Applies To:

Show Versions Show Versions

Manual Chapter: Configuring an EtherIP Tunnel
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Overview: Preserving BIG-IP connections during live virtual machine migration

In some network configurations, the BIG-IP system is configured to send application traffic to destination servers that are implemented as VMware virtual machines (VMs). These VMs can undergo live migration, using VMware vMotion and an iSession tunnel, across a wide area network (WAN) to a host in another data center.

To preserve any existing connections between the BIG-IP system and a virtual machine while the virtual machine migrates to another data center, you can create an EtherIP tunnel.

An EtherIP tunnel is an object that you create on each of two BIG-IP systems that sit on either side of a WAN. The EtherIP tunnel uses the industry-standard EtherIP protocol to tunnel Ethernet and IEEE 802.3 media access control (MAC) frames across an IP network. The two EtherIP tunnel objects together form a tunnel that logically connects two data centers. When the application traffic that flows between one of the BIG-IP systems and the VM is routed through the EtherIP tunnel, connections are preserved during and after the VM migration.

After you have configured the BIG-IP system to preserve connections to migrating VMs, you can create a Virtual Location monitor for the pool. A Virtual Location monitor ensures that the BIG-IP system sends connections to a local pool member rather than a remote pool one, when some of the pool members have migrated to a remote data center.

Tip: The BIG-IP system that is located on each end of an EtherIP tunnel can be part of a redundant system configuration. Make sure that both units of any redundant system configuration reside on the same side of the tunnel.

Illustration of EtherIP tunneling in a vMotion environment

Task summary

Implement an EtherIP tunneling configuration to prevent the BIG-IP system from dropping existing connections to migrating virtual machines in a vMotion environment. To set up this configuration, you must verify a few prerequisite tasks, as well as create some configuration objects on the BIG-IP system.

Important: Perform these tasks on the BIG-IP system in both the local data center and the remote data center.

Prerequisites

Before you begin configuring EtherIP tunneling, verify that these BIG-IP objects and module exist on the BIG-IP system:

An iSession profile
This profile creates an iSession tunnel to optimize the live migration of virtual machine servers from one data center to another.
A load balancing pool
This pool represents a collection of virtual machines on a host server in the data center.
A standard TCP or UDP virtual server
This virtual server load balances application traffic and optimizes vMotion traffic. This virtual server must reference the iSession profile and the load balancing pool.
The default VLANs
These VLANs are named external and internal.
BIG-IP Global Traffic Manager
This module directs traffic to the correct BIG-IP Local Traffic Manager virtual server.

Task list

Creating a VLAN

VLANs represent a collection of hosts that can share network resources, regardless of their physical location on the network.
  1. On the Main tab, click Network > VLANs. The VLAN List screen opens.
  2. Click Create. The New VLAN screen opens.
  3. In the Name field, type a unique name for the VLAN. Names can contain only letters, numbers, and the underscore character.
  4. In the Tag field, type a numeric tag, from 1 to 4094, for the VLAN. Leave the field blank if you want the BIG-IP system to automatically assign a VLAN tag. The VLAN tag identifies the traffic from hosts in the associated VLAN.
  5. For the Interfaces setting, in the Available list, click an interface number or trunk name and add the selected interface or trunk to the Untagged list. Repeat this step as necessary.
  6. From the Configuration list, select Advanced.
  7. Select the Source Check check box if you want the system to verify that the return route to an initial packet is the same VLAN from which the packet originated.
  8. If you want to base redundant-system failover on VLAN-related events, check the Fail-safe box.
  9. In the MTU field, retain the default number of bytes (1500).
  10. Click Finished. The screen refreshes, and displays the new VLAN in the list.

Creating an EtherIP profile

An EtherIP profile is a required component of an EtherIP tunnel in a vMotion environment. An EtherIP profile manages application traffic that traverses an EtherIP tunnel, for the purpose of preserving connections when a virtual machine is migrating to another data center. You must perform this task using the Traffic Management shell (tmsh), a command-line utility.
  1. On the BIG-IPsystem, start a console session.
  2. Type a user name and password, and press Enter.
  3. At the system prompt, type tmsh, and press Enter. This opens the Traffic Management shell (tmsh).
  4. At the tmsh prompt, type net tunnel, and press Enter.
  5. Type create etherip etherip_profile_name, and press Enter. This command creates an EtherIP profile, assigning all of the default values.
  6. Type save / sys config, and press Enter.
  7. To exit the Traffic Management shell (tmsh), type quit, and press Enter.
You now have an EtherIP profile that you can specify when you create an EtherIP tunnel object.

Creating an EtherIP tunnel object

Prerequisites: You must know the self IP address of the instance of the VLAN that exists, or will exist, on the BIG-IP system in the other data center.
The purpose of an EtherIP tunnel that contains an EtherIP type of profile is to enable the BIG-IP system to preserve any current connections to a server that is migrating to another data center by way of vMotion. You must perform this task using the Traffic Management shell (tmsh), a command-line utility.
  1. On the BIG-IP system, start a console session.
  2. Type a user name and password, and press Enter.
  3. At the system prompt, type tmsh and press Enter. This opens the Traffic Management shell (tmsh).
  4. Type net tunnels, and press Enter.
  5. Type the following command, and then press Enter: Note that the self IP addresses that you specify are those that you create for the VLAN on both the local and the remote BIG-IP system. create tunnel tunnel_name profile etherip local-address local_self_ip_address remote-address remote_self_ip_address
  6. Type save / sys config, and press Enter.
  7. To exit the Traffic Management shell (tmsh), type quit, and press Enter.
The BIG-IP system configuration now includes a tunnel object.

Creating a VLAN group

VLAN groups consolidate Layer 2 traffic from two or more separate VLANs.
  1. On the Main tab, click Network > VLANs > VLAN Groups. The VLAN Groups list screen opens.
  2. Click Create. The New VLAN Group screen opens.
  3. In the General Properties area, in the VLAN Group field, type a unique name for the VLAN group. Names can contain only letters, numbers, and the underscore character.
  4. For the VLANs setting, move the VLANs that you want to include in the group from the Available list to the Members list.
  5. From the Transparency Mode list, select a transparency mode, or retain the default setting, Transparent. The transparency mode determines the level of exposure of remote MAC addresses within the VLAN group traffic.
    Mode Purpose
    Transparent The MAC addresses of remote systems are exposed in Layer 2 traffic forwarding.
    Translucent Similar to Transparent mode, except the locally-unique bit is set in the MAC addresses of remote systems.
    Opaque The system uses proxy ARP with Layer 3 forwarding, so the MAC addresses of remote systems are not exposed.
  6. Select the Bridge All Traffic check box if you want the VLAN group to forward all frames, including non-IP traffic. The default setting is disabled (not selected).
  7. Leave the Bridge in Standby check box selected if you want the VLAN group to forward frames even when the system is the standby unit of a redundant system.
  8. Click Finished.

Creating a self IP for a VLAN

Ensure that you have at least one VLAN or VLAN group configured before you create a self IP address.
Self IP addresses enable the BIG-IP system, and other devices on the network, to route application traffic through the associated VLAN or VLAN group.
  1. On the Main tab, click Network > Self IPs. The Self IPs screen opens.
  2. Click Create. The New Self IP screen opens.
  3. In the Name field, type a unique name for the self IP. Names can contain only letters, numbers, and the underscore character.
  4. In the IP Address field, type an IP address. This IP address should represent the address space of the VLAN that you specify with the VLAN/Tunnel setting. The system accepts IP addresses in both the IPv4 and IPv6 formats.
  5. In the Netmask field, type the network mask for the specified IP address.
  6. From the VLAN/Tunnel list, select the VLAN to associate with this self IP address. If creating a self IP address for an address space:
    • On the internal network, select the VLAN that is associated with an internal interface or trunk.
    • On the external network, select the VLAN that is associated with an external interface or trunk.
  7. From the Port Lockdown list, select Allow Default.
  8. Click Finished. The screen refreshes, and displays the new self IP address in the list.
The BIG-IP system can send and receive traffic through the specified VLAN or VLAN group.

Creating a self IP for a VLAN group

Ensure that you have at least one VLAN or VLAN group configured before you create a self IP address.
After you have created the VLAN group, create a self IP address for the VLAN group. The self IP address for the VLAN group provides a route for packets destined for the network. With the BIG-IP system, the path to an IP network is a VLAN. However, with the VLAN group feature used in this procedure, the path to the IP network 10.0.0.0 is actually through more than one VLAN. As IP routers are designed to have only one physical route to a network, a routing conflict can occur. The self IP address feature on the BIG-IP system allows you to resolve the routing conflict by associating a self IP address with the VLAN group.
  1. On the Main tab, click Network > Self IPs. The Self IPs screen opens.
  2. Click Create. The New Self IP screen opens.
  3. In the IP Address field, type an IP address. This IP address should represent the address space of the VLAN group that you specify with the VLAN/Tunnel setting. The system accepts IP addresses in both the IPv4 and IPv6 formats.
  4. In the Netmask field, type the network mask for the specified IP address.
  5. From the VLAN/Tunnel list, select the VLAN group with which to associate this self IP address.
  6. From the Port Lockdown list, select Allow Default.
  7. Click Finished. The screen refreshes, and displays the new self IP address in the list.
The BIG-IP system can send and receive traffic through the specified VLAN or VLAN group.

Creating a Virtual Location monitor

When the BIG-IP system is directing application traffic to pool members that are implemented as virtual machines, you should configure a Virtual Location type of monitor on the BIG-IP system. A Virtual Location monitor determines if a pool member is local to the data center or remote, and assigns a priority group to the pool member accordingly. The monitor assigns remote pool members a lower priority than local members, thus ensuring that the BIG-IP directs application requests to local pool members whenever possible.
  1. On the Main tab, click Local Traffic > Monitors. The Monitor List screen opens.
  2. Click Create. The New Monitor screen opens.
  3. Type my_virtual_location_monitor in the Name field.
  4. From the Type list, select Virtual Location.
  5. From the Configuration list, select Advanced.
  6. Retain the default value (in seconds) of 5 in the Interval field.
  7. Retain the default value of Disabled in the Up Interval list.
  8. Retain the default value (in seconds) of 0 in the Time Until Up field.
  9. Retain the default value (in seconds) of 16 in the Timeout field.
  10. Type the name of the pool that you created prior to configuring EtherIP tunneling in the Pool Name field.
  11. Click Finished.
After configuring the Virtual Location monitor, the BIG-IP system assigns each member of the designated pool a priority group value to ensure that incoming connections are directed to a local pool member whenever possible.
F5 Networks recommends that you verify that BIG-IP Global Traffic Manager(GTM) has automatically assigned a BIG-IP type of monitor to BIG-IP Local Traffic Manager(LTM). A BIG-IP type of monitor can use the priority group assigned to each pool member to retrieve a gtm_score value.

Syncing the BIG-IP configuration to the device group

Prerequisite: Ensure that all devices targeted for config sync are members of a device group.
To ensure that the entire redundant system configuration operates properly within the device group, you must synchronize the BIG-IP configuration data from the local device to all devices in the group.
Important: Perform the following procedure on one of the two devices.
Note: When synchronizing self IP addresses, the BIG-IP system synchronizes floating self IP addresses only. Static self IP addresses are not synchronized.
  1. On the Main tab, click Device Management > Device Groups. This displays a list of existing device groups, if any.
  2. In the Group Name column, click the name of the relevant device group.
  3. On the menu bar, click Config Sync.
  4. Click Synchronize TO Group.
Except for static self IP addresses, the entire set of BIG-IP configuration data is replicated on each device in the device group.

Implementation results

After you configure EtherIP tunneling on the BIG-IP system, you must perform the same configuration procedure on the BIG-IP system in the remote data center to fully establish the EtherIP tunnel.

After the tunnel is established, the BIG-IP system preserves any open connections to migrating (or migrated) virtual machine servers.

Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)