Manual Chapter : Initial vCMP Configuration Tasks

Applies To:

Show Versions Show Versions

BIG-IP DNS

  • 15.1.0, 15.0.1, 15.0.0, 14.1.0, 14.0.0

BIG-IP ASM

  • 15.1.0, 15.0.1, 15.0.0, 14.1.0, 14.0.0

BIG-IP AAM

  • 15.0.0, 14.1.0, 14.0.0

BIG-IP APM

  • 15.1.0, 15.0.1, 15.0.0, 14.1.0, 14.0.0

BIG-IP LTM

  • 15.1.0, 15.0.1, 15.0.0, 14.1.0, 14.0.0
Manual Chapter

Initial vCMP Configuration Tasks

About vCMP application volume management

When you provisioned the vCMP® feature as part of system setup, the BIG-IP® system allocated most of the total disk space to the vCMP application volume (by default, all but 30 gigabytes). Known as the
reserve disk space
, this 30 gigabytes of disk space is left available for other uses, such as for installing additional versions of the BIG-IP system in the future.
Do not attempt to change the amount of reserved disk space after you have provisioned the vCMP feature. Changing the reserved disk space after provisioning produces unwanted results.

vCMP host administrator tasks

Before you configure the vCMP® host, make sure you followed the VIPRION setup tasks described in the guide
VIPRION Systems: Configuration
. After using that guide, you should now have a VIPRION® system that is provisioned for vCMP, with the standard external, internal, and high-availability VLANs configured.
As a vCMP® host administrator, you have the important task of initially planning the amount of total system CPU and memory that you want the vCMP host to allocate to each guest. This decision is based on the resource needs of the particular BIG-IP® modules that guest administrators intend to provision within each guest, as well as the maximum system resource limits for the relevant hardware platform. Thoughtful resource allocation planning prior to creating the guests ensures optimal performance of each guest. Once you have determined the resource allocation requirements for the guests, you are ready to configure the host.
Overall, your primary duties are to create and manage guests, ensuring that the proper system resources are allocated to those guests.

Task summary

Accessing the vCMP host

Performing this task allows you to access the vCMP host. Primary reasons to access the host are to create and manage vCMP guests, manage virtual disks, and view or manage host and guest properties. You can also view host and guest statistics.
  1. From a system on the external network, display a browser window.
  2. In the URL field, type a management IP address that you previously assigned to the system, as follows:
    https://
    <ip_address>
    The browser displays the login screen for the BIG-IP Configuration utility.

Creating a vCMP guest on a VIPRION platform

Before creating a guest on the system, verify that you have configured the base network on the system to create any necessary trunks, as well as VLANs for guests to use when processing application traffic.
You create a guest when you want to create an instance of the BIG-IP software for the purpose of running one or more BIG-IP modules to process application traffic. For example, you can create a guest that runs BIG-IP Local Traffic Manager and BIG-IP DNS. When creating a guest, you specify the number of logical cores per slot that you want the vCMP host to allocate to each guest, as well as the specific slots that you want the host to assign to the guest.
When creating a guest, if you see an error message such as
Insufficient disk space on /shared/vmdisks. Need 24354M additional space.
, you must delete existing unattached virtual disks until you have freed up that amount of disk space.
If you are planning to add this guest to a Sync-Failover device group and enable connection mirroring with a guest on another chassis, you must ensure that the two guests are configured identically with respect to slot assignment and core allocation. That is, the number of cores, the number of slots, and even the slot numbers on which the guests reside must be the same. Therefore, you must ensure that on each guest of the mirrored pair, the values match for the
Cores per Slot
,
Number of Slots
,
Minimum Number of Slots
, and
Allowed Slots
settings.
  1. Use a browser to log in to the VIPRION chassis, using the primary cluster management IP address.
    If you provisioned the system for vCMP, this step logs you in to the vCMP host.
  2. On the Main tab, click
    vCMP
    Guest List
    .
    This displays a list of guests on the system.
  3. Click
    Create
    .
  4. From the
    Properties
    list, select
    Advanced
    .
  5. In the
    Name
    field, type a name for the guest.
  6. In the
    Host Name
    field, type a fully-qualified domain name (FQDN) name for the guest.
    If you leave this field blank, the system assigns the name
    localhost.localdomain
    .
  7. From the
    Cores Per Slot
    list, select the total number of logical cores that the guest needs, based on the guest's memory requirements.
    The value you select causes the host to assign that number of cores to each slot on which the guest is deployed. The host normally allocates cores per slot in increments of two (two, four, six, and so on).
    Cores for a multi-slot guest do not aggregate to provide a total amount of memory for the guest. Therefore, you must choose a
    Cores per Slot
    value that satisfies the full memory requirement of the guest. After you finish creating the guest, the host allocates this amount of memory to each slot to which you assigned the guest. This ensures that the memory is suffcient for each guest if any blade becomes unavailable. For blade platforms with solid-state drives, you can allocate a minimum of one core per guest instead of two. For metrics on memory and CPU support per blade model, see the vCMP guest memory/CPU allocation matrix at
    http://support.f5.com
    .
  8. From the
    Number of Slots
    list, select the maximum number of slots that you want the host to allocate to the guest.
  9. From the
    Minimum Number of Slots
    list, select the minimum number of chassis slots that must be available for this guest to deploy.
    The minimum number of slots you specify must not exceed the maximum number of slots you specified.
  10. From the
    Allowed Slots
    list, select the specific slots that you want the host to assign to the guest and then use the Move button to move the slot number to the
    Selected
    field.
    If you want to allow the guest to run on any of the slots in the chassis, select all slot numbers. For example, if you configure the
    Number of Slots
    value to be
    2
    , and you configure the
    Allowed Slots
    values to be
    1
    ,
    2
    ,
    3
    , and
    4
    , then the host can assign any two of these four slots to the guest. Note that the number of slots in the
    Allowed Slots
    list must equal or exceed the number specified in the
    Minimum Number of Slots
    list.
  11. From the
    Management Network
    list, select a value:
    Value
    Result
    Bridged
    (Recommended)
    Connects the guest to the management network. Selecting this value causes the
    IP Address
    setting to appear.
    Isolated
    Prevents the guest from being connected to the management network and disables the host-only interface.
    If you select
    Isolated
    , do not enable the
    Appliance Mode
    setting when you initially create the guest. For more information, see the step for enabling the
    Appliance Mode
    setting.
    Host-Only
    Prevents the guest from being connected to the management network but ensures that the host-only interface is enabled.
  12. If the
    IP Address
    setting is displayed, specify the required information:
    1. In the
      IP Address
      field, type a unique, floating management IP address (either IPv4 or IPv6) that you want to assign to the guest.
      You use this IP address to access the guest when you want to manage the BIG-IP modules running within the guest.
    2. In the
      Network Mask
      field, type the network mask for the management IP address.
    3. In the
      Management Route
      field, type a gateway address for the management IP address.
    Assigning an IP address that is on the same network as the host management port has security implications that you should carefully consider.
  13. From the
    Initial Image
    list, select an ISO image file for installing TMOS software onto the guest's virtual disk.
  14. In the
    Virtual Disk
    list, retain the default value of
    None
    .
    Note that if an unattached virtual disk file with that default name already exists, the system displays a message, and you must manually attach the virtual disk. You can do this using the
    tmsh
    command line interface, or use the Configuration utility to view and select from a list of available unattached virtual disks.
    The BIG-IP system creates a virtual disk with a default name (the guest name plus the string
    .img
    , such as
    guestA.img
    ).
  15. For the
    VLAN List
    setting, subscribe to host-based VLANs:
    1. Select the external and internal VLANs from the
      Available
      list.
    2. Use the Move button to move the VLANs to the
      Selected
      list.
    After you create the guest, the guest will use the selected VLANs to process application traffic. As an option, the guest administrator can create additional VLANs later from within the guest.
  16. From the
    Requested State
    list, select
    Provisioned
    .
    Once the guest is created, the vCMP host allocates all necessary resources to the guest, such as cores and virtual disk.
  17. If you want to enable Appliance mode for the guest, select the
    Appliance Mode
    check box.
    Before enabling this feature on an isolated guest, you must perform some prerequisite tasks, such as creating a self IP address on the guest. Failure to perform these prerequisite tasks will make the guest unreachable by all host and guest administrators. Therefore, you must create the isolated guest with Appliance mode disabled, perform the prerequisite tasks, and then modify the guest to enable this setting. For more information, see the relevant appendix of this guide.
    When you enable
    Appliance Mode
    for a guest, the system enhances security by denying access to the
    root
    account and the
    Bash
    shell for all administrators.
  18. From the
    SSL-Mode
    list:
    • Select
      Dedicated
      to assign dedicated SSL hardware resources, in the form of SSL cores, to the guest. A guest in
      Dedicated
      mode has a fixed amount of SSL hardware resource available and does not share that resource with other guests on the system. Consequently, SSL performance for a guest in
      Dedicated
      mode is not impacted by other guests' use of SSL hardware resources. The number of SSL cores that the system assigns to the guest is based on the number of vCMP cores allocated to the guest.
    • Select
      Shared
      to give the guest access to all available SSL hardware resources, that is, resources not used by guests in
      Dedicated
      mode. In
      Shared
      mode, the guest shares SSL hardware resources with all guests that are also in
      Shared
      mode. This option can impact SSL performance for the guest, depending on use of SSL resources by other guests. Guests in
      Shared
      mode do not impact the SSL performance of guests in
      Dedicated
      mode.
    • Select
      None
      to prevent the guest from accessing SSL hardware resources. When you select
      None
      , the guest has no access to SSL hardware resources, but can access SSL software resources.
    If you do not see the
    SSL-Mode
    setting, your hardware platform does not support this feature.
  19. From the
    Single Rate TCM Policer
    list:
    • Select
      None
      if you do not want to meter network traffic using a Single Rate Three Color Marker (srTCM) policer.
    • Select the name of an existing srTCM policer if you want the BIG-IP system to classify network traffic as green, yellow, or red using the srTCM standard.
  20. Click
    Finish
    .
    The system installs the selected ISO image onto the guest's virtual disk and displays a status bar to show the progress of the resource allocation.
You now have a new vCMP guest on the system in the Provisioned state with an ISO imaged installed.
After you create the guest, if an administrator needs to change the maximum transmission unit (MTU) size on a host-based VLAN to optimize the guest's application traffic, the administrator can (and must) change the MTU value from within the guest. An administrator for a specific guest should never try to change the MTU value of a host-based VLAN when logged into the vCMP host.

Setting a vCMP guest to the Deployed state

Setting a guest to the Deployed state enables a guest administrator to then provision and configure the BIG-IP modules within the guest.
For any isolated guest with Appliance mode enabled, you must first perform some additional tasks before deploying the guest. For more information, see the relevant appendix of this guide.
  1. Ensure that you are logged in to the vCMP host.
  2. On the Main tab, click
    vCMP
    Guest List
    .
    This displays a list of guests on the system.
  3. In the Name column, click the name of the vCMP guest that you want to deploy.
  4. From the
    Requested State
    list, select
    Deployed
    .
  5. Click
    Update
    .
After moving a vCMP guest to the Deployed state, a guest administrator can provision and configure the BIG-IP modules within the guest so that the guest can begin processing application traffic.

vCMP guest administrator tasks

The primary duties of a vCMP® guest administrator are to provision BIG-IP® modules within the guest and configure any self IP addresses that the guest needs for processing application traffic. The guest administrator must also configure all BIG-IP modules, such as creating virtual servers and load balancing pools within BIG-IP Local Traffic Manager (LTM).
Optionally, a guest administrator who wants a redundant system configuration can create a device group with the peer guests as members.

Provisioning BIG-IP modules within a guest

Before a guest administrator can access a guest to provision licensed BIG-IP modules, the vCMP guest must be in the Deployed state.
To run BIG-IP modules within a guest, the guest administrator must first provision them. For example, a guest administrator for
guestA
who wants to run LTM and DNS must log into
guestA
and provision the LTM and BIG-IP DNS modules.
For guests that are isolated from the management network, you must access them using a self IP address instead of a management IP address.
  1. Open a browser, and in the URL field, specify the management IP address that the host administrator assigned to the guest.
  2. At the login prompt, type the default user name
    admin
    , and password
    admin
    , and click
    Log in
    .
    The Setup utility screen opens.
  3. Click
    Next
    .
    This displays the Resource Provisioning screen.
  4. For each licensed BIG-IP module in the list, select the check box and select
    Minimal
    ,
    Nominal
    , or
    Dedicated
    .
  5. Click
    Next
    .
    This displays the Certificate Properties screen.
  6. Click
    Next
    .
    This displays some general properties of the guest.
  7. Click
    Next
    .
    This displays the screen for specifying the guest's cluster member IP addresses.
  8. Click
    Next
    .
  9. Click
    Finished
    .

Specifying cluster member IP addresses for a guest

For each vCMP guest, the guest administrator needs to create a unique set of management IP addresses that correspond to the virtual slots in the guest's cluster. Creating these addresses ensures that if a blade becomes unavailable, the administrator can log in to another blade to access the guest.
  1. On the Setup utility screen for resource provisioning, in the Cluster Member IP Address area, type an IPv4 or IPv6 management IP address (or both) for each slot in the VIPRION chassis, regardless of how many blades are installed or how many slots the vCMP host administrator assigned to the guest.
    Each IP address must be on the same subnet as the floating cluster management IP address that the host administrator assigned to the guest (displayed).
  2. Click
    Next
    .
  3. Click
    Finished
    .
After performing this task, a guest administrator can log in to a specific slot for a guest if blade availability becomes compromised.

Creating a self IP address for application traffic

A vCMP guest administrator creates a self IP address within a guest, assigning a VLAN to the address in the process. The self IP address serves as a hop for application traffic destined for a virtual server configured within the guest. On a standalone system, the self IP address that a guest administrator creates is a static (non-floating) IP address. Note that the administrator does not need to create VLANs within the guest; instead, the VLANs available for assigning to a self IP address are VLANs that a host administrator previously created on the vCMP host.
  1. On the Main tab of the BIG-IP Configuration utility, click
    Network
    Self IPs
    .
  2. Click
    Create
    .
    The New Self IP screen opens.
  3. In the
    Name
    field, type a unique name for the self IP address.
  4. In the
    IP Address
    field, type an IPv4 or IPv6 address.
    This IP address should represent the address space of the VLAN that you specify with the
    VLAN/Tunnel
    setting.
  5. In the
    Netmask
    field, type the network mask for the specified IP address.
    For example, you can type
    255.255.255.0
    .
  6. From the
    VLAN/Tunnel
    list, select the VLAN to associate with this self IP address.
    • On the internal network, select the internal or high availability VLAN that is associated with an internal interface or trunk.
    • On the external network, select the external VLAN that is associated with an external interface or trunk.
  7. From the
    Port Lockdown
    list, select
    Allow Default
    .
  8. Click
    Finished
    .
    The screen refreshes, and displays the new self IP address.
After creating a self IP address, the BIG-IP system can send and receive traffic destined for a virtual server that allows traffic through the specified VLAN.

Changing the MTU value on a VLAN (optional)

Do this task when you need to adjust the maximum transmission unit (MTU) size on a VLAN for the vCMP guest that you are logged into. Changing a VLAN's MTU size can help to optimize application traffic for the guest. You can do this task for either a host-based VLAN or a VLAN that you created from within the guest.
Always do this task when you're logged into the guest and not the host.
  1. Log into the guest using the guest's management IP address.
    The BIG-IP Configuration utility opens.
  2. On the Main tab of the BIG-IP Configuration utility, click
    Network
    VLAN
    .
    A list of VLANs appears.
  3. In the Name column, double-click the name of the VLAN you want to modify.
    This displays the properties of the VLAN.
  4. In the
    MTU
    field, change the value to whatever is appropriate for the guest.
  5. Click Update.

Next steps

After all guests are in the Deployed state, each individual guest administrator can configure the appropriate BIG-IP modules for processing application traffic. For example, a guest administrator can use BIG-IP® Local Traffic Manager (LTM) to create a standard virtual server and a load-balancing pool. Optionally, if guest redundancy is required, a guest administrator can set up device service clustering (DSC®).
Another important task for a guest administrator is to create other guest administrator accounts as needed.
If the guest has an isolated (rather than bridged) management network, you must grant access to the Traffic Management Shell (
tmsh
) to all guest administrator accounts. Otherwise, guest administrators have no means of logging in to the guest, due to the lack of access to the management network.

Configuration results

After you and all guest administrators have completed the initial configuration tasks, you should have a system provisioned for vCMP, with one or more guests ready to process application traffic.
When logged in to the vCMP host, you can see the VLANs and trunks configured on the system, as well as all of the guests that you created, along with their virtual disks. You can also see the number of cores that the host allocated to each guest.
When logged in to a guest, the guest administrator can see one or more BIG-IP® modules provisioned and configured within the guest to process application traffic. If the guest administrator configured device service clustering (DSC®), the guest is a member of a device group.