Manual Chapter :
Warehouse Topic: Deployment
Applies To:
Show VersionsBIG-IQ Centralized Management
- 6.1.0
Warehouse Topic: Deployment
The number of devices of each type that will best meet your company's needs depends
on a number of factors. Refer to the
BIG-IQ Sizing
Guidelines
on support.f5.com
for details.With the addition of the DCD cluster, you can manage alerts and events on your
managed devices as well as monitor performance analytics.
- Traffic from the BIG-IQ devices to the BIG-IP devices. This traffic is always initiated by the BIG-IQ devices.
- If you have a secondary BIG-IQ device, there is also traffic between the BIG-IQ devices to support high availability syncing.
- On the left, expandLOCAL TRAFFIC.
- On the left, expandNETWORK.
- ClickVirtual Servers.The Virtual Servers screen opens showing a list of virtual servers managed by this BIG-IQ.
- In the Devices panel, expand the group, if necessary, and hover over the device for which you wish to specify management; click the gear icon (), and then selectProperties.The properties screen for the selected device opens.
- To change whether the device is being managed, select or clear theManage ADC Configurationcheck box.
- ClickSave.The system changes the management status as specified.
- ClickClose.
- In the Deployments panel, click the (+) icon.The New Deployment screen opens.
- At the bottom of the screen, click theRemote > Localbutton.The refresh performed when you click this button does nothing to any configuration changes that you might have made to the managed device, but not yet deployed. To discard those changes, you need to overwrite the undeployed changes.The BIG-IQ system refreshes its view of the properties that currently exist on the managed device. The properties of the configuration objects on the managed device are imported again, so that any changes that might have been made on the managed device since the last refresh are recognized by the BIG-IQ system.
- In the Devices panel, expand the device group in which your device resides, hover over the device for which you wish to discard changes, click the gear icon (), and then selectProperties.The properties screen for the selected device opens.
- From the list of configuration changes pending deployment, select the device for which you want to deploy changes.
- To review the changes before deploying them, selectReview Pending Changes(to deploy without reviewing, skip this step).
- In the Modified area of the Configuration Differences popup screen, select each configuration object and scroll through the revisions.As a prerequisite to this task, make sure that you know the most current configuration settings on the managed device. If you did not perform that refresh, the configuration settings you are comparing your revisions with may be out of sync with any changes made to the BIG-IP device since the last refresh.If the refresh and review reveals minor changes that have been made on the managed device, and you do not want to lose those changes, consider adding those configuration changes to the managed object settings on the BIG-IQ system before you deploy the changes. If the changes are more substantial, you might want to reimport the managed device object settings to overwrite the undeployed changes on the BIG-IQ system.
- When you finish reviewing the pending changes, clickCancelon the popup screen.
- SelectReview Pending Changes.
- In the upper right corner of the Configuration Differences popup screen, selectRefresh Diff.The list of configuration objects that differ from the objects in the working config refreshes.
- When you finish reviewing the refreshed list, clickCloseon the popup screen.
- To start the task of deploying changes to the managed device, clickDeploy. The BIG-IQ system starts processing the deployment task. When the task completes successfully, configuration settings on the managed device are overwritten with the settings from the managing BIG-IQ system.To discard the just reviewed changes, overwrite the undeployed changes. The configuration settings currently on the managed device are freshly imported and overwrite the settings on the managing BIG-IQ system. For details, refer toOverwriting undeployed changes.
- On the panel that corresponds to the type of object you want to change, hover over the object you want to view, click the icon, and then selectPropertiesto access the configuration settings that have been imported for this object.The properties screen for the selected object opens.
- Hover over the Pools panel and click the icon.The New Pool screen opens.
- In theNamefield, type in a name for the pool you are creating.
- From theDevicelist, select the device on which to create the pool.
- In theDescriptionfield, type in a brief description for the pool you are creating.
- ClickCreate.The Virtual Servers - New Item screen opens.
- From theDevicelist, select the device on which to create the virtual server.
- In theNamefield, type in a name for the virtual server you are creating.
- In theDescriptionfield, type in a brief description for the pool you are creating.
- For theSource Address, type an IP address or network from which the virtual server will accept traffic.For this setting to work, you must specify a value other than0.0.0.0/0or::/0(that is, any/0, any6/0). In order to maximize the utility of this setting, specify the most specific address prefixes that include your customer addresses, but exclude addresses outside of their range.
- For theDestination Address, type the IP address of the destination you want to add to the Destination list.The format for an IPv4 address isI<a>.I<b>.I<c>.I<d>. For example,172.16.254.1.For example,The format for an IPv6 address isI<a>:I<b>:I<c>:I<d>:I<e>:I<f>:I<g>:I<h>..2001:db8:85a3:8d3:1319:8a2e:370:7348.
- In theService Portfield, type a service port number, or select a type from the list.When you select a type from the list, the value in theService Portfield changes to reflect the associated default, which you can change.
- To configure the virtual server so that its status contributes to the associated virtual address status, selectNotify Status to Virtual Address.When this setting is disabled, the status of the virtual server does not contribute to the associated virtual address status. This status, in turn, affects the behavior of the system when you enable route advertisement of virtual addresses.
- If you want the pool member and its resources to be available for load balancing, selectState.
- To specify configuration parameters for this virtual server, expandConfigurationand continue with the next thirteen steps. Otherwise, skip to step 25 in this procedure.
- From theSource Address Translationlist, select the type of address translation pool used for implementing selective and intelligent source address translation.
- None: The system does not use a source address translation pool for this virtual server.
- SNAT: The system uses source network address translation (NAT), as defined in the specified SNAT pool, for address translation.
- Auto Map: The system uses all of the self IP addresses as the translation addresses for the pool.
- In theConnection Limitfield, type the maximum number of concurrent connections allowed for the virtual server.
- In theConnection Rate Limitfield, type the maximum number of connections-per-second allowed for a pool member.When the number of connections-per-second reaches the limit for a given pool member, the system redirects additional connection requests. This helps detect Denial of Service attacks, where connection requests flood a pool member. Setting the limit to 0 turns off connection limits.
- From theConnection Rate Limit Modelist, select the scope of the rate limit defined for the virtual server.
- Per Virtual Server: Applies rate limiting to this virtual server.
- Per Virtual Server and Source Address: Applies Connection Rate Limit Source Mask to the source IP address of incoming connections to this virtual server, and applies the rate limit to connections sharing the same subnet. The Connection Rate Limit Source Mask specifies the number of bits in the IP address to use as a limit key.
- Per Virtual Server and Destination Address: Applies Connection Rate Limit Destination Mask to the destination IP address of outgoing connections from this virtual server, and applies the rate limit to connections sharing the same subnet. The Connection Rate Limit Destination Mask specifies the number of bits in the IP address to use as a limit key.
- Per Virtual Server, Destination, and Source Address: Applies Connection Rate Limit Source Mask and Connection Rate Limit Destination Mask to the source and destination IP address of incoming connections to this virtual server, and applies the rate limit to connections sharing the same subnet. The Connection Rate Limit Source Mask and Connection Rate Limit Destination Mask specify the number of bits in the IP addresses to use as a limit key.
- Per Source Address (All Rate Limiting Virtual Servers): Applies rate limiting based on the specified source address for all virtual servers that have rate limits specified.
- Per Destination Address (All Rate Limiting Virtual Servers): Applies rate limiting based on the specified destination address for all virtual servers that have rate limits specified.
- Per Source and Destination Address (All Rate Limiting Virtual Servers): Applies rate limiting based on the specified source and destination addresses for all virtual servers that have rate limits specified.
- If you want the system to translate the virtual server address, selectAddress Translation.This option is useful when the system is load balancing devices that have the same IP address.
- If you want the system to translate the virtual server port, selectPort Translation.This option is useful when you want the virtual server to load balance connections to any service. The default is enabled.
- From theSource Portlist, select how you want the system to preserve the connection's source port.
- Preserve: Specifies that the system preserves the value configured for the source port, unless the source port from a particular SNAT is already in use, in which case the system uses a different port.
- Preserve Strict: Specifies that the system preserves the value configured for the source port. If the port is in use, the system does not process the connection. Restrict the use of this setting to cases that meet at least one of the following conditions:
- The port is configured for UDP traffic.
- The system is configured for nPath routing or is running in transparent mode (that is, there is no translation of any other Layer 3 or Layer 4 field).
- There is a one-to-one relationship between virtual IP addresses and node addresses, or clustered multi-processing (CMP) is disabled.
- Change: Specifies that the system changes the source port. This setting is useful for obfuscating internal network addresses.
- To replicate client-side traffic (that is, prior to address translation) to a member of a specified pool, select that pool from theClone Pool (Client)list.
- To replicate server-side traffic (that is, prior to address translation) to a member of a specified pool, select that pool from theClone Pool (Server)list, select the device on which to create the virtual server.
- Use theAuto Last Hoplist to specify whether you want the system to send return traffic to the MAC address that transmitted the request, even if the routing table points to a different network or interface.
- From theLast Hop Poollist, select the pool the system uses to direct reply traffic to the last hop router.
- If you want the system to allow IPv6 hosts to communicate with IPv4 servers, selectNAT64.
- To specify the virtual server score in percent, type that value in theVS Scorefield.Global Traffic Manager (GTM) uses this value to load balance traffic in a proportional manner.
- To specify additional resource details for this virtual server, expandResourcesand continue with the next two steps. Otherwise, skip to the last step in this procedure.
- To specify which iRules are enabled for this virtual server, use the arrow buttons to move iRules between theAvailableandEnabledlists.iRules are applied in the order in which they are listed.
- Use theDefault Poollist to select the pool name that you want the virtual server to use as the default pool.A load balancing virtual server sends traffic to this pool automatically, unless an iRule directs the server to send the traffic to another pool.
- ClickSave.The system creates the new virtual server with the settings you specified.
- On the panel that corresponds to the type of object you want to view, hover over the object you want to view, click the icon, and then selectPropertiesto access the configuration settings that have been imported for this object.The screen displays properties for the selected object.
- Click the icon, and then selectPropertiesto access the configuration settings that have been imported for this object.The properties for the selected object are displayed.
- ClickPermissionsto access the permissions settings that have been imported for this object.
- In the Devices panel, expand the device group in which your device resides, hover over the device for which you wish to discard changes, click the gear icon (), and then selectProperties.The properties screen for the selected device opens.
- When you are satisfied with the changes you have made, clickSave.The permissions changes are made, and the screen for the selected object closes.
- On the Properties screen, make changes to the configuration object you want to modify.
- To enable an iRule on a virtual server, expandResources, then select the iRule from theAvailablelist, and use the Move button to move the iRule to theEnabledlist.
- When you are satisfied with the changes you have made, clickSave.
The revisions you saved are made, and the Properties screen for the selected object closes. - In theRolefield, type the name of the role to which you want to assign permissions, and then clickReadorRead/Writeas appropriate.Before you can you can specify permissions for a role, that role must already exist. (In BIG-IQ System under Access Control, you can create a role using the Roles panel.
- To grant permissions to another role, click the add (+) icon. To remove a role to which you have granted permissions, click the remove (x) icon.
- Use the scroll bar to view the entire set of settings defined for the selected configuration.If you are viewing settings for a virtual server, do not overlook the two areas at the bottom of the screen (Configuration and Resources) that expand to display additional settings.
- On the left, clickBIG-IP DEVICES.The screen displays a list of managed devices for this BIG-IQ Centralized Management system.
- Under Device Name, click the name of the cluster member to which you want to deploy changes.The properties screen for this member opens.
- Under Cluster Properties, clickEdit.The Cluster Properties screen for this cluster opens.
- For Deployment Settings, selectIgnore BIG-IP DSC sync when deploying configuration changes.
- ClickOK, and then clickClose.
When
you deploy a configuration task, details display in the Deployment panel's Pending
list while the deployment is being processed. These details display until the task
either fails or succeeds.
- If the deployment fails, details display in the Deployment panel's Error list.
- If the deployment is successful, details display in the Deployment panel's Completed list.
The Completed deployments and Error lists maintain a 7-day
history of deployment changes. After a week, these deployment change records are
deleted.
"ignore
sync"
option selected, you can now deploy changes to the member that is
available, and BIG-IQ Centralized Management will not attempt to sync those changes to
the member that is unavailable. Use the Deploying configuration changes task to deploy
changes to the available member. When you select the target device for deployment, do
not select the unavailable device.