Manual Chapter :
Tenant Management
Applies To:
Show VersionsF5OS-A
- 1.2.0
Tenant Management
Tenants overview
A
tenant
is a guest system running software on the F5OS
platform layer (for example, a BIG-IP
system). You can run several tenants on most platforms, although the F5
r2000 Series only supports a single tenant. See the table below for additional data.The rSeries platforms offer upgradable three-tier Pay-as-you-Grow (PAYG) licensing options. For more information about the PAYG options, see K44211301: PAYG license support for F5 r5000 and r10000 series platforms or K44442211: PAYG license support for F5 r2000 and r4000 series platforms.
Model | Maximum number of tenants | Maximum vCPUs per tenant | Minimum vCPUs per tenant | System memory | Memory reserved for tenants | Minimum memory per tenant |
---|---|---|---|---|---|---|
r2600 | 1 | 4 | 4 | 32 GB | 24 GB | 12288 MB |
r2800 | 1 | 8 | 4 | 32 GB | 24 GB | 12288 MB |
r4600 | 2 | 12 | 4 | 64 GB | 48 GB | 12288 MB |
r4800 | 4 | 16 | 4 | 64 GB | 48 GB | 12288 MB |
r5600 | 8 | 12 | 1 | 128 GB | 104 GB | 4096 MB |
r5800 | 18 | 18 | 1 | 128 GB | 104 GB | 4096 MB |
r5900 | 26 | 26 | 1 | 128 GB | 104 GB | 4096 MB |
r10600 | 24 | 24 | 1 | 256 GB | 224 GB | 4096 MB |
r10800 | 28 | 28 | 1 | 256 GB | 224 GB | 4096 MB |
r10900 | 36 | 36 | 1 | 256 GB | 224 GB | 4096 MB |
The administrator can connect to the tenant’s webUI, CLI, or REST API and have the same experience as on their existing
F5
platforms. A tenant on the rSeries
platform is managed similarly to how a vCMP guest is managed today on the VIPRION platform. The tenant is assigned dedicated vCPU and memory resources and is restricted to specific VLANs for network connectivity.The admin is responsible for configuring tenant deployments within the appliance. Once a tenant has been deployed, there is a per-tenant administrator role, whose responsibilities include configuring the services that are available on that tenant.
Tenants inherit certain capabilities, such as the license and VLANs, from the
rSeries system
. Do not try to install a new license or delete the existing license on the tenants.Tenants example
In this diagram, an rSeries system has eight tenants
(red and blue).
Each tenant has its own IP address, set of users, and
software. You can access each tenant via the CLI, web-based user interface, or
API.
After you have configured and deployed a tenant, you can use
the tenant management IP address to connect to the tenant's web-based user
interface, API, or CLI. A BIG-IP tenant is running standard TMOS and is
managed like any other BIG-IP instance.
Tenant image overview
BIG-IP tenant images
These
BIG-IP
tenant
images are available to deploy on F5
rSeries
systems:- ALL-F5OS
- T4-F5OS
- T2-F5OS
- T1-F5OS (see note)
T1-F5OS has limitations, so using the other
images is recommended. Other images must be downloaded from the F5 downloads site.
Each image type has different uses so you need to be sure to use
the correct type for your tenant needs. For additional information about BIG-IP
tenant image types, see K45191957: Overview of the
BIG-IP tenant image types.
Tenant usage
This table lists general use cases for tenant
images.
Tenant image |
Description of Use |
---|---|
ALL-F5OS |
* The
r2000 platform does not support multi-tenancy. See the
F5 rSeries data
sheet for all currently-supported features. |
T4-F5OS |
|
T2-F5OS |
|
T1-F5OS |
|
Tenant sizing
Each image has different sizing requirements. You will need to understand the system and the tenant requirements to determine the number and type of tenants you can deploy. The amount of memory and disk space that a tenant actually needs is dependent on the number of modules provisioned and its use.
Tenant image |
Disk size |
Minimum memory |
Minimum # vCPUs |
Max tenants per system |
---|---|---|---|---|
T1-F5OS |
22 GB |
4 GB |
1 |
22 |
T2-F5OS |
45 GB |
8 GB |
2 |
11 |
ALL-F5OS |
76/82 GB 2 |
8 GB |
2 |
9 |
T4-F5OS |
142 GB |
8 GB |
2 |
4 |
Tenant resource allocation overview
These are recommended resource considerations for
determining the amount of memory (RAM) and disk space to allocate when planning tenant
deployments on
F5
rSeries
systems.Memory allocation
These are recommendations for determining the amount of memory (RAM) to
allocate when planning tenant deployments on
rSeries
systems based on the number of vCPUs
assigned.Platform |
Memory |
Default memory allocation formula |
---|---|---|
r2000 |
32 GB |
min-memory = (3.5 * 1024 *
vcpu-cores-per-node) |
r4000 |
64 GB |
min-memory = (3.5 * 1024 *
vcpu-cores-per-node) |
r5000 |
128 GB |
min-memory = (3.5 * 1024 *
vcpu-cores-per-node) + 512 |
r10000 |
256 GB |
min-memory = (3.5 * 1024 *
vcpu-cores-per-node) + 512 |
The formula for finding vcpu-cores-per-node is:
multiples of 4 in range of [4, max-cores]
. The
default value for vcpu-cores-per-node
is 4, and the default value for memory
is 12288.There is also an advanced setting through which additional memory can be
assigned out of the pool to a tenant. You can specify more than the minimum amount
of memory when configuring a tenant, if needed.
Disk space
These are recommendations for determining the amount of disk space when
planning tenant deployments on
rSeries
systems.- The amount of disk space that a tenant actually needs is dependent on the number of modules provisioned and its use.
- As the aggregate disk usage within deployed tenants increases, the host disk can start to reach capacity on systems with many large tenants. The administrator will need to monitor disk usage to make sure there is sufficient space for the tenants.
Tenant management from the webUI
Manage tenant images from the webUI
You can add or delete tenant images from the webUI. You must use HTTPS image import or export. Note that tenant images are specific to the
rSeries
system, and the software version must be compatible with it. - Log in to the webUI using an account with admin access.
- On the left, click.
- To upload an image, clickUploadand browse to the image location.
- To import an image:
- ClickImport.A popup opens.
- ForURL, type the URL of the remote image server.F5 recommends that the remote host be an HTTPS server with PUT/POST enabled and have a valid CA-signed certificate. You can opt to select theIgnore Certificate Warningscheck box if you want to skip the certificate check.
- ForUsername, type the user name for an account on the remote image server, if required.
- ForPassword, type the password for the account, if required.
- SelectIgnore Certificate Warningsto skip the certificate check.
- ClickImport Image.
Depending on the image file size and network availability, the import might take a few minutes. When the import is successful, the software image is listed in the webUI. - To delete a tenant image, select the image and clickDelete.
After you have added the tenant images that you want to use to the system, you can create and deploy tenants that will use that software image. The tenant image must be one that is listed as compatible with the
rSeries
system.Create and deploy tenants from the webUI
You must have imported the tenant images that you want to use for the tenant deployments into the system. You must also have previously created any required VLANs. Before you can create and deploy tenants, you also need to estimate resource requirements so you know how many vCPUs, memory, and other resources to assign to the tenant.
An administrator can deploy tenants from the webUI.
- Log in to the webUI using an account with admin access.
- On the left, click.The Tenant Deployment screen displays showing the existing tenant deployments and associated details.
- To add a tenant deployment, clickAdd.The Add Tenant Deployment screen displays.
- ForName, type a name for the tenant deployment (up to 49 characters).The first character in the name cannot be a number. After that, only lowercase alphanumeric characters and hyphens are allowed.
- ForType, keep the default setting ofBIG-IP.
- ForImage, select the software image that was previously imported onto the system.Ensure that the image you selected meets your tenant deployment needs.
- ForIP Address, type the IPv4 address, IPv6 address, or Fully Qualified Domain Name (FQDN) for the tenant.
- ForPrefix Length, type a number from 1-32 for the length of the prefix.
- ForGateway, type the IPv4 address or IPv6 address of the gateway.
- ForVLANs, select one or more VLANs that are available to the tenant.You can assign VLANs to more than one tenant.
- ForResource Provisioning, select one of these options:OptionDescriptionRecommendedRecommended values for vCPUs and memory for the tenant.AdvancedEnables you to configure custom values for vCPUs and memory on the tenant. For example, if you want to configure a single vCPU tenant, or a tenant that uses more than the recommended amount of memory.
- ForvCPUs, select the number of vCPUs to provide to the tenant.The minimum recommended number of vCPUs per typical tenant is two (one vCPU is sufficient only for lightweight tenants that cannot be updated). The number of vCPUs needed depends on the amount of traffic the tenant will be handling. More vCPUs provide faster throughput.
- ForMemory, specify the amount of RAM, in MB, to allocate to the tenant.The amount of memory needed depends on the number of vCPUs assigned. The minimum amount of memory needed is determined by the formula[(3.5 * 1024 * #ofvCPUs) + 512].If you do not allocate sufficient memory, you may receive a warning message.
- ForVirtual Disk Size, specify the storage quota, in GB, for the tenant virtual disk.The default size depends on the image type used. The default size for the ALL image is 82GB.
- ForState, choose one of these options:OptionsDescriptionConfiguredThe tenant configuration exists on the system, but the tenant is not running, and no hardware resources (CPU, memory) are allocated to it. This is the initial state and the default.ProvisionedMoves the tenant into the Provisioned state, which causes the system to install the software, assign the tenant to nodes, and create virtual disks for the tenant on those nodes. If you choose this option, it takes a few minutes to complete the provisioning. The tenant does not run while in this state.DeployedChanges the tenant to the Deployed state. The tenant is set up, resources are allocated to the tenant, the image is moved onto the system, the software is installed, and after those tasks are complete, the tenant is fully deployed and running. If you choose this option, it takes a few minutes to complete the deployment and bring up the system.Once a tenant is Deployed (and is up and running), changing its state back to Configured or Provisioned stops the tenant. You will receive a warning message before this occurs.
- ForCrypto/Compression Acceleration, selectEnabledif the tenant requires high-performance crypto processing and compression.When this option is enabled, the tenant receives dedicated crypto devices proportional to the number of vCPU cores. Crypto processing and compression are off-loaded to the hardware. When the option is disabled, the tenant receives no crypto devices.
- To restrict usage of the Bash shell for tenant administrators, setAppliance ModetoEnabled(this isDisabledby default.)
- ClickSave & Close.
The tenant is now configured and in the Deployed state. When the status says Running, the tenant administrator can log in to the tenant webUI or CLI using the management IP address (with HTTPS or SSH) and continue configuring the tenant system.
If the Status says Pending instead of Running, this may mean that there are not enough resources (vCPUs, memory, or other resources) for the tenant to be deployed. See the Tenant Details screen in the webUI for more information about the specific tenant.
Modify tenant deployments from the webUI
Depending on the state that the tenant is in, you can change certain tenant settings from the webUI. A warning displays if you try to make any other changes.
- Deployed: You can change theStateonly while tenants are running.Once a tenant is Deployed (and is up and running), changing its state back to Provisioned or Configured stops the tenant. You will receive a warning message before this occurs.
- Provisioned: You can change all settings exceptImage.
- Configured: You can change all settings exceptImage.
- Log in to the webUI using an account with admin access.
- On the left, click.The Tenant Deployment screen displays showing the existing tenant deployments and associated details.
- Click the name of the tenant deployment you want to modify.The Tenant Deployment screen displays.
- ForImage, select a different software image to use for the tenant, if in Configured state.
- You can change theIP Address,Prefix Length(1-32), andGatewayfor the tenant, if in Configured or Provisioned state. Enter an IPv4 address or IPv6 address.
- ForVLANs, you can select different VLANs for the tenant, if in Configured or Provisioned state.
- ForResource Provisioning, if changing resources, select either:Recommended(to use recommended values) orAdvanced(to customize values), if in Configured or Provisioned state.
- ForvCPUs, select the number of vCPUs for the tenant, if in Configured or Provisioned state.The minimum recommended number of vCPUs per typical tenant is two (one vCPU is sufficient only for lightweight tenants that cannot be updated). The number of vCPUs needed depends on the amount of traffic the tenant will be handling. More vCPUs provide faster throughput.
- ForMemory, specify the amount of RAM in MB to allocate to the tenant, if in Configured or Provisioned state.The amount of memory needed depends on the number of vCPUs assigned. The minimum amount of memory needed is determined by the formula[(3.5 * 1024 * #ofvCPUs) + 512], so a two vCPU tenant needs a minimum of 7680 MB, and a four vCPU tenant needs a minimum of 14,848MB.
- ChangeState(with caution!):OptionDescriptionConfiguredIf tenant has been Provisioned or Deployed, the virtual disk is deleted.ProvisionedIf Deployed, this option stops the tenant from running, but maintains the configuration. If Configured, causes the system to install the software, assign the tenant to nodes, and create virtual disks for the tenant on those nodes. The tenant does not run, consume resources, or pass traffic.DeployedDirectly deploys the tenant. This sets up the tenant, allocates resources, moves the image onto the system, and installs the software. When these tasks are complete, the tenant is fully deployed and running.
- ChangeCrypto/Compression Accelerationonly if the tenant is in either the Configured or Provisioned state.
- To restrict usage of the Bash shell for tenant administrators, setAppliance ModetoEnabled(this isDisabledby default.)
- ClickSave & Close.
The tenant is reconfigured according to the changes made.
Tenant management from the CLI
Import a tenant image from the CLI
Before you get started, you might want to upload the
tenant image you want to use to a local Linux server that uses HTTPS, so you can more
easily import it to the
rSeries
system.You can import a tenant image onto the
system from the CLI.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Import a tenant image to the system.file import remote-port <port-number> username <user> password <password> remote-host <ip-address-or-fqdn> remote-file <remote-file-path> remote-url <full-remote-url> local-file imagesThis example imports aBIG-IPtenant image from server.company.com:appliance-1(config)# file import username admin password remote-url https://server.company.com/images/BIGIP-1x.x.x-x.x.x.ALL-F5OS.qcow2.zip.bundle local-file images
Create and deploy tenants from the CLI
Before you get started, import the tenant images you
want to use for the tenant deployments. You must already have created VLANs on the
system. Before you can create and deploy tenants, you also need to estimate resource
requirements so you know how many vCPUs, memory, and other resources to assign to the
tenant.
You can create and deploy tenants from
the CLI.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Change to config mode.configThe CLI prompt changes to include(config).
- Create and deploy the tenant.tenants tenant <name> config <options>These options are available:OptionDescriptionappliance-modeEnable or disable root and bash access for the tenant.cryptosEnable or disable crypto device support for the tenant.gatewayUser-specified gateway for the tenant management IP address.imageUser-specified image for the tenant.memoryUser-specified memory in MBs for the tenant.mgmt-ipUser-specified management IP address for tenant management access.nameUser-specified name for the tenant.nodesUser-specified node numbers to schedule the tenant.prefix-lengthUser-specified prefix length for the tenant management IP address.running-stateUser-specified state for the tenant: configured, provisioned, or deployed.storageStorage quota for the tenant.trust-modeUser-specified state for the tenant: enabled (trusted) or disabled (not trusted). The default state is disabled (not trusted).Trust-mode is only available on r2000/r4000 platforms.MAC masquerade, which is required for High Availability (HA) on r2000/r4000 platforms, can only be configured on trusted tenants.typeTenant type. The default value is BIG-IP.vcpu-cores-per-nodeUser-specified number of logical CPU cores for the tenant.vlansUser-specified vlan-id from VLAN table for the tenant.This example creates a BIG-IP tenant calledbig-ipthat spans four nodes and is in the configured running-state, by default:appliance-1# tenants tenant big-ip config type BIG-IP image BIGIP-15.1.6-0.0.3.ALL-F5OS.qcow2.zip.bundle mgmt-ip 192.0.2.200 prefix-length 24 gateway 192.0.2.254 nodes 1Only trusted tenants (trust-mode option enabled) can be configured with MAC masquerade, which is required for High Availability (HA) on r2000/r4000 platforms. If you plan to configure HA on an r2000 or r4000 platform, be sure to enable trust-mode. For more information about configuring MAC masquerade, see K13502: Configuring MAC masquerade (11.x - 16.x).Other reasons for configuring MAC masquerade include:
- You want to minimize Address Resolution Protocol (ARP) communication or dropped packets during traffic group failover events.
- You want to improve reliability and failover speed in lossy networks.
- You want to improve interoperability with switches that are slow to respond to gratuitous ARP requests.
- Commit the configuration changes.commit
- Return to user (operational) mode.end
- You can monitor the operational state of the tenant and move the tenant into the provisioned running-state.tenants tenant big-ip config running-state provisionedThis causes the system to assign the tenant to nodes and create virtual disks for the tenant on those nodes.
- Show the current status for the tenant:show tenants tenant big-ipWhen the system is creating the virtual disk and installing the image on a disk, the operational state of the tenant shows this information:
- PHASE – Allocating resources to the tenant is in progress
- status – Provisioning
A summary similar to this example displays:appliance-1# show tenants tenant big-ip tenants tenant big-ip state name big-ip state unit-key-hash PcPJWXRSLgdL3FRivOJODwrIZdYLncH3rqrjkW0X03uKHZFSLPjAc3d3E3Pbgd+Piq8p86LsMgma/kHoRdd+Kg== state type BIG-IP state image BIGIP-15.1.6-0.0.3.ALL-F5OS.qcow2.zip.bundle state mgmt-ip 192.0.2.200 state prefix-length 24 state gateway 192.0.2.254 state cryptos disabled state vcpu-cores-per-node 2 state memory 7680 state running-state provisioned state mac-data mgmt-mac 00:0a:49:ff:20:0c state mac-data base-mac 00:0a:49:ff:20:0d state mac-data mac-pool-size 1 state appliance-mode disabled state status Provisioning INSTANCE CREATION READY MGMT NODE POD NAME ID PHASE TIME TIME STATUS MAC -------------------------------------------------------------------------------------------------------- 1 big-ip-1 1 Allocating resources to tenant is in progress -When the system completes the virtual disk creation, the operational state shows this information:- PHASE – Ready to deploy
- status – Provisioned
A summary similar to this example displays:appliance-1# show tenants tenant big-ip tenants tenant big-ip state name big-ip state unit-key-hash PcPJWXRSLgdL3FRivOJODwrIZdYLncH3rqrjkW0X03uKHZFSLPjAc3d3E3Pbgd+Piq8p86LsMgma/kHoRdd+Kg== state type BIG-IP state image BIGIP-15.1.6-0.0.3.ALL-F5OS.qcow2.zip.bundle state mgmt-ip 192.0.2.200 state prefix-length 24 state gateway 192.0.2.254 state cryptos disabled state vcpu-cores-per-node 2 state memory 7680 state running-state provisioned state mac-data mgmt-mac 00:0a:49:ff:20:0c state mac-data base-mac 00:0a:49:ff:20:0d state mac-data mac-pool-size 1 state appliance-mode disabled state status Provisioned INSTANCE CREATION READY MGMT NODE POD NAME ID PHASE TIME TIME STATUS MAC -------------------------------------------------------------------------- 1 big-ip-1 1 Ready to deploy - - Change to config mode.configThe CLI prompt changes to include(config).
- You can then deploy the tenant.tenants tenant big-ip config running-state deployedThis example moves the tenant into the deployed state, which causes the system to start and maintain VMs on each node to which the tenant is assigned.
- Commit the configuration changes.commit
- Return to user (operational) mode.end
- You can check the status of the tenant.show tenants tenant big-ip state instancesA summary similar to this example displays:appliance-1# show tenants tenant big-ip state instances INSTANCE NODE POD NAME ID PHASE CREATION TIME READY TIME STATUS MGMT MAC --------------------------------------------------------------------------------------------------------------------------- 1 big-ip-1 1 Running 2022-04-08T15:30:20Z 2022-04-08T15:30:21Z Started tenant instance 00:94:a1:69:34:25
Once you configure and deploy the tenant, and the
Status is updated to Running, then you can use the management IP address to access the
tenant system using SSH, the web-based interface, or TMOS Shell (
tmsh
).Once a tenant is Deployed (and is up and running),
changing its state back to Configured or Provisioned stops the tenant. You will
receive a warning message before this occurs.
If the Status is Pending instead of Running, this might
mean that there are not enough resources (vCPUs, memory, or other resources) for the
tenant to be deployed. See the Tenant Details screen in the webUI for more
information about the specific tenant.
Display tenant information from the CLI
You can display detailed information about configured tenants from the CLI.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Show the tenants that are currently configured.show tenantsThis example displays the operational data for aBIG-IPtenant. It uses one VLAN, no cryptos, two vCPU cores, and appliance mode is not enabled. The Instance table in the output displays the live health of the tenant running on therSeriessystem.appliance-1# show tenants tenant big-ip tenants tenant bigip state unit-key-hash oa9gv8VYHcSoApv1234GQMn2uM9UzNKiDz78cIbqKv26LVjlIo9TCdp56z5UnXcVvr3hj0/ym2kbdWyBhPbkLA== state type BIG-IP state image BIGIP-15.1.6-0.0.3.ALL-F5OS.qcow2.zip.bundle state mgmt-ip 192.0.2.59 state prefix-length 24 state gateway 192.0.2.254 state cryptos enabled state vcpu-cores-per-node 2 state memory 7680 state storage size 76 state running-state deployed state mac-data base-mac 00:12:a1:8e:70:0a state mac-data mac-pool-size 1 state appliance-mode disabled state status Starting INSTANCE CREATION READY MGMT NODE POD NAME ID PHASE TIME TIME STATUS MAC -------------------------------------------------------------------------------------------------------- 1 big-ip-1 1 Allocating resources to tenant is in progress -
- Show the running configuration of the tenants.show running-config tenants tenantA summary similar to this example displays:appliance-1# show running-config tenants tenant tenants tenant big-ip config name big-ip config type BIG-IP config image BIGIP-15.1.6-0.0.3.ALL-F5OS.qcow2.zip.bundle config nodes [ 1 ] config mgmt-ip 192.0.2.59 config prefix-length 24 config gateway 192.0.2.254 config cryptos enabled config vcpu-cores-per-node 2 config memory 7680 config storage size 76 config running-state deployed config appliance-mode disabled !
Modify tenant configuration from the CLI
You can modify a tenant configuration from the CLI.
The administrator is able to modify only these fields while
the tenant is running:
- Running-state
- VLANS
- Nodes
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Show configuration information for the tenant you want to update.show tenants tenant <name>
- Change to config mode.configThe CLI prompt changes to include(config).
- You can modify these options while the tenant is running:vlans,nodes, orrunning-state.tenants tenant <name> config {vlans<vlan-id> |nodes{12} |running-state{configured|provisioned|deployed} ]
- To modify any of the other options, first change the running state of the tenant toprovisioned.tenants tenant <name> config running-state provisionedMake the desired changes. For more information, see theTenant CLI command syntaxsection.
- Commit the configuration changes.commit
Resize tenant virtual disk from the CLI
You can resize the storage quota for a tenant virtual disk from the CLI.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Display configuration information for the tenant you want to update.show tenants tenant <name>
- Change to config mode.configThe CLI prompt changes to include(config).
- Change the storage quota, in GB, for the virtual disk for a specified tenant.The default size is 76 GB, and the disk size range is from 22 GB to 700 GB.tenants tenant big-ip config storage size 80You cannot modify the size of the virtual disk when the tenant is in the deployed running-state. The tenant must be in a configured or provisioned running-state.
- Commit the configuration changes.commit
Delete a tenant from the CLI
You can delete tenant configurations from the
CLI.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Show the tenants that are currently configured in the system to check the names of the tenants.show tenants
- Change to config mode.configThe CLI prompt changes to include(config).
- Remove a tenant configuration.no tenants tenant <tenant-name>
- Commit the configuration changes.commit
The tenant deployment is removed from the
system.
Tenant CLI command syntax
Use the
tenants
command from the CLI
to configure a cluster of virtual machines (VMs) that run on one or more nodes
within the systemThe
tenant
command includes this syntax and these options:tenants tenant <options>
Option |
Value |
Description |
---|---|---|
appliance-mode |
enabled or disabled (default) |
When enabled, appliance-mode disallows
root and Bash access for the tenant. |
cryptos |
enabled or disabled
(default) |
Specifies the crypto device support
for the tenant. When enabled, the tenant receives dedicated
crypto devices proportional to the number of vCPU cores. When
disabled, the tenant receives no crypto device support.
|
gateway |
IP address |
Specifies the IPv4/IPv6 address of the default gateway for the
management network. This IP address can be changed on the tenant itself.
This field is required. |
image |
Image name for the tenant |
Specifies which software image to install on newly-created
virtual disks for this tenant. This field is required. |
memory |
Memory allocated for the tenant |
Specifies the memory in MBs for the tenant. For the
commit to succeed, tenant configuration requires the minimum
MBs depending on the number of cores specified for the tenant.
The administrator must decide what amount of dedicated memory
is needed to satisfy the requirements of the modules that will
be provisioned within the tenant. For more information on
resource allocation, see the Tenant resource allocation
overview section. |
mgmt-ip |
IP address |
Specifies the management IP address to the tenant.
This address applies to the primary node of the tenant. The
address can be changed on the tenant. This field is
required. |
name |
Name of the tenant |
Specifies the name of the tenant.
This field is required. |
nodes |
Node numbers in square brackets
separated by a space. For example, [1 2] |
Lists the nodes that the tenant can be assigned to. This field
is required. |
prefix-length |
Decimal value |
Specifies the prefix length of the
management network. This field is required. |
running-state |
Configured (default), provisioned,
or deployed |
Specifies the state of a tenant: configured, provisioned, or
deployed. Tenants are in the configured state by default. Configured
means the tenant exists but has no hardware resources (CPU or memory)
allocated to it and is not running. When the tenant is provisioned, the
system assigns the tenant to nodes and creates virtual disks for the
tenant on those nodes. In the deployed state, allocated resources are
used to launch the tenant VM. Note that specifying deployed causes the
actions that occur in the configured and provisioned states. To shut
down the tenant VM without removing the virtual disk, change the
running-state from deployed to provisioned. Changing the tenant
running-state to configured from provisioned or deployed causes its
virtual disk to be deleted. |
storage |
Storage quota in GB for the tenant
(The default value is 76 GB) |
Specifies how much storage quota a
tenant is allocated. The range is from 22 to 700 GB. |
trust-mode |
Disabled (default) or enabled (r2000/r4000 platforms only) |
Trust-mode is only available on r2000/r4000 platforms. Indicates if the
tenant is trusted (enabled) or not trusted (disabled). The default
state is not trusted (disabled). MAC masquerade, which is required for High Availability (HA) on
r2000/r4000 platforms, can only be configured on trusted tenants. For more information about configuring MM, see K13502: Configuring MAC
masquerade (11.x - 16.x). Enabling trust mode might reduce the security profile of the
platform. |
type |
BIG-IP
(default) |
Specifies the supported tenants on the system. The
field is not required. |
vcpu-cores-per-node |
Decimal number (The default value is
2) |
Specifies how many cores a tenant is allocated from each node
that it is assigned to. Use tab completion to see a list of possible
values on the current rSeries
system. |
vlans |
VLAN ID |
Specifies the VLAN ID to be used for tenant traffic.
To process the traffic through the tenant, make sure the VLAN
is configured on the system. |
Tenant high availability (HA) overview
You can configure tenants for high-availability (HA) on an
rSeries
system similar to how it is
done on a BIG-IP
system or for vCMP
guests. To implement high-availability, you set up device service clustering
or DSC. DSC provides synchronization and failover of BIG-IP
configuration data and traffic groups on two or more
tenants. The tenant administrator sets up DSC on the tenants.If you plan to set up mirroring, you must use an additional
system
. Connection mirroring
requires that both rSeries
systems have
identical hardware platforms.Tenants must have identical resources
to ensure seamless HA failover. F5 does not support HA between tenants on
disparate platforms.
For more information, see these guides at support.f5.com:
Configure High Availability (HA) for BIG-IP tenants
BIG-IP
tenantsBefore you begin, you must set up two
rSeries
systems with initial configuration,
management IP addresses, gateways, DNS servers, and licensing. For more information, see
F5 rSeries
Systems: Software Installation and Upgrade
and other sections in this
guide.The r2000/r4000 platforms require that MAC masquerade is configured for High
Availability (HA). MAC masquerade can only be configured on trusted tenants.
Ensure that you have enabled trust-mode for any tenant on which you plan to
configure HA (see the
Create and deploy tenants from the CLI
section of this document). For more information about configuring MM, see K13502: Configuring MAC masquerade (11.x -
16.x).You can set up High Availability for two
BIG-IP
tenants that reside on two separate systems.- Log in to the system and deploy aBIG-IPtenant.Make sure that both tenants are running the sameBIG-IPsoftware version and that it is compatible with rSeries systems.
- On the tenants, set up L2 network connectivity between the two tenants including setting up VLANs and self-IPs for ConfigSync, failover, and mirroring.For example, create the same VLAN on both tenants with management IP addresses that can communicate with each other.
- Log in to each tenant and set the failover ConfigSync address to the self IP addresses on both sides.
- Establish device trust: On one of the tenants, go to, create a device trust, and add the management IP of the other tenant.
- Create a Sync-Failover device group: On the tenants, go toand create a device group with theGroup Typeoption set toSync-Failover.For more information, see the "Working with Device Groups" section inBIG-IP Device Service Clustering: Administrationat support.f5.com).
- On the tenants, go to, select the device and initiate the first ConfigSync manually.
- For tenants on the r2000/r4000 platforms, configure MAC masquerade.For more information, see the "Managing Failover" section inBIG-IP Device Service Clustering: Administrationat support.f5.com).For information about configuring MAC masquerade, see K13502: Configuring MAC masquerade (11.x - 16.x).
After setting up HA for tenants, you
can optionally create traffic groups, enable mirroring on the virtual servers,
and sync the configurations.
Understand that there are
many ways to configure HA, and this summary explains the general work flow
for how to approach tenant HA. Your environment might require additional
steps.