: BigIQ – however we didn’t test that yet. What we’ve tested is licensing through public F5 servers. There are two methods in here: automatic and manual. For some reason automatic method didn’t work – so we used manual method which requires few manual steps. Once you launch BIGIP VE and access its WEB UI – it will claim that is not licensed and please follow the forms which will guide you how to do it.
 

How to instantiate simple load balancer service?

Simplest load balancer service is to have two application servers that are serving an application on port 8080 benind L5 appliance and F5 appliance is loadbalancing the traffic on its port 8888:

 
Before you instantiate service you need a baseline config which is basic IP connectivity on F5:

tmsh create net vlan internal interfaces add { 1.1 { untagged } }
tmsh create net vlan external interfaces add { 1.2 { untagged } }
tmsh create net self 192.168.20.53 address 192.168.20.53/24 vlan internal allow-service default
tmsh create net self 192.168.10.64 address 192.168.10.64/24 vlan external allow-service default
tmsh create net route sg-default-gw network 0.0.0.0/0 gw 10.1.10.2

Here’s snippet how to instantiate simple LB service:

create ltm node app-node-1 address 192.168.20.50
create ltm node app-node-2 address 192.168.20.51
create ltm pool sg-pool members add { app-node-1:8080 app-node-2:8080 }
modify ltm pool sg-pool monitor http
create ltm virtual sg-virtual pool sg-pool destination 192.168.10.64:8888 mask 255.255.255.255 source-address-translation { type automap }

Handy CLI commands

tmsh save sys config
tmsh load /sys config default
tmsh install sys license registration-key ZGKDI-DDYNG-SDDUW-VOOAQ-IDGEHGY
tmsh show ltm virtual
tmsh show running-config ltm

 
Links & documentation

• every F5 have list of its API:https://<f5-ip-address>/mgmt/toc