Manual Chapter : Warehouse Topic: Deployment

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 6.1.0
Manual Chapter

Warehouse Topic: Deployment

The number of devices of each type that will best meet your company's needs depends on a number of factors. Refer to the
BIG-IQ Sizing Guidelines
on
support.f5.com
for details.
With the addition of the DCD cluster, you can manage alerts and events on your managed devices as well as monitor performance analytics.
  • Traffic from the BIG-IQ devices to the BIG-IP devices. This traffic is always initiated by the BIG-IQ devices.
  • If you have a secondary BIG-IQ device, there is also traffic between the BIG-IQ devices to support high availability syncing.
  1. On the left, expand
    LOCAL TRAFFIC
    .
  2. On the left, expand
    NETWORK
    .
  3. Click
    Virtual Servers
    .
    The Virtual Servers screen opens showing a list of virtual servers managed by this BIG-IQ.
  4. In the Devices panel, expand the group, if necessary, and hover over the device for which you wish to specify management; click the gear icon (gear), and then select
    Properties
    .
    The properties screen for the selected device opens.
  5. To change whether the device is being managed, select or clear the
    Manage ADC Configuration
    check box.
  6. Click
    Save
    .
    The system changes the management status as specified.
  7. Click
    Close
    .
  8. In the Deployments panel, click the (
    +
    ) icon.
    The New Deployment screen opens.
  9. At the bottom of the screen, click the
    Remote > Local
    button.
    The refresh performed when you click this button does nothing to any configuration changes that you might have made to the managed device, but not yet deployed. To discard those changes, you need to overwrite the undeployed changes.
    The BIG-IQ system refreshes its view of the properties that currently exist on the managed device. The properties of the configuration objects on the managed device are imported again, so that any changes that might have been made on the managed device since the last refresh are recognized by the BIG-IQ system.
  10. In the Devices panel, expand the device group in which your device resides, hover over the device for which you wish to discard changes, click the gear icon (gear), and then select
    Properties
    .
    The properties screen for the selected device opens.
  11. From the list of configuration changes pending deployment, select the device for which you want to deploy changes.
  12. To review the changes before deploying them, select
    Review Pending Changes
    (to deploy without reviewing, skip this step).
    1. In the Modified area of the Configuration Differences popup screen, select each configuration object and scroll through the revisions.
      As a prerequisite to this task, make sure that you know the most current configuration settings on the managed device. If you did not perform that refresh, the configuration settings you are comparing your revisions with may be out of sync with any changes made to the BIG-IP device since the last refresh.
      If the refresh and review reveals minor changes that have been made on the managed device, and you do not want to lose those changes, consider adding those configuration changes to the managed object settings on the BIG-IQ system before you deploy the changes. If the changes are more substantial, you might want to reimport the managed device object settings to overwrite the undeployed changes on the BIG-IQ system.
    2. When you finish reviewing the pending changes, click
      Cancel
      on the popup screen.
  13. Select
    Review Pending Changes
    .
    1. In the upper right corner of the Configuration Differences popup screen, select
      Refresh Diff
      .
      The list of configuration objects that differ from the objects in the working config refreshes.
    2. When you finish reviewing the refreshed list, click
      Close
      on the popup screen.
  14. To start the task of deploying changes to the managed device, click
    Deploy
    . The BIG-IQ system starts processing the deployment task. When the task completes successfully, configuration settings on the managed device are overwritten with the settings from the managing BIG-IQ system.
    To discard the just reviewed changes, overwrite the undeployed changes. The configuration settings currently on the managed device are freshly imported and overwrite the settings on the managing BIG-IQ system. For details, refer to
    Overwriting undeployed changes
    .
  15. On the panel that corresponds to the type of object you want to change, hover over the object you want to view, click the gear icon, and then select
    Properties
    to access the configuration settings that have been imported for this object.
    The properties screen for the selected object opens.
  16. Hover over the Pools panel and click the add icon.
    The New Pool screen opens.
  17. In the
    Name
    field, type in a name for the pool you are creating.
  18. From the
    Device
    list, select the device on which to create the pool.
  19. In the
    Description
    field, type in a brief description for the pool you are creating.
  20. Click
    Create
    .
    The Virtual Servers - New Item screen opens.
  21. From the
    Device
    list, select the device on which to create the virtual server.
  22. In the
    Name
    field, type in a name for the virtual server you are creating.
  23. In the
    Description
    field, type in a brief description for the pool you are creating.
  24. For the
    Source Address
    , type an IP address or network from which the virtual server will accept traffic.
    For this setting to work, you must specify a value other than
    0.0.0.0/0
    or
    ::/0
    (that is, any/0, any6/0). In order to maximize the utility of this setting, specify the most specific address prefixes that include your customer addresses, but exclude addresses outside of their range.
  25. For the
    Destination Address
    , type the IP address of the destination you want to add to the Destination list.
    The format for an IPv4 address is
    I<a>.I<b>.I<c>.I<d>
    . For example,
    172.16.254.1
    .
    The format for an IPv6 address is
    I<a>:I<b>:I<c>:I<d>:I<e>:I<f>:I<g>:I<h>.
    .
    For example,
    2001:db8:85a3:8d3:1319:8a2e:370:7348
    .
  26. In the
    Service Port
    field, type a service port number, or select a type from the list.
    When you select a type from the list, the value in the
    Service Port
    field changes to reflect the associated default, which you can change.
  27. To configure the virtual server so that its status contributes to the associated virtual address status, select
    Notify Status to Virtual Address
    .
    When this setting is disabled, the status of the virtual server does not contribute to the associated virtual address status. This status, in turn, affects the behavior of the system when you enable route advertisement of virtual addresses.
  28. If you want the pool member and its resources to be available for load balancing, select
    State
    .
  29. To specify configuration parameters for this virtual server, expand
    Configuration
    and continue with the next thirteen steps. Otherwise, skip to step 25 in this procedure.
  30. From the
    Source Address Translation
    list, select the type of address translation pool used for implementing selective and intelligent source address translation.
    • None
      : The system does not use a source address translation pool for this virtual server.
    • SNAT
      : The system uses source network address translation (NAT), as defined in the specified SNAT pool, for address translation.
    • Auto Map
      : The system uses all of the self IP addresses as the translation addresses for the pool.
  31. In the
    Connection Limit
    field, type the maximum number of concurrent connections allowed for the virtual server.
  32. In the
    Connection Rate Limit
    field, type the maximum number of connections-per-second allowed for a pool member.
    When the number of connections-per-second reaches the limit for a given pool member, the system redirects additional connection requests. This helps detect Denial of Service attacks, where connection requests flood a pool member. Setting the limit to 0 turns off connection limits.
  33. From the
    Connection Rate Limit Mode
    list, select the scope of the rate limit defined for the virtual server.
    • Per Virtual Server
      : Applies rate limiting to this virtual server.
    • Per Virtual Server and Source Address
      : Applies Connection Rate Limit Source Mask to the source IP address of incoming connections to this virtual server, and applies the rate limit to connections sharing the same subnet. The Connection Rate Limit Source Mask specifies the number of bits in the IP address to use as a limit key.
    • Per Virtual Server and Destination Address
      : Applies Connection Rate Limit Destination Mask to the destination IP address of outgoing connections from this virtual server, and applies the rate limit to connections sharing the same subnet. The Connection Rate Limit Destination Mask specifies the number of bits in the IP address to use as a limit key.
    • Per Virtual Server, Destination, and Source Address
      : Applies Connection Rate Limit Source Mask and Connection Rate Limit Destination Mask to the source and destination IP address of incoming connections to this virtual server, and applies the rate limit to connections sharing the same subnet. The Connection Rate Limit Source Mask and Connection Rate Limit Destination Mask specify the number of bits in the IP addresses to use as a limit key.
    • Per Source Address (All Rate Limiting Virtual Servers)
      : Applies rate limiting based on the specified source address for all virtual servers that have rate limits specified.
    • Per Destination Address (All Rate Limiting Virtual Servers)
      : Applies rate limiting based on the specified destination address for all virtual servers that have rate limits specified.
    • Per Source and Destination Address (All Rate Limiting Virtual Servers)
      : Applies rate limiting based on the specified source and destination addresses for all virtual servers that have rate limits specified.
  34. If you want the system to translate the virtual server address, select
    Address Translation
    .
    This option is useful when the system is load balancing devices that have the same IP address.
  35. If you want the system to translate the virtual server port, select
    Port Translation
    .
    This option is useful when you want the virtual server to load balance connections to any service. The default is enabled.
  36. From the
    Source Port
    list, select how you want the system to preserve the connection's source port.
    • Preserve
      : Specifies that the system preserves the value configured for the source port, unless the source port from a particular SNAT is already in use, in which case the system uses a different port.
    • Preserve Strict
      : Specifies that the system preserves the value configured for the source port. If the port is in use, the system does not process the connection. Restrict the use of this setting to cases that meet at least one of the following conditions:
      • The port is configured for UDP traffic.
      • The system is configured for nPath routing or is running in transparent mode (that is, there is no translation of any other Layer 3 or Layer 4 field).
      • There is a one-to-one relationship between virtual IP addresses and node addresses, or clustered multi-processing (CMP) is disabled.
    • Change
      : Specifies that the system changes the source port. This setting is useful for obfuscating internal network addresses.
  37. To replicate client-side traffic (that is, prior to address translation) to a member of a specified pool, select that pool from the
    Clone Pool (Client)
    list.
  38. To replicate server-side traffic (that is, prior to address translation) to a member of a specified pool, select that pool from the
    Clone Pool (Server)
    list, select the device on which to create the virtual server.
  39. Use the
    Auto Last Hop
    list to specify whether you want the system to send return traffic to the MAC address that transmitted the request, even if the routing table points to a different network or interface.
  40. From the
    Last Hop Pool
    list, select the pool the system uses to direct reply traffic to the last hop router.
  41. If you want the system to allow IPv6 hosts to communicate with IPv4 servers, select
    NAT64
    .
  42. To specify the virtual server score in percent, type that value in the
    VS Score
    field.
    Global Traffic Manager (GTM) uses this value to load balance traffic in a proportional manner.
  43. To specify additional resource details for this virtual server, expand
    Resources
    and continue with the next two steps. Otherwise, skip to the last step in this procedure.
  44. To specify which iRules are enabled for this virtual server, use the arrow buttons to move iRules between the
    Available
    and
    Enabled
    lists.
    iRules are applied in the order in which they are listed.
  45. Use the
    Default Pool
    list to select the pool name that you want the virtual server to use as the default pool.
    A load balancing virtual server sends traffic to this pool automatically, unless an iRule directs the server to send the traffic to another pool.
  46. Click
    Save
    .
    The system creates the new virtual server with the settings you specified.
  47. On the panel that corresponds to the type of object you want to view, hover over the object you want to view, click the gear icon, and then select
    Properties
    to access the configuration settings that have been imported for this object.
    The screen displays properties for the selected object.
  48. Click the gear icon, and then select
    Properties
    to access the configuration settings that have been imported for this object.
    The properties for the selected object are displayed.
  49. Click
    Permissions
    to access the permissions settings that have been imported for this object.
  50. In the Devices panel, expand the device group in which your device resides, hover over the device for which you wish to discard changes, click the gear icon (gear), and then select
    Properties
    .
    The properties screen for the selected device opens.
  51. When you are satisfied with the changes you have made, click
    Save
    .
    The permissions changes are made, and the screen for the selected object closes.
  52. On the Properties screen, make changes to the configuration object you want to modify.
    1. To enable an iRule on a virtual server, expand
      Resources
      , then select the iRule from the
      Available
      list, and use the Move button to move the iRule to the
      Enabled
      list.
    2. When you are satisfied with the changes you have made, click
      Save
      .
    The revisions you saved are made, and the Properties screen for the selected object closes.
  53. In the
    Role
    field, type the name of the role to which you want to assign permissions, and then click
    Read
    or
    Read/Write
    as appropriate.
    Before you can you can specify permissions for a role, that role must already exist. (In BIG-IQ System under Access Control, you can create a role using the Roles panel.
  54. To grant permissions to another role, click the add (
    +
    ) icon. To remove a role to which you have granted permissions, click the remove (
    x
    ) icon.
  55. Use the scroll bar to view the entire set of settings defined for the selected configuration.
    If you are viewing settings for a virtual server, do not overlook the two areas at the bottom of the screen (Configuration and Resources) that expand to display additional settings.
  56. On the left, click
    BIG-IP DEVICES
    .
    The screen displays a list of managed devices for this BIG-IQ Centralized Management system.
  57. Under Device Name, click the name of the cluster member to which you want to deploy changes.
    The properties screen for this member opens.
  58. Under Cluster Properties, click
    Edit
    .
    The Cluster Properties screen for this cluster opens.
  59. For Deployment Settings, select
    Ignore BIG-IP DSC sync when deploying configuration changes
    .
  60. Click
    OK
    , and then click
    Close
    .
When you deploy a configuration task, details display in the Deployment panel's Pending list while the deployment is being processed. These details display until the task either fails or succeeds.
  • If the deployment fails, details display in the Deployment panel's Error list.
  • If the deployment is successful, details display in the Deployment panel's Completed list.
The Completed deployments and Error lists maintain a 7-day history of deployment changes. After a week, these deployment change records are deleted.
With the
"ignore sync"
option selected, you can now deploy changes to the member that is available, and BIG-IQ Centralized Management will not attempt to sync those changes to the member that is unavailable. Use the Deploying configuration changes task to deploy changes to the available member. When you select the target device for deployment, do not select the unavailable device.