Manual Chapter :
Internal Appliance Networking
Applies To:
Show VersionsF5OS-A
- 1.5.0
Internal Appliance Networking
Appliance
NetworkingInternal appliance networking overview
The
rSeries
system uses an internal
appliance network for control plane and management plane communication between
firmware and software on the system. Traffic on this internal network is
firewall-protected and is not exposed to a customer’s management network.Internal
rSeries
appliance networking can
use one of two IP address ranges known as RFC6598 and RFC1918. The RFC6598
address range maps the predefined rSeries
internal network
range to 100.64/12 IP addresses (the default). The RFC1918 range enables you
choose one of 16 possible address ranges in the 10.0.0.0/12 address range.IP addresses in the predefined range are reserved for the
internal network and cannot be used for any of these addresses:
- Management IP addresses for therSeriessystem and tenants
- Any external service configured on therSeriessystem, such as a DNS server and NTP server
- Source IP addresses of any device used to communicate with therSeriessystem (such as a laptop, workstation, or other device that connects)
If your network uses addresses in the default predefined range for any of
the above, you will not be able to access the
rSeries
system using the rSeries
management interface (including the CLI, webUI, or REST APIs). This is only an issue
if you use 100.64.0.0/12 addresses for management IP addresses, external servers, or
source IP addresses described here. To prevent this issue, F5
provides a procedure that enables you to select a different internal IP address range
during initial provisioning of a system, as an alternative to using the default
range.Change the internal network IP range
The
rSeries
internal network uses 100.64.0.0/12 addresses, as specified by
RFC6598. If your network needs to use this range, you can change the range of IP
addresses that the internal chassis network implements. Instead, you can choose one of
16 possible address ranges in the 10.0.0.0/16 address range, as specified by RFC1918.
It is recommended that you make this change
before initial configuration or immediately after.
- If you have not performed initial setup of the system and configured management IP addresses, connect using the management console. If setup is already complete, log in using the management IP address.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Change to config mode.configThe CLI prompt changes to include(config).
- Show the network prefix ranges for network range RFC1918.system network config network-range-type RFC1918 prefix ?appliance-1(config)# system network config network-range-type RFC1918 prefix ? Description: The network prefix index is used to select the range of IP addresses used internally within the appliance. The network prefix should be selected such that internal appliance addresses do not overlap with site-local addresses that are accessible to the appliance. Network Prefix Index Appliance Network Range 0 10.[0-15].0.0/16 1 10.[16-31].0.0/16 2 10.[32-47].0.0/16 3 10.[48-63].0.0/16 4 10.[64-79].0.0/16 5 10.[80-95].0.0/16 6 10.[96-111].0.0/16 7 10.[112-127].0.0/16 8 10.[128-143].0.0/16 9 10.[144-159].0.0/16 10 10.[160-175].0.0/16 11 10.[176-191].0.0/16 12 10.[192-207].0.0/16 13 10.[208-223].0.0/16 14 10.[224-239].0.0/16 15 10.[240-255].0.0/16 Possible completions: <unsignedByte, 0 .. 15>[0]
- Select the network range to use for internal networking (0-15).system network config network-range-type RFC1918 prefix <0-15>This example sets the range to 10.[0-15].0.0/16:appliance-1(config)# system network config network-range-type RFC1918 prefix 0
- Commit the configuration changes.commit
- Power cycle the appliance.Changing the internal appliance network causes an automatic cluster reinstall process that takes approximately an hour to complete.
- Check the status of the cluster installation.show cluster install-statusA summary similar to this example displays:appliance-1# show cluster install-status STAGE NAME STATUS TIMESTAMP VERSION ------------------------------------------------------------------------ K3SClusterInstall done 2022/08/22-17:54:01 1.21.1.1.8.5
When the install status is
done
for all stages, you can resume
configuring the system.