Manual Chapter :
Initial vCMP Configuration Tasks
Applies To:
Show VersionsBIG-IP AAM
- 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0
BIG-IP APM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0
BIG-IP LTM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0
BIG-IP AFM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0
BIG-IP DNS
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0
BIG-IP ASM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0
Initial vCMP Configuration Tasks
About vCMP application volume
management
When you provisioned the vCMP®
feature as part of system setup, the BIG-IP® system
allocated most of the total disk space to the vCMP application volume (by default, all but 30
gigabytes). Known as the
reserve disk space
, this 30 gigabytes
of disk space is left available for other uses, such as for installing additional versions of the
BIG-IP system in the future.Do not attempt to change the amount of reserved disk space after you have
provisioned the vCMP feature. Changing the reserved disk space after provisioning produces
unwanted results.
vCMP host administrator tasks
Before you configure the vCMP® host, make sure you
followed the VIPRION setup tasks described in the guide
VIPRION Systems:
Configuration
. After using that guide, you should now have a VIPRION®
system that is provisioned for vCMP, with the standard external, internal, and high-availability
VLANs configured.As a vCMP® host administrator, you have the important task of initially
planning the amount of total system CPU and memory that you want the vCMP host to allocate to
each guest. This decision is based on the resource needs of the particular BIG-IP® modules that guest administrators intend to provision within each guest, as well as
the maximum system resource limits for the relevant hardware platform. Thoughtful resource
allocation planning prior to creating the guests ensures optimal performance of each guest. Once
you have determined the resource allocation requirements for the guests, you are ready to
configure the host.
Overall, your primary duties are to create and manage guests,
ensuring that the proper system resources are allocated to those guests.
Task summary
Accessing the vCMP host
Performing this task allows you to access the vCMP host. Primary reasons to access
the host are to create and manage vCMP guests, manage virtual
disks, and view or manage host and guest properties. You can also view host and
guest statistics.
- From a system on the external network, display a browser window.
- In the URL field, type a management IP address that you previously assigned to the system, as follows:https://<ip_address>The browser displays the login screen for the BIG-IP Configuration utility.
Creating a vCMP
guest on a VIPRION platform
Before creating a guest on the system, verify that you have configured the base network on the system to create any necessary trunks, as well as VLANs for guests to use when
processing application traffic.
You create a guest when you want to create an instance of the BIG-IP software for
the purpose of running one or more BIG-IP modules to process
application traffic. For example, you can create a guest that runs BIG-IP
Local Traffic Manager and BIG-IP
DNS. When creating a guest, you specify the
number of logical cores per slot that you want the vCMP host to allocate to each guest,
as well as the specific slots that you want the host to assign to the guest.
When creating a guest, if you see an error message such as
Insufficient disk space on /shared/vmdisks. Need 24354M additional
space.
, you must delete existing unattached virtual disks until you have
freed up that amount of disk space.If you are planning to add this guest to a Sync-Failover device
group and enable connection mirroring with a guest on another chassis, you must
ensure that the two guests are configured identically with respect to slot
assignment and core allocation. That is, the number of cores, the number of slots,
and even the slot numbers on which the guests reside must be the same. Therefore,
you must ensure that on each guest of the mirrored pair, the values match for the
Cores per Slot
, Number of Slots
,
Minimum Number of Slots
, and Allowed
Slots
settings.- Use a browser to log in to the VIPRION chassis, using the primary cluster management IP address.If you provisioned the system for vCMP, this step logs you in to the vCMP host.
- On the Main tab, click.This displays a list of guests on the system.
- ClickCreate.
- From thePropertieslist, selectAdvanced.
- In theNamefield, type a name for the guest.
- In theHost Namefield, type a fully-qualified domain name (FQDN) name for the guest.If you leave this field blank, the system assigns the namelocalhost.localdomain.
- From theCores Per Slotlist, select the total number of logical cores that the guest needs, based on the guest's memory requirements.The value you select causes the host to assign that number of cores to each slot on which the guest is deployed. The host normally allocates cores per slot in increments of two (two, four, six, and so on).Cores for a multi-slot guest do not aggregate to provide a total amount of memory for the guest. Therefore, you must choose aCores per Slotvalue that satisfies the full memory requirement of the guest. After you finish creating the guest, the host allocates this amount of memory to each slot to which you assigned the guest. This ensures that the memory is suffcient for each guest if any blade becomes unavailable. For blade platforms with solid-state drives, you can allocate a minimum of one core per guest instead of two. For metrics on memory and CPU support per blade model, see the vCMP guest memory/CPU allocation matrix athttp://support.f5.com.
- From theNumber of Slotslist, select the maximum number of slots that you want the host to allocate to the guest.
- From theMinimum Number of Slotslist, select the minimum number of chassis slots that must be available for this guest to deploy.The minimum number of slots you specify must not exceed the maximum number of slots you specified.
- From theAllowed Slotslist, select the specific slots that you want the host to assign to the guest and then use the Move button to move the slot number to theSelectedfield.If you want to allow the guest to run on any of the slots in the chassis, select all slot numbers. For example, if you configure theNumber of Slotsvalue to be2, and you configure theAllowed Slotsvalues to be1,2,3, and4, then the host can assign any two of these four slots to the guest. Note that the number of slots in theAllowed Slotslist must equal or exceed the number specified in theMinimum Number of Slotslist.
- From theManagement Networklist, select a value:ValueResultBridged(Recommended)Connects the guest to the management network. Selecting this value causes theIP Addresssetting to appear.IsolatedPrevents the guest from being connected to the management network and disables the host-only interface.If you selectIsolated, do not enable theAppliance Modesetting when you initially create the guest. For more information, see the step for enabling theAppliance Modesetting.Host-OnlyPrevents the guest from being connected to the management network but ensures that the host-only interface is enabled.
- If theIP Addresssetting is displayed, specify the required information:
- In theIP Addressfield, type a unique, floating management IP address (either IPv4 or IPv6) that you want to assign to the guest.You use this IP address to access the guest when you want to manage the BIG-IP modules running within the guest.
- In theNetwork Maskfield, type the network mask for the management IP address.
- In theManagement Routefield, type a gateway address for the management IP address.
Assigning an IP address that is on the same network as the host management port has security implications that you should carefully consider. - From theInitial Imagelist, select an ISO image file for installing TMOS software onto the guest's virtual disk.
- In theVirtual Disklist, retain the default value ofNone.Note that if an unattached virtual disk file with that default name already exists, the system displays a message, and you must manually attach the virtual disk. You can do this using thetmshcommand line interface, or use the Configuration utility to view and select from a list of available unattached virtual disks.The BIG-IP system creates a virtual disk with a default name (the guest name plus the string.img, such asguestA.img).
- For theVLAN Listsetting, subscribe to host-based VLANs:
- Select the external and internal VLANs from theAvailablelist.
- Use the Move button to move the VLANs to theSelectedlist.
After you create the guest, the guest will use the selected VLANs to process application traffic. As an option, the guest administrator can create additional VLANs later from within the guest. - From theRequested Statelist, selectProvisioned.Once the guest is created, the vCMP host allocates all necessary resources to the guest, such as cores and virtual disk.
- If you want to enable Appliance mode for the guest, select theAppliance Modecheck box.Before enabling this feature on an isolated guest, you must perform some prerequisite tasks, such as creating a self IP address on the guest. Failure to perform these prerequisite tasks will make the guest unreachable by all host and guest administrators. Therefore, you must create the isolated guest with Appliance mode disabled, perform the prerequisite tasks, and then modify the guest to enable this setting. For more information, see the relevant appendix of this guide.When you enableAppliance Modefor a guest, the system enhances security by denying access to therootaccount and theBashshell for all administrators.
- From theSSL-Modelist:
- SelectDedicatedto assign dedicated SSL hardware resources, in the form of SSL cores, to the guest. A guest inDedicatedmode has a fixed amount of SSL hardware resource available and does not share that resource with other guests on the system. Consequently, SSL performance for a guest inDedicatedmode is not impacted by other guests' use of SSL hardware resources. The number of SSL cores that the system assigns to the guest is based on the number of vCMP cores allocated to the guest.
- SelectSharedto give the guest access to all available SSL hardware resources, that is, resources not used by guests inDedicatedmode. InSharedmode, the guest shares SSL hardware resources with all guests that are also inSharedmode. This option can impact SSL performance for the guest, depending on use of SSL resources by other guests. Guests inSharedmode do not impact the SSL performance of guests inDedicatedmode.
- SelectNoneto prevent the guest from accessing SSL hardware resources. When you selectNone, the guest has no access to SSL hardware resources, but can access SSL software resources.
If you do not see theSSL-Modesetting, your hardware platform does not support this feature. - From theSingle Rate TCM Policerlist:
- SelectNoneif you do not want to meter network traffic using a Single Rate Three Color Marker (srTCM) policer.
- Select the name of an existing srTCM policer if you want the BIG-IP system to classify network traffic as green, yellow, or red using the srTCM standard.
- ClickFinish.The system installs the selected ISO image onto the guest's virtual disk and displays a status bar to show the progress of the resource allocation.
You now have a new vCMP guest on the system in the Provisioned state with an ISO
imaged installed.
After you create the guest, if an administrator needs to change the maximum
transmission unit (MTU) size on a host-based VLAN to optimize the guest's application
traffic, the administrator can (and must) change the MTU value from within the guest. An
administrator for a specific guest should never try to change the MTU value of a
host-based VLAN when logged into the vCMP host.
Setting a vCMP guest to the Deployed state
Setting a guest to the Deployed state enables a guest administrator to then
provision and configure the BIG-IP modules within the guest.
For any isolated guest with Appliance mode enabled, you must first
perform some additional tasks before deploying the guest. For more information, see
the relevant appendix of this guide.
- Ensure that you are logged in to the vCMP host.
- On the Main tab, click.This displays a list of guests on the system.
- In the Name column, click the name of the vCMP guest that you want to deploy.
- From theRequested Statelist, selectDeployed.
- ClickUpdate.
After moving a vCMP guest to the Deployed state, a guest
administrator can provision and configure the BIG-IP modules within the guest so that
the guest can begin processing application traffic.
vCMP guest administrator tasks
The primary duties of a vCMP® guest administrator are to provision BIG-IP® modules within the guest and configure any self IP addresses that the
guest needs for processing application traffic. The guest administrator must also configure all
BIG-IP modules, such as creating virtual servers and load balancing pools within BIG-IP Local Traffic Manager (LTM).
Optionally, a guest administrator who wants a redundant system configuration can create a
device group with the peer guests as members.
Provisioning BIG-IP modules within a guest
Before a guest administrator can access a guest to provision licensed BIG-IP modules, the vCMP guest must be in
the Deployed state.
To run BIG-IP modules within a guest, the guest administrator must first provision
them. For example, a guest administrator for
guestA
who wants to
run LTM and DNS must log into
guestA
and provision the LTM and BIG-IP DNS modules.For guests that are isolated from the management network, you must
access them using a self IP address instead of a management IP
address.
- Open a browser, and in the URL field, specify the management IP address that the host administrator assigned to the guest.
- At the login prompt, type the default user nameadmin, and passwordadmin, and clickLog in.The Setup utility screen opens.
- ClickNext.This displays the Resource Provisioning screen.
- For each licensed BIG-IP module in the list, select the check box and selectMinimal,Nominal, orDedicated.
- ClickNext.This displays the Certificate Properties screen.
- ClickNext.This displays some general properties of the guest.
- ClickNext.This displays the screen for specifying the guest's cluster member IP addresses.
- ClickNext.
- ClickFinished.
Specifying cluster member IP addresses for a guest
For each vCMP guest, the
guest administrator needs to create a unique set of management IP addresses that
correspond to the virtual slots in the guest's cluster. Creating these addresses
ensures that if a blade becomes unavailable, the administrator can log in to another
blade to access the guest.
- On the Setup utility screen for resource provisioning, in the Cluster Member IP Address area, type an IPv4 or IPv6 management IP address (or both) for each slot in the VIPRION chassis, regardless of how many blades are installed or how many slots the vCMP host administrator assigned to the guest.Each IP address must be on the same subnet as the floating cluster management IP address that the host administrator assigned to the guest (displayed).
- ClickNext.
- ClickFinished.
After performing this task, a guest administrator can log in to a specific slot for
a guest if blade availability becomes compromised.
Creating a self IP address for application traffic
A vCMP guest administrator creates a self IP address within a
guest, assigning a VLAN to the address in the process. The self IP address serves as a
hop for application traffic destined for a virtual server configured within the guest.
On a standalone system, the self IP address that a guest administrator creates is a
static (non-floating) IP address. Note that the administrator does not need to create
VLANs within the guest; instead, the VLANs available for assigning to a self IP address
are VLANs that a host administrator previously created on the vCMP host.
- On the Main tab of the BIG-IP Configuration utility, click.
- ClickCreate.The New Self IP screen opens.
- In theNamefield, type a unique name for the self IP address.
- In theIP Addressfield, type an IPv4 or IPv6 address.This IP address should represent the address space of the VLAN that you specify with theVLAN/Tunnelsetting.
- In theNetmaskfield, type the network mask for the specified IP address.For example, you can type255.255.255.0.
- From theVLAN/Tunnellist, select the VLAN to associate with this self IP address.
- On the internal network, select the internal or high availability VLAN that is associated with an internal interface or trunk.
- On the external network, select the external VLAN that is associated with an external interface or trunk.
- From thePort Lockdownlist, selectAllow Default.
- ClickFinished.The screen refreshes, and displays the new self IP address.
After creating a self IP address, the BIG-IP system can send and receive traffic
destined for a virtual server that allows traffic through the specified VLAN.
Changing the MTU
value on a VLAN (optional)
Do this task when you need to adjust the maximum transmission unit
(MTU) size on a VLAN for the vCMP guest that you are logged into. Changing a VLAN's
MTU size can help to optimize application traffic for the guest. You can do this
task for either a host-based VLAN or a VLAN that you created from within the
guest.
Always do this task when you're logged into the guest and not
the host.
- Log into the guest using the guest's management IP address.The BIG-IP Configuration utility opens.
- On the Main tab of the BIG-IP Configuration utility, click.A list of VLANs appears.
- In the Name column, double-click the name of the VLAN you want to modify.This displays the properties of the VLAN.
- In theMTUfield, change the value to whatever is appropriate for the guest.
- Click Update.
Next steps
After all guests are in the Deployed state, each individual guest administrator can configure
the appropriate BIG-IP modules for processing application traffic. For example, a guest
administrator can use BIG-IP®
Local Traffic Manager (LTM) to create a standard
virtual server and a load-balancing pool. Optionally, if guest redundancy is required, a guest
administrator can set up device service clustering (DSC®).
Another important task for a guest administrator is to create other guest administrator
accounts as needed.
If the guest has an isolated (rather than bridged) management network, you
must grant access to the Traffic Management Shell (
tmsh
) to all guest
administrator accounts. Otherwise, guest administrators have no means of logging in to the guest,
due to the lack of access to the management network.Configuration results
After you and all guest administrators have completed the initial configuration tasks, you
should have a system provisioned for vCMP, with one or more guests ready to process
application traffic.
When logged in to the vCMP host, you can see the VLANs and trunks configured on the system, as
well as all of the guests that you created, along with their virtual disks. You can also see
the number of cores that the host allocated to each guest.
When logged in to a guest, the guest administrator can see one or more BIG-IP® modules provisioned and configured within the guest to process application
traffic. If the guest administrator configured device service clustering (DSC®), the guest is a member of a device group.