Manual Chapter : After Deploying BIG-IP VE on KVM

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 13.1.1, 13.1.0

BIG-IP APM

  • 13.1.1, 13.1.0

BIG-IP Analytics

  • 13.1.1, 13.1.0

BIG-IP LTM

  • 13.1.1, 13.1.0

BIG-IP AFM

  • 13.1.1, 13.1.0

BIG-IP PEM

  • 13.1.1, 13.1.0

BIG-IP DNS

  • 13.1.1, 13.1.0

BIG-IP ASM

  • 13.1.1, 13.1.0
Manual Chapter

About licensing BIG-IP VE

In order to use BIG-IP VE, you must have a license from F5. Starting with BIG-IP VE version 13.1, you can revoke the license from a virtual machine and re-use it on another virtual machine.

From the Configuration utility, to revoke the license, go to System > License and click Revoke.

From tmsh, to revoke the license, run the command tmsh revoke sys license.

This functionality works for BIG-IP VE BYOL only.

Configure TSO support

The TCP Segmentation Offloading (TSO) feature, which includes support for large receive offload (LRO) and Jumbo Frames, is enabled by default.
Note: You must have the admin user role to enable or disable TSO support.
  1. Use an SSH tool to access the BIG-IP® VE command line.
  2. Log in as root.
  3. Type tmsh to open the tmsh utility.
    You will see tmsh at the prompt once the utility is opened.
  4. To determine whether TSO support is currently enabled, use the command:
    show sys db tm.tcpsegmentationoffload
  5. To enable support for TSO, use the command:
    sys db tm.tcpsegmentationoffload enable
  6. To disable support for TSO, use the command:
    sys db tm.tcpsegmentationoffload disable

Turn off LRO or GRO

Although there are a number of ways to turn off LRO, the most reliable way is to connect to the virtual machine and use the ethtool utility.
See the KVM documentation for more details.

Increase performance with multiple queues

You can increase throughput by enabling multiple queues on the host.
  1. Shut down the guest.
  2. Edit the guest’s XML by using a tool like virsh edit.
  3. In each desired virtio <interface> section, add the following element:
    <driver name='vhost' queues=’#’/>
    where # equals the number of queues.
    Note: The default number of queues for a KVM guest is 1. The optimum number of queues varies by deployment and depends on throughput needs and total desired guest footprint.
  4. Save the file.
  5. Start the guest.

About NIC teaming

NIC teaming, also known as port channels, bonding, or in BIG-IP, trunking, is defined by the Link Aggregation standard IEEE 802.1AX-2008 (formerly IEEE 802.3ad). This standard offers both increased bandwidth and link failure redundancy at Layer 2.

In a virtual environment, the same MAC address must be assigned to all teamed/aggregated ports. Either the hypervisor or the guest (in kernel trusted mode) can do this assignment.

SR-IOV uses virtual functions to send packets from two or more separate physical ports to the guest. The hypervisor never sees these packets.

In this case, LACP active monitoring in the guest is not possible because the guest does not receive bridge control packets.

Configure NIC teaming

To increase bandwidth and provide link failure redundancy, enable NIC teaming.
  1. On the host, complete the following steps.
    1. Enable SR-IOV.
    2. Expose virtual functions (VFs). For example:
      echo 4 > /sys/class/net/<device name>/device/sriov_numvfs
    3. Create VLANs for the VFs and assign MAC addresses. For example:
      • ip link set p2p1 vf <VF#> mac "00:01:02:03:00:21"
      • ip link set p2p1 vf <VF#> vlan <VLAN ID>

      VF# is 0, 1, .... and choose an arbitrary MAC address.

      Important: Ensure the MAC address is the same for each teamed NIC.
    4. Add the VFs to the guest.
  2. Then on BIG-IP VE, complete the following steps.
    1. Create the VLAN.
    2. Create the trunk. For example:
      tmsh create net <trunkname> interfaces add { 1.1 1.2 }
    3. Add the trunk to the VLAN. For example:
      tmsh create net vlan <vlanname> interfaces add { <trunkname> }
For more information on creating trunks in BIG-IP, see the trunking documentation on askf5.com.

Increase disk space for BIG-IP VE

Before proceeding with these steps, use Virt Manager to expand the disk size for the BIG-IP® VE virtual machine and reboot.
Use the BIG-IP VE tmsh utility to increase the amount of disk space used by the four BIG-IP VE directories:
  • /config
  • /shared
  • /var
  • /var/log
Note: At the time of this release, decreasing the VE disk size is not supported.

For each directory you want to resize, complete these steps.

  1. Use an SSH tool to access the BIG-IP VE tmsh utility.
  2. From the command line, log in as root.
  3. List the current size of the directories on your disk so you can determine which ones need to be resized.
    tmsh show sys disk directory
  4. Expand the size of the directories in which you need additional space.
    tmsh modify sys disk directory <directory name> new-size <new directory size in 1KB blocks>
    For example, use tmsh modify sys disk directory /config new-size 3145740 to increase the size of /config directory to 3145740 1KB blocks (or roughly 3,221,237,760 bytes).
  5. To confirm that the command you just submitted is properly scheduled, you can show the new list of directories again.
    tmsh show sys disk directory
  6. If you change your mind about a submitted size change, you can revoke the size change.
    tmsh modify sys disk directory /config new-size 0
    In this example, the size of the /config directory is left as is, revoking any scheduled size changes.
    After you submit this sequence of tmsh commands, the directory size changes will be scheduled to occur the next time the BIG-IP VE virtual machine (VM) is rebooted.
The next time the VM running BIG-IP VE reboots, the changes are applied.

Change the NIC used for BIG-IP VE management

By default, management traffic goes through the eth0 NIC and data traffic goes through the other available NICs. If you need to use eth0 for data traffic, you can change the NIC that management traffic goes through.
  1. Use SSH to connect to BIG-IP VE.
  2. If you need to determine which NICs are available, stop TMM by typing bigstart stop tmm. Then type ip addr to view the list of available NICs.
  3. Change the management NIC by typing tmsh modify sys db provision.managementeth value eth1 where eth1 is the NIC you want to use for management. You can use any available NIC.
  4. Press Enter.
  5. Reboot BIG-IP VE by typing reboot and pressing Enter.
When BIG-IP VE is running again, you can use eth0 for data.
Note: If the subnet associated with the management NIC does not have DHCP, you must assign a new IP address by using the BIG-IP Configuration utility tool.

About routes in a single NIC configuration

If you want to configure a static route that relies on a gateway in the same subnet as the self IP address, you must first disable the setting that enforces single NIC setup:

modify sys db provision.1nicautoconfig value disable

Confirm that the value is correct by typing list sys db provision.1nicautoconfig.

The return value should be disable.

If you do not change this value, any time you reboot BIG-IP VE, the manually-configured static route will cause validation errors during load sys config.

Change from single NIC to multi-NIC

When you initially boot BIG-IP VE, if it recognized only one NIC, then some network configuration was done automatically. If you want to use more than one NIC, complete the following steps.
  1. Use an SSH tool to connect to BIG-IP VE.
  2. Return to the default configuration.
    tmsh load sys config default
  3. Save the changes.
    tmsh save sys config
  4. Set a database variable so that the number of NICs will be recognized on reboot.
    setdb provision.1nic enable
  5. Reboot BIG-IP VE.
    reboot
When the BIG-IP VE instance is up and running, multiple NICs will be recognized and you can begin configuring BIG-IP VE.

Change from multi-NIC to single NIC

If you have a BIG-IP VE configuration with multiple NICs, you can simplify the configuration to have only one NIC. When you boot the BIG-IP VE and only one NIC is recognized, some networking objects are created automatically for you.
  1. Use an SSH tool to connect to BIG-IP VE.
  2. Return to the default configuration of BIG-IP VE.
    tmsh load sys config default
  3. Save the changes.
    tmsh save sys config
  4. Set a database variable so that the number of NICs will be recognized on reboot.
    setdb provision.1nic forced_enable
  5. Reboot BIG-IP VE.
    reboot
When the BIG-IP VE instance is up and running, it will have a single NIC and related network objects will be created.