Applies To:

Show Versions Show Versions

Manual Chapter: Configuring Multi-NIC BIG-IP VE in AWS
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Task List: Configure BIG-IP VE in multi-NIC AWS environment

Finally, configure BIG-IP VE so that traffic passes through it to your application servers.

Step Task Description Details
1 Connect to the BIG-IP VE instance and set the admin password Before you can license and provision BIG-IP VE, use SSH and your key pair to connect to the instance and set a strong password. In tmsh, type modify auth password admin
2 Log in and provision BIG-IP VE Log in to the BIG-IP Configuration utility (https://<ElasticIP>) and provision BIG-IP VE. If you chose a BYOL license, you must license BIG-IP VE before provisioning.  
3 Create external and internal VLANs These VLANs and their interfaces directly correspond to the AWS external and internal subnets and their interfaces.
  • external VLAN interface: 1.1
  • internal VLAN interface: 1.2
4 Create static self IP addresses for the external and internal VLANs These static IP addresses provide a way for application traffic to reach the BIG-IP system. These addresses should match the private IP addresses you assigned to the external and internal subnets in AWS.
  • External self IP: 10.0.1.200
  • Internal self IP: 10.0.2.200
5 Create a pool Create a pool with pool members on the internal VLAN.
  • Pool name: web_pool
  • Pool member: 10.0.2.300
  • Pool member: 10.0.2.301
  • Pool member: 10.0.2.302
6 Create a virtual server The virtual server provides a destination for your inbound web traffic and points to the pool of web servers. The destination IP address must match the secondary private IP address you assigned to the external subnet in AWS. Virtual IP: 10.0.1.202

Set an admin password for BIG-IP VE

The first time you boot the BIG-IP® VE instance, you must connect to BIG-IP VE and create a strong admin password. This user name and password will be used to access the BIG-IP Configuration utility. This password is available to the Internet through the Elastic IP (EIP), so ensure it is secure.

This example shows how to use PuTTy to connect, but you can use any SSH utility.

  1. Open PuTTy and in the Host Name (or IP address) field, enter the EIP; for example 52.9.202.37.
  2. In the Category pane on the left, click Connection>SSH>Auth.
  3. In the Private key file for authentication field, choose your .ppk file.
  4. Click Open.
  5. If a host key warning appears, click OK.
    The terminal screen displays: login as:.
  6. Type admin and press Enter.
    You are now at the tmsh command prompt.
  7. To modify the admin password, type modify auth password admin.
    The terminal screen displays: changing password for admin, and then prompts: new password.
  8. Type the new password and press Enter.
    The terminal screen displays: confirm password.
  9. Re-type the new password and press Enter.
  10. To ensure that the system retains the password change, type save sys config and press Enter.
    The terminal screen displays the message: Saving Ethernet mapping...done.
The admin password is changed.

License BIG-IP VE

If you chose a Bring Your Own License (BYOL) image of BIG-IP® VE, you will have to enter license information before you can use BIG-IP VE. If you chose an hourly/annual license, you can skip these steps.
  1. Open a web browser and log in to the BIG-IP Configuration utility by using the Elastic IP (EIP) address associated with the management network interface. For example, https://52.9.187.41.
    The username is admin and the password is the one you set previously.
  2. On the Setup Utility Welcome page, click Next.
  3. On the General Properties page, click Activate.
  4. In the Base Registration key field, enter the case-sensitive registration key from F5®. For Activation Method, if you have a production or Eval license, choose Automatic and click Next.
  5. If you chose Manual, complete these steps:
    1. In the Step 1: Dossier field, copy all of the text and then click Click here to access F5 Licensing Server.

      A separate web page opens.

    2. On the new page, click Activate License.
    3. In the Enter your dossier field, paste the text and click Next.
    4. Accept the agreement and click Next.
    5. On the Activate F5 Product page, copy the license text in the box. Now go back to the BIG-IP Configuration utility and paste the text into the Step 3: License field.
    6. Click Next.
The BIG-IP VE system registers the license and logs you out. When the configuration change is successful, click Continue to provision BIG-IP VE.

Provision BIG-IP VE

You can't begin to work in the BIG-IP® Configuration utility until you've confirmed the modules you want to provision, as well as other initial configuration information.
  1. Open a web browser and log in to the Configuration utility by using the Elastic IP address associated with the management network interface. For example, https://52.9.187.41.
  2. On the Resource Provisioning screen, change settings if necessary and click Next.
  3. On the Device Certificates screen, click Next.
  4. On the Platform screen, in the Admin Account field, re-enter the password for the admin account and click Next.

    BIG-IP VE logs you out.

  5. When you log back in, on the Setup Utility > Network screen, in the Advanced Network Configuration area, click Finished.

Create internal and external VLANs

In BIG-IP® VE, you must create an external and internal VLAN that corresponds to the AWS VPC subnets.
  1. In the BIG-IP VE Configuration utility, on the Setup Utility Network page, under Advanced Network Configuration, click Finished.
  2. On the Main tab, click Network > VLANs .
  3. Click Create and populate the appropriate fields for the external VLAN.
    Field Value
    Name external
    Interface 1.1
    Tagging Untagged
  4. Click Finished.
  5. Now click Create again and populate the appropriate fields for the internal VLAN.
    Field Value
    Name internal
    Interface 1.2
    Tagging Untagged
  6. Click Finished.
The screen refreshes, and the two new VLANs are displayed in the list.

Create internal and external self IPs

Before starting these steps, in AWS, note the primary private IP addresses for the external network interface (device index 1) and the internal network interface (device index 2).
Then in BIG-IP® VE, create an external and internal self IP address, based on these private IP addresses.
  1. In the BIG-IP VE Configuration utility, on the Main tab, click Network > Self IPs .
  2. Click Create and populate the appropriate fields for the external self IP address.
    Field Value
    Name ExternalSelfIP
    IP Address 10.0.1.200
    Netmask 255.255.255.0
    VLAN/Tunnel external
    Port Lockdown Allow All
  3. Click Repeat and populate the appropriate fields for the internal self IP address.
    Field Value
    Name InternalSelfIP
    IP Address 10.0.2.200
    Netmask 255.255.255.0
    VLAN/Tunnel internal
    Port Lockdown Allow All
  4. Click Finished.
The screen refreshes, and the two new self IP addresses are displayed in the list.

Create a pool and add members to it

Traffic from BIG-IP® VE is sent to a pool. Your application servers should be members of this pool.
  1. In the BIG-IP Configuration utility, on the Main tab, click Local Traffic > Pools .
  2. Click Create.
  3. In the Name field, type web_pool.
    Names must begin with a letter, be fewer than 63 characters, and can contain only letters, numbers, and the underscore (_) character.
  4. For Health Monitors, move https from the Available to the Active list.
  5. Choose the load balancing method or retain the default setting.
  6. In the New Members section, in the Address field, type the primary private IP address of a pool member.
  7. In the Service Port field, type a service port, for example, 443.
  8. Click Add.
    The member is displayed in the list.
  9. Add additional pool members as needed and click Finished.

Create a virtual server

You must create a virtual server for the secondary private IP address that's associated with the external network interface. Application traffic will be sent to the Elastic IP (EIP) address associated with this BIG-IP® VE virtual server.
  1. In the BIG-IP VE Configuration utility, on the Main tab, click Local Traffic > Virtual Servers .
  2. Click Create and populate the appropriate fields for the virtual server.
    Field Value
    Name A unique name
    Destination Address/Mask 10.0.1.202
    Service Port A port number or a service name from the Service Port list
    HTTP Profile http
    Source Address Translation Auto Map
    Default Pool web_pool
  3. Configure any other settings as needed and click Finished.
Traffic to the virtual server EIP address will now go to the pool members.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)