Applies To:

Show Versions Show Versions

Manual Chapter: Getting Started with BIG-IP Virtual Edition on AWS
Manual Chapter
Table of Contents   |   Next Chapter >>

Sample topology for BIG-IP VE on AWS

The following diagram shows a typical deployment of BIG-IP® VE in an Amazon Virtual Private Cloud (VPC). Follow the steps in this guide to create this deployment.

This deployment shows three subnets:
  • An external, public subnet, where you'll create a virtual server to accept Internet traffic.
  • An internal, private subnet, where your application servers live.
  • A management subnet, where you can access the BIG-IP user interface; the user interface is used to configure the BIG-IP VE instance.
Traffic flows from clients, through an Amazon VPC router, to the BIG-IP VE virtual server address. The BIG-IP VE instance processes the traffic and then sends it to an internal server.

The steps in this guide lead you through creation of this deployment.

Steps to deploy BIG-IP VE

To deploy the BIG-IP® Virtual Edition (VE) system on AWS, use the following checklist.

Step Where Details More information
1 f5.com Choose the F5 license that meet your needs. The way you plan to use BIG-IP VE determines which license you will use. See https://f5.com/products/how-to-buy/simplified-licensing for details.
2 AWS Choose an Amazon instance. Different Amazon instances are recommended for each F5 license. See Amazon instances for BIG-IP® VE or the Amazon web site for details.
3 AWS or third-party tool Create an SSH key pair. You need a key pair to access the BIG-IP VE instance. You can use AWS key pairs or use a third-party tool like PuTTYgen.
4 AWS Create a virtual private cloud (VPC). Use the wizard to create the first two subnets (management and external). The management subnet is needed to access the BIG-IP user interface. The external subnet corresponds to the external VLAN in BIG-IP.
5 AWS Create an internal subnet. This is the third subnet for the VPC. It corresponds to the internal VLAN in the BIG-IP system.
6 AWS Create security groups. Security groups contain rules that determine which traffic will be allowed to your instance.
7 AWS Add routing so BIG-IP VE can access the Internet. By default, AWS does not allow traffic from the management and external subnets to leave the VPC. You must add the BIG-IP external self IP address to the routing table for outbound traffic for the VPC.
8 Amazon Marketplace Deploy a BIG-IP VE instance. F5 BIG-IP VE images are listed in the Amazon Marketplace. During the deployment process you assign eth 0 to the management subnet and eth 1 to the external subnet.
9 AWS Add an internal network interface. To connect BIG-IP VE with your internal servers, create an internal network interface and attach it to your BIG-IP VE instance.
10 AWS Configure access to the BIG-IP user interface. To make the management subnet accessible from the Internet, associate a public IP or Elastic IP with it. Alternately, you can access the BIG-IP user interface through the NAT instance.
11 BIG-IP tmsh Set an admin password for BIG-IP. After you set an admin password, you can access the BIG-IP user interface. Until then, you can access the instance only by using SSH keys.
12 BIG-IP user interface License the BIG-IP (if necessary) and create BIG-IP VLANs. Create an external and internal VLAN that correspond to the AWS VPC subnets.
13 BIG-IP user interface Create self IP addresses. Create an external and internal self IP, based on the BIG-IP instance's corresponding private IPs in AWS.
14 AWS Configure access to the virtual server. In AWS, assign a secondary private IP address to the external network interface. Then log in to BIG-IP VE and use this IP address as the virtual server self IP.
15 AWS Make the secondary IP address accessible. To make the virtual server accessible to the Internet, associate an Elastic IP with the BIG-IP instance's secondary private address.

Amazon EC2 instances for BIG-IP VE

When you deploy BIG-IP® VE, you have to choose an Amazon instance type. The type you choose is based on how many F5® modules you want to run, how much throughput you need, how many vNICs you need, and how much vCPU and storage you require. You should choose an F5 license and Amazon instance type before deploying BIG-IP VE.

Good Licenses

If you choose a Good image, you can use the following AWS EC2 instance types.

AWS instance vCPUs Memory (GiB) Max # of vNICs
t2.medium* 2 4 3
t2.large* 2 8 3
m3.medium* 1 3.75 2
m3.large 2 7.5 3
m4.large 2 8 2
c3.xlarge 4 7.5 4
c4.xlarge 4 7.5 4

*25 Mbps and 200 Mbps licenses only.

With a Good license, you can also use any of the instance types recommended for Better or Best, though the license determines the maximum vCPU that can be used. For maximum limits for each F5 module, see https://support.f5.com/csp/article/K14810 in the AskF5™ Knowledge Base (http://support.f5.com).

Better Licenses

If you choose a Better image, you can use the following AWS EC2 instance types.

AWS instance vCPUs Memory (GiB) Max # of vNICs
t2.medium* 2 4 3
t2.large* 2 8 3
m3.large 2 7.5 3
m4.large 2 8 2
c3.xlarge 4 7.5 4
c4.xlarge 4 7.5 4
m3.xlarge 4 15 4
m4.xlarge 4 16 4
c3.2xlarge 8 15 4
c4.2xlarge 8 15 4

You can also use any of the recommended types for Best, though the license determines the maximum vCPU that can be used.

Best Licenses

If you choose a Best image, you can use the following AWS EC2 instance types. You can also use any instance type listed for Better.

Note: The license determines the maximum vCPU that can be used.
AWS instance vCPUs Memory (GiB) Max # of vNICs
m3.2xlarge 8 30 4
m4.2xlarge 8 32 4
m4.4xlarge 16 64 8
m4.10xlarge 40 160 8
c3.4xlarge 16 30 8
c3.8xlarge 32 60 8
c4.4xlarge 16 30 8
c4.8xlarge 36 60 8
cc2.8xlarge 32 60.5 8

Performance may vary (based on things like region, instance type, traffic profile, functionality enabled, etc.). You may not need all licensed vCPUs to get the performance you need.

If necessary, you can resize the instance after you deploy. See http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-resize.html for details.

Standalone Modules

For standalone modules, choose an image based on the following information. Supported AWS EC2 instances are the same as listed in the tables above.

Module Image (BYOL Instances) Image (Utility Instances)
DNS Good, Better, or Best Better or Best
AFM Better or Best Better or Best
ASM Best* Best
APM Best* Best

*Best is recommended but Better may be used. However, Better may not be supported in later versions of BIG-IP VE.

Table of Contents   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)