F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Centers
  3. BIG-IQ Centralized Management
  4. F5 BIG-IQ Centralized Management: Access
  5. Managing Ongoing Change
Manual Chapter : Managing Ongoing Change

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 5.1.0
Manual Chapter
Table of Contents | << Previous Chapter | Next Chapter >>

How to manage ongoing configuration change

If you make changes on a BIG-IP® device before you have deployed the configuration from the BIG-IQ® system, configuration conflicts can occur. If conflicts do exist, when you deploy the configuration from the BIG-IQ system, you will have to choose between the configuration on the BIG-IQ or on the BIG-IP. You cannot keep both.

changing, evaluating and deploying on BIG-IQ is one cycle; changing on BIG-IP and then reimporting that change into BIG-IQ starts another cycle of change

Ongoing change

How does re-import impact the device-specific resources?

When you re-import the APM® service configuration, the process adds and deletes any device-specific resources that were added and deleted on the source device for the Access group. The process, however, does not overwrite any existing device-specific resources on the BIG-IQ® system.

Device-specific resources are processed like this whether you import the APM service configuration from the Device Management user interface, or if you use the Re-import Source option for an Access group.

Guidelines for making changes to the Access configuration

These are general guidelines for updating the configuration:

  • You should make any needed change that you can from the Access user interface.
  • If you still need to make changes, you should make them on the BIG-IP® source device.

See the table for more specific guidelines.

Resource Description
Access: Device-specific resource
  • Modify device-specific resources on the BIG-IQ® system and deploy the changes.
  • Add or delete device-specific resources on the source device; then re-import the service configuration into the BIG-IQ system.
Access: Shared resource Add, modify, and delete shared resources on the source device. Then re-import the service configuration into the BIG-IQ system.
Access: Pools and pool members You can add and update pools and pool members when you configure some AAA servers in Access. Any changes you make are immediately available in ADC. To deploy these changes, you must deploy ADC before you deploy APM.
ADC: Pools and pool members If you use ADC to add, update, or delete pools or pool members, you can create conflicts with the Access configuration. If you make changes in ADC, they are not available from Access.

ADC: Route domains and self-IP addresses To add or edit route domains and self-IP addresses, do so in ADC. To make the changes available in Access, deploy the LTM® working configuration and then reimport the LTM configuration to the BIG-IQ system,
ADC: Virtual servers Access configuration objects do not refer to virtual servers; however, you probably want to know how to configure them. You can add and edit virtual servers in ADC, but you can configure Access-specific settings, such as specifying an access profile, only on the BIG-IP system. You can add or edit virtual servers in either of these ways:
  • Add or edit virtual servers in ADC. Deploy the LTM configuration to one or more devices. Edit Access-specific settings on the BIG-IP systems. Reimport the LTM configuration to the BIG-IQ system.
  • Add or edit a virtual server on the BIG-IP system. Reimport the LTM configuration.
ADC: iRule, nodes, interfaces, routes, VLANs, DNS resolvers Access configuration objects do not refer to these objects directly. You do not need to worry about conflicts in the Access configuration.

Re-discovering and re-importing the APM service configuration

You can move any changes made to the Access Policy Manager® (APM®) service configuration on the source device into the working configuration for the BIG-IQ®system. You just re-import the source.
Note: When you use the Reimport Source option for an Access group, it re-discovers and re-imports the APM service configuration. It also detects whether changes were made to the LTM® service configuration and displays a message if you need to re-discover and re-import LTM first.
  1. Log in to F5® BIG-IQ® Centralized Management with your user name and password.
  2. At the top left of the screen, select Access from the BIG-IQ menu.
  3. In the Access Groups list on the right, click the name of the Access group.
    The Properties screen displays.
  4. Click Reimport Source.
    A confirmation message displays.
    Important: Reimporting the source can cause major changes to the working configuration.
  5. To continue with re-discovery and re-import, click Continue.
The APM service configuration is imported. Importing the APM service configuration can change objects in the ADC configuration.
You need to move any changes made to the ADC configuration on the source device to the non-source devices too; deploy the LTM service configuration to the non-source devices.

Re-discovering and re-importing the LTM service configuration

You can move any changes made to the Local Traffic Manager™ (LTM®) service configuration on the source device into the working configuration for the BIG-IQ®system. You just re-discover and re-import the LTM service configuration.
Note: If changes made to Local Traffic configuration objects in ADC dictate that you deploy LTM first, the system displays a message telling you to do that.
Important: Do not re-import the LTM service configuration from a non-source device.
  1. Log in to F5® BIG-IQ® Centralized Management with your user name and password.
  2. At the top left of the screen, select Device Management from the BIG-IQ menu.
  3. Click the name of the device you want to discover a service configuration from.
  4. On the left, click Services.
  5. For Local Traffic (LTM), click Re-discover.
    If the current configuration on the BIG-IQ is different than the one on the BIG-IP® device, BIG-IQ displays a screen for you to resolve the conflicts.
  6. If there are conflicts, select one of the following options for each object that is different, and then click the Continue button:
    • Use BIG-IQ to use the configuration settings stored on BIG-IQ.
    • Use BIG-IP to override the configuration setting stored on BIG-IQ with the settings from the BIG-IP device.
  7. For Local Traffic (LTM), select the Create a snapshot of the current configuration before importing. check box to save a copy of the device's current configuration.
    You're not required to create a snapshot, but it is a good idea in case you have to revert to the previous configuration for any reason.
  8. For Local Traffic (LTM), click Re-import.
The LTM service configuration is imported.
Table of Contents | << Previous Chapter | Next Chapter >>
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5 Networks, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information