Applies To:

Show Versions Show Versions

Manual Chapter: About Multiple NICs in Azure
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

About multi-NIC deployments

When you deploy BIG-IP® VE from the Azure Marketplace, BIG-IP VE has a single NIC and only one available IP address.

If you prefer a configuration with multiple NICs and/or IP addresses, you can deploy BIG-IP VE by using:
  • An Azure template
  • PowerShell
  • The Azure command-line interface (CLI)

For more information about multiple NICs in Azure, see https://azure.microsoft.com/en-gb/updates/ga-multiple-ips-per-nic.

When you create a multi-NIC configuration of BIG-IP VE in Azure, you can specify which NIC is used for which traffic.

You may want to have management and data (application) traffic on the same NIC. If you do:
  • You can use a smaller Azure instance type (one that supports fewer NICs)
  • The configuration is simpler and has only one external facing IP address

A configuration with separate NICs and IP addresses is more of a traditional BIG-IP VE setup, with a management, internal, and external subnet, for example.

F5 maintains templates that you can use to create a multi-NIC deployments. For more information, see https://github.com/f5networks.

About management and data traffic on a shared NIC

When you deploy BIG-IP® VE with multiple NICs, your management and data (application) traffic can share the external NIC and use the same IP address (with different ports). The internal NIC is used for internal traffic.

Note: This configuration is available only in version 12.0 HF1 and later.

In this example, eth0 is used for the external VLAN, and eth1 for the internal VLAN.

There are a few cautions to this solution.

Azure has service limits.
Though you may have more than one NIC, each NIC’s throughput is limited by what Azure allows. You should read and understand these limitations.

https://azure.microsoft.com/en-us/documentation/articles/azure-subscription-service-limits/#networking-limits

You are changing the default behavior of BIG-IP VE in Azure.
When you deploy BIG-IP VE in Azure with one NIC, an internal VLAN and self IP are created automatically for you. When you deploy BIG-IP VE with more than one NIC, you are changing the settings that enforce this default behavior.

Share a NIC for management and data traffic

To use multiple NICs in Azure and share a NIC for management and data traffic, you must change the default single-NIC launch behavior. You can do this as part of your deployment or afterwards.
Note: This functionality is available only in version 12.0 HF1 and later.
  1. Use SSH to connect to BIG-IP VE, and ensure that you are at the tmsh prompt.
  2. Set this variable so that when BIG-IP VE finds multiple NICs, it automatically provisions the primary NIC.
    modify sys db provision.1nic value forced_enable
  3. Confirm that the value was set correctly.
    list sys db provision.1nic
    The result should be value “forced_enable”.
  4. BIG-IP VE automatically creates a VLAN named internal and an associated self IP address. Disable this functionality so you can create the VLAN and self IP address with the names you want. (For example, you can name the VLAN external.)
    modify sys db provision.1nicautoconfig value disable
  5. Confirm that the value was set correctly.
    list sys db provision.1nicautoconfig
    The result should be value “disable”.
  6. Restart BIG-IP VE.
    bigstart restart
  7. Create the VLAN. You must do this step in tmsh.
    create net vlan external interfaces add { 1.0 { untagged }}
  8. Create the self IP address. You must do this step in tmsh.
    create net self external_ip address 10.9.0.10/24 vlan external allow-service default
    In this example, the IP address is an address on your external subnet.
  9. Create a gateway. You must do this step in tmsh.
    create net route default gw 10.9.0.1
    In this example, the IP address is an address on your external subnet. This address usually ends in 1.
  10. Save the configuration.
    save sys config
  11. Reboot BIG-IP VE.
    reboot
When BIG-IP VE is available, you can open the Configuration utility and view the interfaces, self IP address, and VLAN you created. If you have more than two NICs, you can now create them. In this example, you would create an internal VLAN for the second NIC.

You can also enable config sync now. You should not change the provision.1nic database variable value when you do.

BIG-IP VE uses port 443 for management traffic by default. You should change the port if you want to use 443 for other traffic. See the Change the Configuration utility port topic in this guide for more information.

About management and data traffic on separate NICs

When you deploy BIG-IP® VE with multiple NICs, you can use a separate NIC for management, data (application), and internal traffic.

In this configuration, each NIC can have one or more IP addresses associated with it. For example, your external NIC can now have multiple IP addresses, each of which can be used for a virtual server.

This deployment shows three subnets:
  • An external, public subnet, where you'll create a virtual server to accept Internet traffic.
  • An internal, private subnet, where your application servers live.
  • A management subnet, where you can access the BIG-IP Configuration utility; the Configuration utility is used to configure BIG-IP VE.
Traffic flows from clients through BIG-IP VE to application servers.
Note: This example shows a single, standalone BIG-IP VE. To use config sync with two or more BIG-IP VEs in the same availability set, add all virtual server IP addresses to traffic group none.

Use separate NICs for management and data traffic

When you deploy BIG-IP® VE with multiple NICs, you can separate your management, data (application), and internal traffic so that each has its own NIC.

To create this multi-NIC configuration in Azure, you need the following resources:
  • An Azure instance type that supports more than one NIC. For more information, see https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes-general.
  • A VNET with multiple subnets (for example, management, internal, and external).
  • Three NICs, each of which is associated with a unique subnet. The first NIC is used for management.
  • A public IP address, associated with the external NIC, to be used for the virtual server.
  • An availability set, if you plan to do add more BIG-IP VE instances.
Depending on your region and the version of BIG-IP VE you want to deploy, you must choose a BIG-IP VE image. To view the list of available images:
  • In the Azure CLI, see https://docs.microsoft.com/en-us/azure/virtual-machines/linux/cli-ps-findimage.
  • In PowerShell, see: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/cli-ps-findimage.
The publisher is f5-networks.

Then you can deploy an instance of BIG-IP VE. If necessary, select the availability set during deployment.

After you deploy BIG-IP VE, you must:
  • Ensure that the network security group (NSG) allows traffic through port 443. The BIG-IP Configuration utility is accessible through this port.
  • If you used an SSH key, use an SSH tool to connect to BIG-IP VE and set the admin password by using the tmsh command modify auth password admin.
  • In BIG-IP VE, configure a self IP for each private IP address assigned to a NIC in Azure. Then create a corresponding VLAN. Finally, create a pool and virtual server.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)