Applies To:

Show Versions

Manual Chapter: Getting Started with BIG-IQ Virtual Edition

Table of Contents | Next Chapter >>

Getting Started with BIG-IQ Virtual Edition

What is BIG-IQ Virtual Edition?

BIG-IQ Virtual Edition (VE) is a version of F5 BIG-IQ Centralized Management that runs as a virtual machine on specifically-supported hypervisors. BIG-IQ VE emulates a hardware-based BIG-IQ system running a VE-compatible version of BIG-IQ software.

BIG-IQ VE compatibility with OpenStack

Each time there is a new release of BIG-IQ Virtual Edition (VE) software, it includes support for additional public and private cloud products. The Virtual Edition and Supported Hypervisors Matrix on the AskF5 website, support.f5.com , details which are supported for each release.

Important: other than those identified in this guide are not supported with this BIG-IQ version: any installation attempts on unsupported platforms might not be successful.

Hypervisor guest definition requirements

The OpenStack virtual machine guest environment for the BIG-IQ Virtual Edition (VE), at minimum, must include:

Important: If you do not supply at least the minimum virtual configuration limits, it produces unexpected results.

Important: The resources required for a BIG-IQ virtual machine depend to some degree on what you intend to do with it. Refer to Determine the resources required for deployment on support.f5.com for details.

Determine the resources required for deployment

CPU, RAM, and disk space requirements are determined by the following factors.

Are you deploying a BIG-IQ system or a data collection device (DCD)?
If you are deploying a DCD, how much storage do you need? Refer to the for guidance.
How much performance do you need?

Note: When you deploy the BIG-IQ software, you can choose 95 GB or 500 GB of disk space. If you choose 500 GB, only 95 GB of the 500 GB is allocated initially. You must allocate extra disk space beyond 95 GB before you can use it.

Usually, the extra storage space is for DCDs. However, there are also situations in which BIG-IQ systems can use the extra space. For example, you might want to store a large number of UCS backups. Or, your business needs might require you to store multiple versions of the BIG-IQ software so you can upgrade back and forth between BIG-IQ versions.

Table 1. BIG-IQ resource deployment requirements
Deployment type	CPUs	RAM	Disk Space
BIG-IQ system	4 or 8 See When do I need extra resources?	16, 32, or 64 GB See When do I need extra resources?	Generally, 95 GB; or if extra space is needed, 500 GB.
Data collection device	4	16 GB	Initially, 500 GB.
Higher performance and scale	8	32 or 64 GB	VE disk space can be extended further as needed.

Note: For a broader consideration of the factors that impact disk space requirements for a DCD refer to the BIG-IQ Centralized Management DCD Sizing Guide on support.f5.com.

Note: For work flows that describe how to manage your disk space, refer to the BIG-IQ Centralized Management: Data Collection Device Disk Space Management guide on support.f5.com.

Important: CPU and RAM pairings other than those listed above have not been tested.

When do I need extra resources?

When the BIG-IQ system you deploy manages a number of devices that exceeds specified thresholds, F5 recommends that you use 8 CPUs and either 32 or 64 GB of RAM. These thresholds vary depending on which modules are licensed on the devices that the BIG-IQ manages and where the devices are deployed.

The following table lists thresholds for each BIG-IP module that impacts the amount of RAM that a BIG-IQ requires. For example, if the BIG-IQ manages more than 32 devices provisioned with the Access module, you should use 32 GB instead of 16.

A BIG-IQ managing devices...	Needs 32 GB to manage more than:
provisioned with Access	32 devices
provisioned with ADC	80 devices
provisioned with ASM	40 devices
provisioned with DNS	100 devices
provisioned with FPS	50 devices
deployed in a VMware service scaling group	100 devices
deployed in an AWS or Azure service scaling group	50 devices

Note: This is a rough approximation. Depending on the number of objects on each BIG-IP, you might need more or less RAM. Additionally, when the devices managed by the BIG-IP are provisioned with multiple modules, the RAM requirement increases.

OpenStack deployment overview

Before you can deploy a BIG-IQ VE in the OpenStack environment, you must have the following environmental elements in place:

A tenant (or admin) user account with virtual machine deployment privileges.
Privileges to create images (that is you must be able to upload QCOW2 files). Contact your system administrator for assistance if your account lacks the requisite permissions.
Sufficient free remaining computational (CPU, RAM) and disk storage quota for each BIG-IQ VE instance you plan to deploy.
At least one network, to be used for management access.
Security groups (firewall rule-sets), for control of inbound and outbound network traffic.
Pre-defined Flavors (virtual hardware profile definitions).

In addition, you might wish to define the following optional environmental elements:

Key-pairs, for SSH access (recommended).
Floating IP addresses, for each tenant network interface that will be externally accessible.
Additional networks for internal, external, and high-availability traffic as necessary.

Host machine requirements and recommendations

To successfully deploy and run the BIG-IQ VE system, the host system must satisfy minimum requirements.

The host system must include these elements:

OpenStack on Linux distribution with the native KVM package as its compute (hypervisor) node.
Note: The BIG-IQ Virtual Edition and Supported Hypervisors Matrix, published on support.f5.com identifies the Linux versions currently supported.

The OpenStack Horizon Dashboard
Note: Power users might prefer to use the OpenStack command line or APIs to deploy and configure the BIG-IQ VE. Consult the OpenStack API documentation for your distribution for details on how to use these APIs.
Connection to a common NTP source (this is especially important for each host in a redundant system configuration).

Important: The hypervisor CPU must meet the following requirements:

Use a 64-bit architecture.
Have support for virtualization (AMD-V or Intel VT-x) enabled.
Support a one-to-one thread-to-defined virtual CPU ratio, or (on single-threading architectures) support at least one core per defined virtual CPU.
Intel processors must be from the Core (or newer) workstation or server family of CPUs.

Deploying BIG-IQ Virtual Edition in OpenStack

Before you get started, you need a security group, a key pair, and a floating IP address for each externally accessible interface. If you are unfamiliar with these prerequisites, refer to the OpenStack documentation for details. To deploy a BIG-IQ VE in your OpenStack environment, you perform the following tasks:

Upload a BIG-IQ disk image to the OpenStack environment Datastore.
Create a new disk volume instance.
Use the wizard to launch the new instance.
Power on the BIG-IQ VE virtual machine for the first time.
Set up the management network on the BIG-IQ virtual machine.
Determine whether you need to set the BIG-IQ VE MTU value and (it necessary) set it.

Upload a BIG-IQ image to your OpenStack environment

Before you can deploy a BIG-IP VE in the OpenStack environment, you need access to OpenStack environment you plan to deploy it in.

To install the BIG-IQ VE in OpenStack, the software image must be in the Openstack environment.

In a browser, open the F5 Downloads page (https://downloads.f5.com) and log in.
On the Downloads Overview page, click Find a Download.
Under Product Line, click Centralized Management.
Click the link for the BIG-IQ version that you are installing.
If the End User Software License is displayed, read it and then click I Accept.
Determine which BIG-IQ Virtual Edition file package to download.
- If you are deploying a BIG-IQ Centralized Management device, download the file name that ends in .qcow2.zip. This package creates a 95GB disk footprint at installation.
- If you are deploying a Data Collection Device, download the file name that ends in LARGE.qcow2.zip. This package creates a 500GB disk footprint at installation.
Extract the qcow2 file from the Zip archive and save it temporarily to your workstation’s local storage.
Log in to your OpenStack environment dashboard.
Navigate to Project > Compute > Images to display the Images page, and then click Create Image.
On the Create Image dialog box, type a name and an optional description for the VE in the Image Name and Image Description fields.
Click Browse, and then navigate to the location to which you extracted the qcow2 image and select it.
To comply with your policies or business requirements, you can specify values for other fields on this page and on the next two pages, but these additional values are optional.
Click Create Image to start the image upload to the OpenStack environment.

Note: Although an animation should display to indicate the progress of this process, timeouts in the OpenStack user interface do occur. If the process seems to be taking longer than it should, refresh to update the view.

Create a new disk volume

Before you can create a new disk volume for a BIG-IQ VE, you must have the F5 software image in your OpenStack environment.

You need a disk volume in your OpenStack environment that you can use to launch the new BIG-IQ VE instance.

Important: Depending on your business practices, permissions, or personal preference, you might choose to create the new volume as part of the instance launch process, instead of as a separate task. The workflow provided here is just one way to get the job done.

From the OpenStack dashboard, click Project > Compute > Volumes to display the Volumes page, and then click Create Volume.
Type a Volume Name and Description.
From Volume Source, select Image.
From Use image as a source, select the image you uploaded for install.
In Size (GiB), type the minimum disk size for the new volume you are creating.
The volume size you specify must not be less than the actual size of the original image (QCOW2) file.
- For a BIG-IQ system, 95 GB is the recommended minimum size.
- For a DCD, 500 GB is the recommended minimum size.
Click Create Volume to start the process.

Note: Although an animation should display to indicate the progress of this process, timeouts in the OpenStack user interface do occur. If the process seems to be taking longer than it should, refresh to update the view.

Use the wizard to launch a new instance

Before you launch a new instance, you must have created the disk volume in your OpenStack environment.

To use a BIG-IQ instance in your OpenStack environment, you need to launch the instance.

Note: Do not use configuration settings (CPU, RAM, and network adapters) that provide fewer resources than those recommended and described here.

From the OpenStack dashboard, click Project > Compute > Instances to display the Instances page, and then click Launch Instance.
The Launch Instance dialog box opens on the Details page.
Type an Instance Name, and make sure the Count reflects how many instances you want to create, then click Next.
The Source page opens.
From Select Boot Source, choose Volume.

Note: Other options are supported for this control, but this is the most straightforward way to get up and running.
Identify the volume you want, click + to select it, and then click Next.

Tip: If you have a lot of available volumes and want to find the one you want faster, you can type into the filters box so only volumes that match your filter criteria are listed. Then, you can sort the columns so that the volume you are looking for is easier to find.

The Flavor page opens. In the OpenStack environment, a Flavor is a predefined virtual hardware profile that you can launch.
Identify the flavor you want to use, click + to select it, and then click Next.

Tip: Again, you can use the filter and column sort to find the image more quickly.

The Networks page opens.
Starting with the management network, identify the network interfaces that you want the instance to have, and click + to add them.

Important: It is essential that you add the management network first.

If the new instance requires further customization to comply with your business processes, you can use the Next and Back buttons to access the remaining pages and specify additional detail. Otherwise, this instance is ready to launch.
When you are satisfied with the specifications for the new instance, click Launch Instance.

Note: Although an animation should display to indicate the progress of this process, timeouts in the OpenStack user interface do occur. If the process seems to be taking longer than it should, refresh to update the view.

Power on the BIG-IQ VE virtual machine for the first time

You power on the virtual machine so that you can make the BIG-IQ Virtual Edition (VE) accessible from the console.

From the OpenStack dashboard, click Project > Compute > Instances to display the Instances page, and then click Start Instance.

After the system completes the initialization process, two built-in user accounts are enabled that provide you with the access you need to complete initial configuration and setup:

The root account provides initial user access to command shells. You can use a local console connection, or you can use SSH. This account also provides access to the F5 Configuration utility. The initial root account password is default.
The admin account provides initial user access through the web interface. The initial admin account password is admin.

Important: You should change passwords for both accounts before bringing a system into production.

Before you can access this BIG-IQ VE instance, you must set up the management interface.

You might also need to modify this instance's MTU settings before you can connect to it.

To configure external access to the Web interface using a floating IP address, you must modify this instance's MTU settings. Refer to Set BIG-IQ VE MTU values to pass traffic between tenant and external networks on support.f5.com for details.
To configure a connection using a direct uplink between the external network and the BIG-IQ VE management interface, it might not be necessary to change the MTU settings. With a direct uplink, traffic does not pass through an Open-vSwitch router.

Set up the management network on the BIG-IQ virtual machine

How you set up the BIG-IQ Virtual Edition (VE) management user interface depends on how the network interfaces are attached.

If the interfaces attach to a tenant network subnet that allocates IP addresses from a pre-defined static IP pool, an IP address is automatically assigned to the interface during deployment. In this case, you must use this address to access the BIG-IQ VE user interface or tmsh command-line utility.
If the interfaces (whether attached to tenant or external networks) are allocated their IP addresses using a DHCP server, then an IP address is automatically assigned to the BIG-IQ VE interface during deployment. You can use this address to access the BIG-IQ VE user interface or tmsh command-line utility.
If the interfaces attach to a tenant or external network without a mechanism for allocating IP addresses, you must manually assign an unused address to the network interface that complies with the required subnet criteria.

In your initial access to the BIG-IQ VE user interface, you should set the management address as manual (static).

From the OpenStack dashboard, click Project > Compute > Instances to display the Instances page, and then select the check box for the instance you want to access.
On the right side of the screen, from the Actions list, select Console to open a console session for this BIG-IQ VE instance.
At the login prompt, type root.
At the password prompt, type default.
Type config and press Enter.
The F5 Management Port Setup screen opens.
Click OK.
Determine how to assign the management port:
- If you want DHCP to automatically assign an address for the management port, select Yes.
- To manually assign an IP address and netmask for the management port, select No and follow the instructions to set the IPv4 address, network mask, and management route (gateway address).

You can use the shell command tmsh list sys management-ip to confirm that the management IP address has been properly assigned.

You can now log in to the BIG-IQ VE user interface, and license and provision the VE.

Deciding whether you need to change the BIG-IQ VE MTU value

If your BIG-IQ VE needs to pass network traffic between an internal tenant (private) network and an external (public) network using an OpenStack virtual machine, the traffic must be directed through a router. The typical OpenStack configuration routes this through an Open-vSwitch Router. When data blocks pass through the router in this scenario, the traffic incurs a 50 byte overhead. For a BIG-IQ VE that sends and receives network traffic through interfaces that connect to internal tenant and external public networks, you must reduce the VE instance’s MTU value by 50 to account for that overhead.

Note: This requirement applies to other virtual machine types (such as BIG-IP and Linux) not just BIG-IQ Virtual Edition.

A common indication that you need to adjust the MTU value is when you can make an SSH connection to the BIG-IQ, but you cannot make a web connection over HTTPS. If everything else is configured correctly, then check to see if the MTU setting is causing the issue. Correct configuration (in this case) means:

Ports 22 and 443 are open to receiving traffic.
All required system services appear to be running normally.
There is no abnormal consumption of system resources (RAM and CPU).

To verify that the MTU setting is causing the issue, you can log in to the BIG-IQ using SSH and run the following command: ifconfig eth0 mtu 1450. Then try connecting to the BIG-IQ again using your browser. If you can connect successfully, then you know that the MTU setting is the issue, and you need to permanently modify the MTU setting to make sure the user interface performs properly.

If you change the MTU value on the BIG-IQ using the command line, the value resets to 1500 whenever the VE reboots. So you need to edit the custom configuration file so that any time the VE restarts, the config file sets the correct value.

Set BIG-IQ VE MTU values to pass traffic between tenant and external networks

You edit the custom configuration file so that any time the VE restarts, it sets the MTU value correctly.

Access the BIG-IQ bash command shell.
You can access this shell from the OpenStack console or you can use SSH to log in to the BIG-IQ VE.
In the command shell, type the command sudo vim /config/startup.
Type the user password when prompted.
The config startup file opens for editing.
Type I to enter insert (edit) mode and add either of these two commands to the end of the file:
- ifconfig eth0 mtu 1450
- ip link set eth0 mtu 1450
Press the Esc key to exit insert mode.
Type :w! and press Enter to commit changes.
Type :q to exit the editor and return to the command prompt.
To verify the change was saved, type cat /config/startup.
To reboot the VE, type tmsh reboot.
When the reboot completes, return to the command shell and type ifconfig eth0 and verify that the new MTU value persists.
Access the BIG-IQ bash command shell run, and then type the following commands to change the MTU value for the default route in the device route table.
1. tmsh modify sys management-route default {mtu 1450}
2. tmsh save sys config
To verify the change, type ip route.
This change to the local route table is persistent, so you do not need to make a change to the /config/startup file.