Original Publication Date: 08/23/2013
This release note contains information related to downloading and configuring BIG-IP® Virtual Edition (VE).
BIG-IP Local Traffic Manager Virtual Edition (VE) is a version of the BIG-IP system that runs as a virtual machine, packaged to run in a VMware® hypervisor environment. BIG-IP Local Traffic Manager VE includes all features of BIG-IP Local Traffic Manager, running on standard BIG-IP TMOS.
Note: The BIG-IP Local Traffic Manager VE product license determines the maximum allowed throughput rate. To view this rate limit, you can display the BIG-IP Local Traffic Manager VE licensing page within the BIG-IP Configuration utility.
BIG-IP Virtual Edition (VE) is compatible with VMware ESX® 4.0 and 4.1, and VMware ESXi™ 4.0 and 4.1 hosts.
The virtual machine guest environment for BIG-IP Local Traffic Manager VE includes these characteristics:
Note: When you use the VMware vSphere client system to deploy BIG-IP Local Traffic Manager VE on the ESX or ESXi host system, it is important that you retain the guest environment characteristics as shown here. Modifying these characteristics can produce unexpected results. Also note that the guest environment does not support vmmemctl, the memory balloon driver.
To deploy the BIG-IP Local Traffic Manager VE system on a VMware ESX or ESXi server, you perform the following tasks:
After you complete these tasks, you can log in to BIG-IP Local Traffic Manager VE system and run the Setup utility. Using the Setup utility, you can perform basic network configuration tasks such as assigning VLANs to interfaces.
There are specific requirements for the host system on which the BIG-IP Local Traffic Manager VE system can run.
To successfully deploy and run the BIG-IP Local Traffic Manager VE system, the host system must contain the following:
F5 Networks highly recommends that the host system contain CPUs based on AMD-V or Intel-VT technology.
The first steps in deploying BIG-IP Local Traffic Manager VE are to download the Zip file to your local system. You can then run the Deploy OVF Template wizard from within VMware vSphere Client. This wizard copies the file to the ESX/ESXi server and configures some network interface settings. Note that the Zip file contains a virtual disk image based on an Open Virtual Format (OVF) template. By following the steps in this procedure, you create an instance of the BIG-IP system that runs as a virtual machine on the host system.
Important: Do not modify the configuration of the VMware guest environment. This includes the settings for the CPU, RAM, and network adapters. Doing so can produce unexpected results.
This figure shows an example of a VMware ESX screen that you can use to view the status of the BIG-IP Local Traffic Manager VE virtual machine.
You must power on the BIG-IP Local Traffic Manager VE virtual machine.
BIG-IP Local Traffic Manager VE needs an IP address assigned to its virtual management port.
Tip: F5 Networks highly recommends that you specify a default route for the virtual management port.
When deploying BIG-IP Local Traffic Manager Virtual Edition on a VMware ESX or ESXi host, you should follow these best practices.
|Shared storage for virtual machines||Use NFS for shared virtual machine storage, although all types of VMware-supported storage are acceptable.|
|Redundant system configuration||Run the two units of an active/standby pair on separate physical hosts. You can accomplish this in two ways. You can manually create a virtual machine peer on each host, or, if you are using VMware Dynamic Resource Scheduler (DRS), you can create a DRS rule with the option Separate Virtual Machine that includes each unit of the BIG-IP Local Traffic Manager VE redundant pair. Note that BIG-IP Local Traffic Manager VE does not support VMware Fault Tolerance technology. For information on creating a DRS rule, refer to VMware's vSphere manuals.|
|Live migration||Perform live migration of BIG-IP Local Traffic Manager VE virtual machines (using VMware VMotion) on idle BIG-IP Local Traffic Manager VE virtual machines only. Live migration of BIG-IP Local Traffic Manager VE while the virtual machine is processing traffic could produce unexpected results.|
|VMware DRS environments||In DRS environments, perform live migration of BIG-IP Local Traffic Manager VE virtual machines (using VMware VMotion) on idle BIG-IP Local Traffic Manager VE virtual machines only. Live migration of BIG-IP Local Traffic Manager VE while the virtual machine is processing traffic could produce unexpected results. Disable automatic migrations by adjusting the VMware VMotion DRS Automation Level to Partially Automated, Manual or Disabled on a per-BIG-IP Local Traffic Manager VE basis.|
|Resource reservations||Increase the 2GHz default CPU reservation to prioritize BIG-IP Local Traffic Manager VE processing, if your normal traffic patterns cause BIG-IP Local Traffic Manager VE to consistently exceed that reservation. BIG-IP Local Traffic Manager VE presents a unique workload when virtualized, compared to other commonly virtualized services. Therefore, BIG-IP Local Traffic Manager VE is deployed by default with a 2GHz CPU reservation and a 2GB memory reservation. Together, these reservations prevent system instability on heavily loaded VMware hosts. Note that these reservations should be considered minimal.|
|Time synchronization||Configure all BIG-IP Local Traffic Manager VE systems to use an external time synchronization source. You can do this either by configuring NTP within BIG-IP Local Traffic Manager VE or by checking the Synchronize guest time with host box within vSphere Client and configuring all VMware hosts to share a single NTP time server or set of related NTP time servers. Note that units within a redundant system configuration must share a common time synchronization source, to prevent inconsistent system behavior.|
|Default route for management port||Define a default route for the virtual management port.|
This release contains the following known issues.
Status of virtual network interfaces (CR126854)
The BIG-IP system reports the status of host-only network interfaces as UNINITIALIZED, even though the interfaces are still functioning normally.
Auto-licensing and the default management route (CR133194)
If you have not defined a default route to the management port, interface 1.1 is used instead, which does not work. To prevent this from occurring, verify that you have defined a default route for the management port before attempting to activate a license.
Importing a User Configuration Set (UCS) with data from other BIG-IP modules (CR133762)
Importing a UCS file that contains configuration data from a module other than BIG-IP Local Traffic Manager can generate module-specific error messages during the import process. You can ignore these messages. The BIG-IP system safely imports only configuration data that is shared between modules.
Editing the virtual guest configuration (CR134076)
F5 Networks strongly recommends that you do not edit the virtual configuration of BIG-IP Local Traffic Manager VE, except for the virtual network interface mappings.
Unwanted characters on VMware console window (CR134154)
Due to console timing issues, unwanted characters might appear in the VMware console window.
Event log regarding insufficient video RAM (CR134473)
On VMware ESXi systems only, the following event message is logged: The maximum resolution of the virtual machine will be limited to 1176-885 at 16 bits per pixel. To use the configured maximum resolution of 2360-1770 at 16 bits per pixel, increase the amount of video RAM allocated to this virtual machine by setting svga.vramSize="16708800" in the virtual machine's configuration file. You can ignore this message or take the recommended action without adverse effects.
SSL::sessionid iRule command (CR135601)
The SSL::sessionid command within an iRule returns a blank value.
SSL alert codes (CR135917)
While handling malicious SSL traffic, upon error, the SSL alert code might describe a different, but similar, error type. Normal SSL traffic is not affected.
Time synchronization using VMware Tools or NTP protocol (CR135980)
If you want to use VMware Tools to enable time synchronization, you must check the Synchronize guest time with host box within vSphere Client. If you want to use the NTP protocol instead, you must first disable time synchronization in VMware Tools by clearing the box within vSphere Client. For more information, see the VMware vSphere Client documentation. Note that the two units of a BIG-IP Local Traffic Manager VE redundant system configuration must share the same time synchronization source.
bigpipe import command (CR136004)
Use of the b import default command can generate Security-Enhanced Linux (SELinux) errors. You can ignore these errors.
Link speed of management interface (CR136578)
The VMware system reports an incorrect link speed for the management interface. The reported link speed does not reflect the actual bandwidth capability.
Status of VMware Tools in vSphere (CR136980)
When the virtual machine is powered off, VMware vSphere incorrectly shows the status of VMware Tools as Not Installed. You can verify that VMware Tools is installed by viewing the IP Address and DNS Name fields on the vSphere screen. Note that when the virtual machine is powered on and fully booted, the status correctly shows as Unmanaged.
VMXNET3 availability (CR137014)
The VMXNET3 driver can become unavailable after you suspend and resume BIG-IP Local Traffic Manager VE. Resetting BIG-IP Local Traffic Manager VE solves the problem.
Support for Spanning Tree protocols (CR137326)
The BIG-VE system does not support the bridging protocols Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP).
Support for Link Aggregation Control Protocol (CR137328)
The BIG-IP Local Traffic Manager VE system does not support the trunking protocol LACP.
Use of VLAN groups (CR137596)
Use of VLAN groups with BIG-IP Local Traffic Manager VE requires proper configuration of VMware vSwitch or VMware vSwitch portgroup security policies. The Promiscuous Mode and Forged Transmits properties must be set to Accept. By default, Promiscuous Mode is set to Reject. For information on how to configure these options, refer to the vSwitch sections of VMware's vSphere manuals.
Use of Single Configuration File (SCF) feature (CR137597)
Copying an SCF from a VMware host system to an F5 hardware platform causes an error related to interface mismatching. To work around this issue, save the bigip.conf and bigip_sys.conf files within BIG-IP Local Traffic Manager VE, copy the files to the new platform, and then, on the new platform, run the commands bigpipe merge bigip.conf and bigpipe merge bigip_sys.conf.
Configuration of an OVF with additional interfaces (CR137616)
When you deploy an OVF with more than five interfaces (one management interface and more than four TMM interfaces), the interface numbering appears out of order. To view the actual TMM-to-VMware interface mapping, compare the MAC addresses of the interfaces displayed in the BIG-IP Configuration utility to those displayed in vSphere Client.
Use of SNMP OID for RMON tables (CR137905)
Setting the source OID for RMON alarm, event, and history tables generates an error message. You can safely ignore that error message.
Media speed messages in log file (CR137973)
When starting the BIG-IP system or when removing an interface from a VLAN, the system logs media-related messages to the file /var/log/ltm. You can ignore these messages.
Hard-wired failover (CR138100)
Hard-wired failover is unsupported in this release. When configuring redundant BIG-IP Local Traffic Manager VE virtual machines, configure the Network Failover screen within the BIG-IP Configuration utility.
Disabling TMM interfaces (CR138342)
When you disable a TMM interface, the interface continues to process traffic.
BIG-IP licensing and User Configuration Sets (CR138498)
When you import a UCS from another BIG-IP or BIG-VE system, the system overwrites the local license with the license contained in the UCS. To work around this issue, you can re-license the local system after importing the UCS by accessing a backup copy of the license file, located in /config/bigip.license.bak. Also note that when importing a UCS, you should ensure that the host names of the two systems differ. When the host names differ, the system correctly imports only the configuration data that is common to both the originating platform and the target platform. If the host names match, the system attempts to import all of the UCS configuration data, which can cause the import process to fail.
Exiting the Maintenance OS (MOS) shell at a system prompt (CR138672)
When you type exit at a BIG-IP system's MOS prompt, the system appears unresponsive.
HA events due to inactivity (CR138676)
If the VMware hypervisor runs the BIG-IP Local Traffic Manager VE software for fewer than four minutes continuously (due, for example, to a manual suspension or the timeout of network disk I/O), high-availability failure events occur. The system either stops and restarts key system processes, or triggers failover. This is intended system behavior.
VMware Vswitch Promiscuous Mode (CR138798)
When the VMware Vswitch Promiscuous Mode is set to Reject, the VLAN group transparency mode Opaque does not function correctly.
Importing a UCS from BIG-IP Virtual Edition Trial (CR139456)
When you import a UCS from BIG-IP Virtual Edition Trial, the system displays an error message. You can ignore this message.
For additional information, please visit http://www.f5.com.