Manual Chapter :
Network Settings
Applies To:
Show VersionsF5OS-A
- 1.7.0
Network Settings
Network settings overview
An administrator can configure L2 network settings for the
rSeries
system, such as port
groups, LAGs, interfaces, VLANs, LACP, LLDP, and STP. You can configure these
network settings from the webUI, the CLI, or REST APIs.Port groups overview
The front-panel ports on
F5 r2000/r4000 and F5
r5000/r10000 platforms
support port group functionality. Port groups enable you
to configure the mode of the physical port, which controls the port speed and whether
the port is bundled or unbundled. Until configured, the rSeries
system uses port speeds of 100G, 25G,
or 10G, depending on the port and the platform
. You can change them based on
what optical transceiver module type you are using.F5
r2000/r4000 platforms have pre-defined configuration modes. These port group options
are 4x25GbE, 8x10GbE, and 4x10GbE+2x25GbE.
Before configuring any interfaces, VLANs, or LAGs, you can set up
port groups so that physical interfaces on the
platform
are configured for the proper speed and bundling. Depending
on the port group mode, a different FPGA version is loaded, and the speed of
the port is adjusted accordingly. The system creates the port group
components. Changing the mode for a port group reboots the
system
, removes stale interfaces from your configuration, and
removes any references to stale interfaces from your configuration. You will
then need to reconfigure any previously-configured protocols to use the
modified port group.Configure port groups from the webUI
You can configure port groups to use a specific
mode depending on how you are connecting your system.
Changing the port group mode impacts the view of physical
interfaces published by the system. The previous interfaces that corresponded to the
previous port group mode are deleted, and new ones are created. All configuration
associated with the deleted interfaces is also lost.
- Log in to the webUI using an account with admin access.
- On the left, click.
- For a specific port group, select aModefrom the list.For F5 r5000/r10000, you can choose one of these modes:OptionDescription100GbECreate one interface at 100G speed.40GbECreate one interface at 40G speed.25GbECreate one interface at 25G speed.10GbECreate one interface at 10G speed.For F5 r2000/r4000, you can choose a pre-defined configuration as a mode:OptionDescription4x25GbECreates four interfaces at 25G speed.4x10GbE+2x25GbECreates four interfaces at 10G speed and two interfaces at 25G speed.8x10GbECreates eight interfaces at 10G speed.
- ClickSave.
When you change the port group mode
on ports for a specific group, the system resets. The previous interfaces that
corresponded to the previous port group mode are deleted, and the associated
(underlying) configuration is also lost.
Configure the mode of a port group from the CLI
You can configure a port group for the interfaces
on the system at either 100G or 40G speeds from the CLI.
.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Change to config mode.configThe CLI prompt changes to include(config).
- Configure port groups for a specific interface.portgroups portgroup <interface-number> config mode {MODE_100GB|MODE_40GB}In this example, you configure the port group mode on interface 2 to use the 100GB mode:appliance-1(config)# portgroups portgroup 2 config mode MODE_100GB
- Commit the configuration changes.commit
Show the state of port groups from the CLI
You can show the state for port groups on
the system from the CLI.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Show the current state for the port groups configuration.show portgroups portgroupA summary similar to this example displays:appliance-1# show portgroups portgroup portgroups portgroup 1 state vendor-name "F5 INC." state vendor-oui 009065 state vendor-partnum "OPT-0031 " state vendor-revision A0 state vendor-serialnum "A1B2C3D40 " state transmitter-technology "850 nm VCSEL" state media 100GBASE-SR4 state optic-state QUALIFIED state ddm rx-pwr low-threshold alarm -14.0 state ddm rx-pwr low-threshold warn -11.0 state ddm rx-pwr instant val-lane1 -1.96 state ddm rx-pwr instant val-lane2 -0.95 state ddm rx-pwr instant val-lane3 -1.06 state ddm rx-pwr instant val-lane4 -1.98 state ddm rx-pwr high-threshold alarm 3.4 state ddm rx-pwr high-threshold warn 2.4 state ddm tx-pwr low-threshold alarm -10.0 state ddm tx-pwr low-threshold warn -8.0 state ddm tx-pwr instant val-lane1 0.07 state ddm tx-pwr instant val-lane2 0.67 state ddm tx-pwr instant val-lane3 0.32 state ddm tx-pwr instant val-lane4 0.45 state ddm tx-pwr high-threshold alarm 5.0 state ddm tx-pwr high-threshold warn 3.0 state ddm temp low-threshold alarm -5.0 state ddm temp low-threshold warn 0.0 state ddm temp instant val 40.8046 state ddm temp high-threshold alarm 75.0 state ddm temp high-threshold warn 70.0 state ddm bias low-threshold alarm 0.003 state ddm bias low-threshold warn 0.005 state ddm bias instant val-lane1 0.00753 state ddm bias instant val-lane2 0.007448 state ddm bias instant val-lane3 0.007536 state ddm bias instant val-lane4 0.007504 state ddm bias high-threshold alarm 0.013 state ddm bias high-threshold warn 0.011 state ddm vcc low-threshold alarm 2.97 state ddm vcc low-threshold warn 3.135 state ddm vcc instant val 3.3027 state ddm vcc high-threshold alarm 3.63 state ddm vcc high-threshold warn 3.465 ...
Port mappings overview
Port mappings show how the front-panel interfaces on F5
r5000/r10000 systems are configured for capacity bandwidth and allocated
bandwidth using
pipelines
and pipeline groups
.- pipeline
- Corresponds to a traffic-processing pipeline. There are eight virtual ports per pipeline. Each pipeline has 100Gb of throughput.
- pipeline group
- Contains two pipelines and corresponds to FPGA sockets. The system FPGAs are configured in the bitstream to support the different ports. No bitstream supports all ports simultaneously.
Display port mappings from the webUI
You can view how port mappings are
configured from the webUI.
- Log in to the webUI using an account with admin access.
- On the left, click.The current configuration for port mappings displays.
Port profiles overview
The front-panel ports on F5 r2000/r4000 systems support port
profile functionality. Port profiles enable you to change which mode, or port
speed, that port uses. SFP28 ports operate at 25GbE by default, and SFP+ ports
operate at 10GbE by default. Only these configurations are available:
- 8x10G
- All eight 10G (SFP+) ports run at 10G speed. This is the default configuration.
- 2x25G - 4x10G
- Two 25G (SFP28) ports run at 25G speed, and four 10G (SFP+) ports run at 10G.
- 4x25G
- All four 25G (SFP28) ports run at 25G speed.
Changing the mode for a port profile reboots the system, and
then removes stale interfaces and any references to stale interfaces from your
configuration. You must reconfigure any previously-configured protocols to use
your modified port group.
All tenants must be in “configured” state before you can change the port profile. You
cannot change the profile while a tenant is in “deployed” state.
Configure a port profile from the CLI
You can configure port profiles for the
interfaces on the system from the CLI.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Change to config mode.configThe CLI prompt changes to include(config).
- Change the port profile configuration.port-profiles config mode [2x25G-4x10G|4x25G|8x10G}In this example, you configure the port profile to use the 4x25G mode:appliance-1(config)# port-profiles config mode 4x25G
- Commit the configuration changes.commit
Changing the mode for a port profile reboots the system, and then removes
stale interfaces and any references to stale interfaces from your
configuration. You must reconfigure any previously-configured protocols to use
your modified port profile.
Interfaces overview
rSeries
systems include a set number of
front-panel interfaces (or ports). The number of available interfaces varies
depending on hardware model.Configure interfaces from the webUI
Before you begin, you must already have created the
VLANs that you want to associate with the interface.
If you
intend to create LAGs, you should wait to associate VLANs with interfaces, because
an interface cannot be used as a LAG member if it is associated with an
interface.
You can configure interfaces from
the webUI.
- Log in to the webUI using an account with admin access.
- On the left, click.A table showing all interfaces displays.
- Click an interface name.
- ForDescription, enter text to describe the interface.
- ForState, select whether the interface isEnabledorDisabled.
- These settings are informational, use set values, and cannot be changed: Operational Status, Speed, MAC Address, and Interface Type.
- ForMTU, the maximum transmissions unit is set to the default value of 9600 (read only).This is the largest size that the system allows for an IP datagram passing through a physical interface.Changing the MTU at the platform level would affect all tenants, so this is configurable at the tenant level for greater control.
- Forward Error Correctionis set to the default value ofAuto(read only) and detects and corrects a limited number of errors in transmitted data.Since this setting is enabled automatically, your upstream switch must also support Forward Error Correction (FEC).
- RX Flow Controlis set toOff, and it is not supported on any of the interfaces.
- ForNative VLAN (Untagged), select the VLAN ID to use for untagged frames received on an interface (either a single interface or LAG).An interface or LAG can have only one Native VLAN assigned to it. You can use a Native VLAN with multiple LAGs or interfaces. You cannot use a VLAN, however, as both a Native and Trunk VLAN for the same interface.
- ForTrunk VLANs (Tagged), select one or more VLAN IDs, if available, and not a member of another LAG; this is used for tagged traffic.You can use the same VLAN ID as the Trunk VLAN across all interfaces or LAGs. You cannot use a VLAN, however, as both a Native and Trunk VLAN for the same interface.A Trunk VLAN or a Native VLAN is required to pass traffic. If you do not select either a Native VLAN or a Trunk VLAN, the port will not carry any traffic.
- ClickSave & Close.
Display and reset interface statistics from the webUI
You can view statistics for physical
interfaces configured on the system from the webUI. The table shows, for each
interface, the amount of data that was input and output in multiple forms. You
can also see in/out errors and frame check sequence (FCS) errors that occurred
on each of the interfaces, and you can reset to clear the data.
- Log in to the webUI using an account with admin access.
- On the left, click.
- In the Interface Statistics area, change the way the statistics are displayed in theData Formatby selectingNormalizedorUnformatted.SelectingNormalizedconverts the byte representation to kilobytes, megabytes, or terabytes, depending on the size. This provides better data readability especially when there are massive amounts of traffic passing through the interfaces.
- Set theAuto Refreshinterval for refreshing the data displayed or click the refresh icon to update the data immediately.
- Select one or more interfaces, then clickResetto clear the data.
Configure an interface from the CLI
You can configure front-panel interfaces
from the CLI.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Change to config mode.configThe CLI prompt changes to include(config).
- Configure settings for the specified interface.interfaces interface <interface> config {disabled|enabled} description <interface-description> type <interface-type>In this example, you enable and configure interface 1.0 with a custom description:appliance-1(config)# interfaces interface 1.0 config enabled description "Interface 1.0"Changing the MTU at the platform level would affect all tenants, so this is configurable at the tenant level for greater control.
- Commit the configuration changes.commit
Show the state of a specific interface from the
CLI
You can show the state of a
specific interface on a platform from the CLI.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Display the current status of a specific interface.show interface interface <interface-number>When you specify a specific interface, a summary similar to this example displays:appliance-1# show interfaces interface 5.0 interfaces interface 5.0 state name 5.0 state type ethernetCsmacd state mtu 9600 state enabled true state ifindex 26 state oper-status DOWN state counters in-octets 0 state counters in-unicast-pkts 0 state counters in-broadcast-pkts 0 state counters in-multicast-pkts 0 state counters in-discards 0 state counters in-errors 0 state counters in-fcs-errors 0 state counters out-octets 0 state counters out-unicast-pkts 0 state counters out-broadcast-pkts 0 state counters out-multicast-pkts 0 state counters out-discards 0 state counters out-errors 0 state forward-error-correction auto state lacp_state LACP_DEFAULTED ethernet state port-speed SPEED_25GB ethernet state hw-mac-address 00:12:a1:34:56:78 ethernet state counters in-mac-control-frames 0 ethernet state counters in-mac-pause-frames 0 ethernet state counters in-oversize-frames 0 ethernet state counters in-jabber-frames 0 ethernet state counters in-fragment-frames 0 ethernet state counters in-8021q-frames 0 ethernet state counters in-crc-errors 0 ethernet state counters out-mac-control-frames 0 ethernet state counters out-mac-pause-frames 0 ethernet state counters out-8021q-frames 0 ethernet state flow-control rx onappliance-1# show interfaces interface 1.0 interfaces interface 1.0 state name 1.0 state type ethernetCsmacd state mtu 9600 state enabled true state ifindex 19 state oper-status DOWN state counters in-octets 0 state counters in-unicast-pkts 0 state counters in-broadcast-pkts 0 state counters in-multicast-pkts 0 state counters in-discards 0 state counters in-errors 0 state counters in-fcs-errors 0 state counters out-octets 0 state counters out-unicast-pkts 0 state counters out-broadcast-pkts 0 state counters out-multicast-pkts 0 state counters out-discards 0 state counters out-errors 0 state forward-error-correction auto state lacp_state LACP_DEFAULTED ethernet state port-speed SPEED_100GB ethernet state hw-mac-address 00:98:a1:76:54:0d ethernet state counters in-mac-control-frames 0 ethernet state counters in-mac-pause-frames 0 ethernet state counters in-oversize-frames 0 ethernet state counters in-jabber-frames 0 ethernet state counters in-fragment-frames 0 ethernet state counters in-8021q-frames 0 ethernet state counters in-crc-errors 0 ethernet state counters out-mac-control-frames 0 ethernet state counters out-mac-pause-frames 0 ethernet state counters out-8021q-frames 0 ethernet state flow-control rx on
Link aggregation group (LAG) overview
A link aggregation group (LAG) is a logical group of interfaces that
function as a single interface. The LAG (like a trunk on tenant systems) distributes
traffic across multiple links, which increases the bandwidth by adding the bandwidth of
multiple links together. For example, four fast Ethernet (100 Mbps) links, if
aggregated, create a single 400 Mbps link. LAGs also enhance connection reliability by
providing link failover if a member link becomes unavailable.
There are two types of LAGs:
- Static
- Ports in the LAG are manually configured, and the group of ports assigned to a static LAG is always made up of active members. This is the default type of LAG.
- Link Aggregation Control Protocol (LACP)
- When LACP is enabled on a LAG, the ports configure automatically into groups without manual configuration. The LACP protocol detects error conditions on member links and redistributes traffic to other member links, thus preventing any loss of traffic on a failed link.
Create LAGs from the webUI
You can create a link aggregation group
(LAG) from the webUI.
- Log in to the webUI using an account with admin access.
- On the left, click.The screen shows LAGs that are configured.
- ClickAdd.
- ForName, enter a name for the LAG.
- ForDescription, enter text to describe the LAG.
- ForLAG Type, select one of these options:OptionDescriptionSTATICManually configure the links. The link state of LAG members is not dynamically updated. This is the default value for LAGs.LACPAutomatically bundle links.
- If you selectLACP, configure these additional settings:OptionDescriptionLACP IntervalSpecify an interval at which interfaces send LACP packets. SelectFAST(transmit packets every second) orSLOW(transmit packets every 30 seconds).LACP ModeSpecify the negotiation state for LACP. SelectACTIVE(in an active negotiating state) orPASSIVE(do not initiate negotiation until peer contacts first).
- ForConfigured Members, select one or more interfaces (not members of another LAG) to assign to the LAG.You can add up to 20 members to a LAG.Only interfaces that are configured with the same speeds can be members of the LAG. The interfaces cannot be associated with VLANs.
- ForNative VLAN (Untagged), select the VLAN ID to use for untagged frames received on a trunk interface.
- ForTrunk VLANs (Tagged), select one or more VLAN IDs, if available and not a member of another LAG.A trunk VLAN or a native VLAN is required to pass traffic. If you do not select either a native VLAN or a trunk VLAN, the port will not carry any traffic.
- ClickSave & Close.
The LAG is created and shown in the list.
You can add up to 256 LAGs.
Configure LAGs from the webUI
You can edit the properties of an
existing a link aggregation group (LAG) from the webUI.
- Log in to the webUI using an account with admin access.
- On the left, click.The screen shows LAGs that are configured.
- Click a LAG name.
- ForLAG Type, select one of these options:OptionDescriptionSTATICManually configure the links. The link state of LAG members is not dynamically updated. This is the default value for LAGs.LACPAutomatically bundle links.
- If you selectLACP, configure these additional settings:OptionDescriptionLACP IntervalSpecify an interval at which interfaces send LACP packets. SelectFAST(transmit packets every second) orSLOW(transmit packets every 30 seconds).LACP ModeSpecify the negotiation state for LACP. SelectACTIVE(in an active negotiating state) orPASSIVE(do not initiate negotiation until peer contacts first).
- ForConfigured Members, select one or more interfaces (not members of another LAG) to assign to the LAG.You can add up to 20 members to a LAG.Only interfaces that are configured with the same speeds can be members of the LAG. The interfaces cannot be associated with VLANs.
- ForNative VLAN (Untagged), select the VLAN ID to use for untagged frames received on a trunk interface.
- ForTrunk VLANs (Tagged), select one or more VLAN IDs, if available and not a member of another LAG.A trunk VLAN or a native VLAN is required to pass traffic. If you do not select either a native VLAN or a trunk VLAN, the port will not carry any traffic.
- ClickSave & Close.
Display LACP details from the webUI
You can view the LACP details on the webUI to
troubleshoot. For example, you can determine why an interface member of an LACP LAG on
the system is not working as expected.
- Log in to the webUI using an account with admin access.
- On the left, click.The screen shows state information about whether LACP is Up, Down, or Defaulted for LACP interfaces. The lower portion of the screen shows details that can be used for troubleshooting LACP issues.
- Set theAuto Refreshinterval for refreshing the data displayed or click the refresh icon to update the data immediately.
Static LAG configuration from the CLI
To configure a static LAG, you first configure the status LAG interface, then
add interfaces to LAG members, and then associate VLANs with the LAG
interfaces.
Configure a static LAG interface from the CLI
You can configure a LAG interface
type as
static
from the CLI.- Connect using SSH to the management IP address.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Change to config mode.configThe CLI prompt changes to include(config).
- Create a LAG interface.interfaces interface <lag-name> config type ieee8023adLag description <lag-description>This example creates a LAG named lag-test with a description:appliance-1(config)# interfaces interface lag-test config type ieee8023adLag description "HA LAG"The system prompt updates to show that you are in configuration mode for the interface:appliance-1(config-interface-lag-test)#
- Set the type of LAG interface to STATIC (this is the default setting).aggregation config lag-type STATICThis example shows the interface named lag-test in configuration mode and configures it as a static LAG:appliance-1(config-interface-lag-test)# aggregation config lag-type STATIC
- Commit the configuration changes.commit
Add interfaces to LAG members from the CLI
You can add interfaces, or member ports, to a LAG
interface from the CLI.
- Connect using SSH to the management IP address.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Change to config mode.configThe CLI prompt changes to include(config).
- Add interfaces to a LAG.interfaces interface <interface> ethernet config aggregate-id <lag-name>This example adds interface 1.0 to a LAG named lag-test:appliance-1(config)# interfaces interface 1.0 ethernet config aggregate-id lag-test
- Commit the configuration changes.commit
Associate VLANs with LAG interfaces from the CLI
Before you can pass user traffic,
you need to associate VLANs with LAG interfaces from the CLI.
- Connect using SSH to the management IP address.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Change to config mode.configThe CLI prompt changes to include(config).
- Associate VLANs with the LAG interface.interfaces interface <}lag-name> aggregation switched-vlan config trunk-vlans { <vlan-IDs>This example associates VLANs 1037 and 1038 with a LAG named lag-test:appliance-1(config)# interfaces interface lag-test aggregation switched-vlan config trunk-vlans [ 1037 1038 ]
- Commit the configuration changes.commit
LACP configuration from the CLI
Create a LAG interface from the CLI
You can create a LAG interface from
the CLI.
- Connect using SSH to the management IP address.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Change to config mode.configThe CLI prompt changes to include(config).
- Create a LAG interface.interfaces interface <lag-name> config type ieee8023adLagThis example creates a LAG named lag-test:appliance-1(config)# interfaces interface lag-test config type ieee8023adLag
- Commit the configuration changes.commit
Create an LACP interface from the CLI
Before LACP can manage a LAG
interface, you need to create a LAG interface of type LACP from the
CLI.
- Connect using SSH to the management IP address.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Change to config mode.configThe CLI prompt changes to include(config).
- Create a LAG interface of type LACP.interfaces interface <lag-name> aggregation config lag-type LACPThis example creates a LAG of type LACP named lag-test:appliance-1(config)# interfaces interface lag-test aggregation config lag-type LACP
- Commit the configuration changes.commit
- Return to user (operational) mode.end
- Verify that LACP is enabled on the interface.show interfaces interface lag-testA summary similar to this example displays:appliance-1# show interfaces interface lag-test interfaces interface lag-test state type ieee8023adLag state mtu 9600 state oper-status UP state forward-error-correction auto ethernet state flow-control rx on aggregation state lag-type LACP aggregation state lag-speed 100 aggregation state distribution-hash src-dst-ipport aggregation state mac-address 00:94:a1:69:61:14 aggregation state lagid 1
Enable LACP on a LAG interface from the CLI
By default, a LAG interface is in a
static
mode, which means that the member links do not
initiate or process any of the LACP packets received. You can enable LACP on the LAG
interface from the CLI.- Connect using SSH to the management IP address.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Change to config mode.configThe CLI prompt changes to include(config).
- Enable LACP on a LAG interface.interfaces interface <lag-name> aggregation config lag-type LACPThis example enables LACP on a LAG interface named lag-test:appliance-1(config)# interfaces interface lag-test aggregation config lag-type LACP
- Commit the configuration changes.commit
- Return to user (operational) mode.end
- Verify that LACP is enabled on a specified LAG interface.A summary similar to this example displays:appliance-1# show interfaces interface lag-test state name lag-test state type ieee8023adLag state mtu 9600 state oper-status UP state forward-error-correction auto ethernet state flow-control rx on aggregation state lag-type LACP aggregation state lag-speed 100 aggregation state distribution-hash src-dst-ipport aggregation state mac-address 00:94:a1:69:61:14 aggregation state lagid 1
Display LACP state from the CLI
You can check the LACP state from
the CLI.
- Connect using SSH to the management IP address.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Display the LACP state.show lacpA summary similar to this example displays:appliance-1# show lacp lacp state system-id-mac 00:94:a1:69:34:23 lacp interfaces interface lag-test state name lag-test state interval SLOW state lacp-mode ACTIVE state system-id-mac 00:94:a1:69:34:23 members member 1.0 state interface 1.0 state activity ACTIVE state timeout LONG state synchronization IN_SYNC state aggregatable true state collecting true state distributing true state system-id 00:94:a1:69:34:23 state oper-key 2 state partner-id 2c:dd:e9:41:87:61 state partner-key 4 state port-num 1024 state partner-port-num 266 state counters lacp-in-pkts 2456 state counters lacp-out-pkts 2458 state counters lacp-rx-errors 0
Display LACP interface state from the CLI
You can view the state of LACP interfaces from the
CLI.
- Connect using SSH to the management IP address.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Display the state of LACP interfaces.show interfaces interface state lacp_stateA summary similar to this example displays:appliance-1# show interfaces interface state lacp_state NAME LACP STATE ---------------------- 1.0 LACP_UP 2.0 LACP_DEFAULTED 3.0 LACP_DEFAULTED 4.0 LACP_DEFAULTED 5.0 LACP_DEFAULTED 6.0 LACP_DEFAULTED 7.0 LACP_DEFAULTED 8.0 LACP_DEFAULTED 9.0 LACP_DEFAULTED 10.0 LACP_DEFAULTED 11.0 LACP_DEFAULTED 12.0 LACP_DEFAULTED 13.0 LACP_DEFAULTED 14.0 LACP_DEFAULTED 15.0 LACP_DEFAULTED 16.0 LACP_DEFAULTED 17.0 LACP_DEFAULTED 18.0 LACP_DEFAULTED 19.0 LACP_DEFAULTED 20.0 LACP_DEFAULTEDThese are the available LACP states:OptionDescriptionLACP_DEFAULTEDInitial lacp_state value.LACP_UPLACPD has determined that this interface is a working member of an LACP LAG.LACP_DOWNLACPD has determined that this interface is not a working member of an LACP LAG, and it should not receive or transmit user traffic.
Configure LACP logging level from the CLI
LACP errors are collected into the
standard
/var/F5/system/log/platform.log
file. LACP errors run at the
log level INFORMATIONAL by default. If you want to change the severity level
for logged information, you can enable a different log level from the
CLI.- Connect using SSH to the management IP address.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Change to config mode.configThe CLI prompt changes to include(config).
- Configure the logging level for LACP.system logging sw-components sw-component lacpd config severity {ALERT|CRITICAL|DEBUG|EMERGENCY|ERROR|INFORMATIONAL|NOTICE|WARNING}This example enables DEBUG level logging for LACP:appliance-1(config)# system logging sw-components sw-component lacpd config severity DEBUG
- Commit the configuration changes.commit
Display configuration members from the CLI
Configured members are interfaces
in an LACP LAG that listen for and/or send LACPDUs that are attempting to
establish that the peer is configured. You can check each physical interface's
aggregated ID from the CLI.
- Connect using SSH to the management IP address.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Show the configuration members.show running-config interfaces interface ethernet config aggregate-id <lag-name>This example shows information about three members for a LAG named lag-test:appliance-1# show running-config interfaces interface ethernet config aggregate-id lag-test interfaces interface 1.0 config type ethernetCsmacd config enabled ethernet config aggregate-id lag-test !
Display working members from the CLI
Working members are a subset of
configuration members. These members are added and removed dynamically by
LACPD. You can see information about working members in a LAG from the CLI.
- Connect using SSH to the management IP address.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Show the working members, including port statistics.show lacp interfaces interface members member state countersA summary similar to this example displays:appliance-1# show lacp interfaces interface members member state counters LACP LACP LACP LACP LACP IN OUT RX TX UNKNOWN LACP NAME INTERFACE PKTS PKTS ERRORS ERRORS ERRORS ERRORS ----------------------------------------------------------------- lag-test 1.0 952 384 0 - - - 2.0 844 384 0 - - -
VLAN overview
A VLAN is a logical subset of hosts on a local area network
(LAN) that operates in the same IP address space. Grouping hosts together in a
VLAN has distinct advantages. For example, with VLANs, you can:
- Reduce the size of broadcast domains, thereby enhancing overall network performance.
- Reduce system and network maintenance tasks substantially. Functionally related hosts do not need to physically reside together to achieve optimal network performance.
- Enhance security on your network by segmenting hosts that must transmit sensitive data.
For the most basic
rSeries
system
configurations, you might create multiple VLANs. That is, you create a VLAN
for each of the internal and external networks, as well as a VLAN for high
availability communications. You then associate each VLAN with the relevant
interfaces or LAGs.Create VLANs from the webUI
You can create a VLAN and associate physical interfaces or
LAGs with that VLAN. In this way, any host that sends traffic to an interface is
logically a member of the VLAN or VLANs to which that interface or LAG
belongs.
- Log in to the webUI using an account with admin access.
- On the left, click.The screen shows VLANs that are configured for the system.
- ClickAdd.
- ForName, enter a name for the VLAN.VLAN names must follow these rules:
- Start with an alphabetic character (Aa-Zz).
- Can be up to 56 characters in length.
- After the first character, can contain alphanumeric characters, periods (.), hyphens (-) and underscores (_).
- VLAN names must be unique.
- ForVLAN ID, enter a number between 1-4094 for the VLAN.The VLAN ID identifies the traffic from hosts in the associated VLAN for an associated interface or LAG.
- ClickAdd VLANto create the VLAN.
The VLAN is created and displayed in
the VLAN list. You can use the VLANs when configuring interfaces, creating
LAGs, and deploying tenants (one VLAN can be shared by more than one tenant).
VLAN listeners overview
VLAN listeners are created and deleted by the system at
runtime. They are used to program the destination for broadcast packets and L2
destination lookup failures (DLFs).
The system creates a listener when you configure a VLAN for a tenant.
- VLAN Listener (listener)
- Created when a VLAN is used by a single tenant or when a VLAN is not shared among tenants. VLAN listeners that are created for tenant VLANs that do not include any members are indicated with the value0.hostfor interface.
Display VLAN listeners from the webUI
You can view VLAN listeners when
you need to troubleshoot data path issues and check whether the correct VLANs
are assigned to the tenants from the webUI.
- Log in to the webUI using an account with admin access.
- On the left, click.The screen shows VLAN listeners that are active on the system.
- Set theAuto Refreshinterval for refreshing the data displayed or click the refresh icon to update the data immediately.
You can see the VLAN listeners that
are associated with specific interfaces, VLANs, and other related information.
If something does not look correct, review the configuration for that
object.
Display VLAN listeners from the CLI
Viewing the VLAN listeners is primarily
used for troubleshooting data path issues. You can check whether the correct
VLANs are assigned to the tenants from the CLI.
- Connect using SSH to the management IP address.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- View configured VLAN listeners.show vlan-listenersA summary similar to this example displays:appliance-1# show vlan-listeners NDI INTERFACE VLAN ENTRY TYPE OWNER ID SVC VTC SEP DMS DID CMDS MIRRORING SERVICE IDS --------------------------------------------------------------------------------------------------------------------- 0.host 100 RBCAST-LISTENER rbcast 4095 5 32 15 - - - disabled [ 13 14 15 16 17 18 19 ] 0.host 101 VLAN-LISTENER t101100 4095 19 - 15 - - - disabled -
You can see the VLAN listeners that are associated with specific interfaces, VLANs, and other related information. If something does not look correct, review the configuration for that object.
IP tunnels overview
When you configure
rSeries
systems for network virtualization, the system represents the connection as a
tunnel, which provides a Layer 2 interface on the virtual network. You can use
the tunnel interface in both layer 2 and layer 3 configurations. After you
create the network virtualization tunnels, you can use the tunnels like you
use VLANs.F5
r5000/r10000
systems support these tunneling protocols:- GENEVE
- GTP
- GRE
- IP in IP
- EtherIP
- NVGRE
- VXLAN
By configuring IP tunneling protocols on
rSeries
systems, you provide tenants with custom
configuration details needed to even out traffic load balancing across Traffic
Management Microkernels (TMMs) inside the tenant.You can configure these tunneling protocols on the
rSeries
system:- GENEVE (Generic Network Virtualization Encapsulation)
- Uses a compact tunnel header encapsulated in UDP over IP.
- GTP (GPRS tunneling protocol)
- Uses a new disaggregation (DAG) mode for GTP-U traffic that assigns a unique tunnel endpoint identifier (TEID) to each GTP control connection to the peers. This enables a BIG-IP tenant to redistribute the GTP-U traffic among all TMMs.
- NVGRE (Network Virtualization using Generic Routing Encapsulation)
- Uses Generic Routing Encapsulation (GRE) to tunnel layer 2 packets over layer 3 networks.
- VXLAN (Virtual Extensible Local Area Network)
- Uses IP plus UDP to encapsulate layer 2 Ethernet frames within layer 4 UDP datagrams, using 4789 as the default UDP port number.
For information on configuring tunneling protocols on BIG-IP tenants, see
BIG-IP TMOS: Tunneling and IPsec
at techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-tmos-tunnels-ipsec-13-1-0.html.IP tunnel configuration from the CLI
Configure GTP tunnels from the CLI
You can enable or disable GTP
tunnels from the CLI. This enables the use of TEID (tunnel endpoint
identifier) instead of the default L4 port mode for DAG hashing.
This setting applies to all tenants
running on the system.
- Connect using SSH to the management IP address.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Change to config mode.configThe CLI prompt changes to include(config).
- Configure a GPE tunnel.Set toenabledto indicate that TEID is extracted and L4 ports are overloaded with TEID values instead of L4 port values, ordisabledto indicate that there is no change to packet parsing. The default value isdisabled.system settings dag config gtp-u teid-hash {enabled|disabled}
- Commit the configuration changes.commit
- Return to user (operational) mode.end
- Verify the DAG hashing configuration.appliance-1# show system settings dag system settings dag state gtp-u teid-hash enabled
Configure GENEVE tunnels from the CLI
You can configure GENEVE (Generic Network
Virtualization Encapsulation) tunnels from the CLI.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Change to config mode.configThe CLI prompt changes to include(config).
- Create a GENEVE tunnel.iptunnels iptunnel geneve config {disabled|enabled} dport <port>Allowed values fordport(destination port) are in the range of 0 to 65535. The default value is 6081.In this example, you create a tunnel that is enabled with the destination port of 6081:appliance-1(config)# iptunnels iptunnel geneve config enabled dport 6081
- Commit the configuration changes.commit
Configure NVGRE tunnels from the CLI
You can configure NVGRE (Network
Virtualization using Generic Routing Encapsulation) tunnels from the
CLI.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Change to config mode.configThe CLI prompt changes to include(config).
- Create an NVGRE tunnel.iptunnels iptunnel nvgre config ethertype <hex-value>Allowed values forethertypeare a hexadecimal value, with a leading "0x" followed by 4 digits.In this example, you create an NVGRE tunnel:appliance-1(config)# iptunnels iptunnel nvgre config ethertype 0x1234
- Commit the configuration changes.commit
Configure VXLAN tunnels from the CLI
You can configure VXLAN (Virtual
Extensible LAN) tunnels from the CLI.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Change to config mode.configThe CLI prompt changes to include(config).
- Create a VXLAN tunnel.iptunnels iptunnel vxlan dport <port> gpe {disabled|enabled} dport <port> nsh {disabled|enabled}Allowed values fordport(destination port) are in the range of 0 to 65535. The default value for the VXLAN destination port is 4789, and the default value for the GPE destination port is 4790.In this example, you create a tunnel with GPE enabled and NSH disabled:appliance-1(config)# iptunnels iptunnel vxlan dport 4789 gpe enabled dport 4790 nsh disabled
- Commit the configuration changes.commit
IP tunnel configuration from the webUI
Configure GTP tunnels from the webUI
You can enable the GTP (GPRS Tunnelling
Protocol) TEID (tunnel endpoint identifier) hash from the webUI. This enables
the system to use the TEID instead of the default L4 port mode for DAG
hashing.
This setting applies to
all tenants running on the system.
- Log in to the webUI using an account with admin access.
- On the left, click.
- SetGTP-U TEID HashtoEnabledto indicate that TEID is extracted and L4 Ports are overloaded with TEID values instead of L4 port values, orDisabledto indicate that there is no change to packet parsing.The default value isDisabled.
- ClickSave.
All tenants running on the system now
use GTP tunnels.
Configure GENEVE tunnels from the webUI
You can configure the default settings
for GENEVE (Generic Network Virtualization Encapsulation) tunnels from the
webUI.
- Log in to the webUI using an account with admin access.
- On the left, click.
- Under Type, selectGENEVE.
- ClickGENEVEto edit the settings.
- ForEnabled, selectTrueto enable GENEVE tunnels on the system orFalseto disable them.
- ForDestination Port, edit the port number.The range is from 0 to 65535. The default value is 6081.
- ClickSave.
Configure NVGRE tunnels from the webUI
You can configure the default settings
for NVGRE (Network Virtualization using Generic Routing Encapsulation) tunnels
from the webUI.
- Log in to the webUI using an account with admin access.
- On the left, click.
- Under Type, selectNVGRE.
- ClickNVGREto edit the settings.
- ForEtherType, edit the EtherType for NVGRE tunnel traffic.Allowed values are a hexadecimal value, with a leading "0x" followed by 4 digits. The default value is 0x6558 (Transparent Ethernet Bridging).
- ClickSave.
Configure VXLAN tunnels from the webUI
You can configure the default settings
for VXLAN (Virtual Extensible LAN) tunnels from the webUI.
- Log in to the webUI using an account with admin access.
- On the left, click.
- Under Type, selectVXLAN.
- ClickVXLANto edit the settings.
- ForDestination Port, edit the port number.The range is from 0 to 65535. The default value is 4789.
- ForGPE Enabled, selectTrueto enable support for the VXLAN GPE tunnel type on the system orFalseto disable it.
- ForGPE Destination Port, edit the port number.The default value is 4790.
- ForNSH Enabled, selectTrueto enable the VXLAN GPE NSH tunnel type on the system orFalseto disable it.
- ClickSave.
Disable IP tunnels from the webUI
You can disable IP tunnels from the
webUI.
- Log in to the webUI using an account with admin access.
- On the left, click.
- Under Type, clear the check box next to the tunnel type.
- ClickSave.
Reset IP tunnels to default values from the
webUI
You can reset IP tunnels to their
default values from the webUI.
- Log in to the webUI using an account with admin access.
- On the left, click.
- Select a tunnel type.
- ClickReset.
Link Layer Discovery Protocol (LLDP) overview
The
rSeries
system supports Link Layer
Discovery Protocol (LLDP), which is a Layer 2 industry-standard protocol (IEEE
802.1AB) that enables a network device to advertise its identity and
capabilities to multi-vendor neighbor devices on a network. The protocol also
enables a network device to receive information from neighbor devices. LLDP
transmits device information in LLDP frames using the TLV (Type-Length-Value)
format. In general, this protocol:
- Advertises connectivity and management information about the localrSeriesdevice to neighbor devices on the same IEEE 802 LAN.
- Receives network management information from neighbor devices on the same IEEE 802 LAN.
- Operates with all IEEE 802 access protocols and network media.
Configure LLDP from the webUI
Before you can configure LLDP, make sure
that the interfaces you will use are up and running with VLANs
configured.
You can configure LLDP from the webUI.
- Log in to the webUI using an account with admin access.
- On the left, click.
- SetEnable LLDPtoEnabled.
- Type aSystem Nameand optionally, aSystem Description.
- ForTX Interval, enter a number (0-65535) for the interval (in seconds) at which LLDP packets are sent to neighbors. The default value is 30 seconds.
- ForTX Hold, enter a number (0-65535).The default value is 4 seconds.
- ForReinitiate Delay, enter a number (0-65535) to specify the minimum time interval, in seconds, an LLDP port waits before re-initializing an LLDP transmission.The default value is 2 seconds.
- ForTX Delay, enter a number (0-65535) to specify the minimum time delay, in seconds, between successive LLDP frame transmissions.The default value is 2 seconds.
- ForMax Neighbors Per Port, enter a number to specify the maximum number of LLDP neighbors for which LLDP data is retained.The default value is 10.
- In theInterfacestable, select the interface and LAG (if any) for which you want to enable LLDP. Interfaces must be configured one at a time. For each one selected:
- SelectEnabled.
- ForTLV Advertisement State, selectTX(Transmit only),RX(Receive only), orTXRX(Transmit and Receive).
- ForTLV Map, select the TLV device information that you want to transmit and/or receive, such as MAC Phy configuration, management address, MFS (maximum frame size), port description, port ID, and power MDI.
- ClickSave.
- To remove an interface that has been enabled for LLDP:
- In theInterfacestable, select the interface you want to remove.
- ClickRemove.
- ClickSave.
LLDP is configured on the system for the specified
interfaces and LAGs.
Remove LLDP interfaces from the webUI
You can remove LLDP interfaces from the
webUI.
- Log in to the webUI using an account with admin access.
- On the left, click.
- In theInterfacestable, select the interfaces you want to remove.For each interface selected:
- ClickRemove.
- ClickSave.
The LLDP interfaces are removed.
Display LLDP details from the webUI
LLDP enables a network device to advertise
information about itself to other devices on the network and enables network devices to
receive information from neighboring devices. If using LLDP, you can display state
information for the LLDP-enabled interfaces and LAGs on the system. When LLDP is enabled
to receive data in a working network, any device information received from neighbors is
included in a table.
- Log in to the webUI using an account with admin access.
- On the left, click.The screen shows LLDP state information for interfaces in the system (similar to information shown at the CLI usingshow lldp).
- In the Neighbors table, examine the identification, configuration, and capabilities of neighboring devices.This information provides details useful for troubleshooting many configuration problems.
- Set theAuto Refreshinterval for refreshing the data displayed or click the refresh icon to update the data immediately.
Spanning tree protocol (STP) overview
The
rSeries
system supports a set of
industry-standard, Layer 2 protocols known as spanning tree protocols
. A spanning tree is a logical tree-like
depiction of the bridges on a network and the paths that connect them.
Spanning tree protocols block redundant paths on a network, preventing
bridging loops. If a blocked, redundant path is needed later because another
path has failed, the spanning tree protocols clear the path again for
traffic.Spanning tree protocols are supported
only on F5 r5000/r10000 platforms.
The spanning tree protocols that the
rSeries
system supports are:- Spanning Tree Protocol (STP) - 802.1d
- Rapid Spanning Tree Protocol (RSTP) - 802.1w
- Multiple Spanning Tree Protocol (MSTP) - 802.1s
You can configure spanning tree protocols on
the system
from the webUI, CLI, or REST API. Only one
spanning tree protocol can be configured at a time.Central to the way that spanning tree protocols work is the
use of bridge protocol data units (BPDUs). When you enable spanning tree
protocols on Layer 2 devices on a network, the devices send BPDUs to each
other, for the purpose of learning the redundant paths and updating their L2
forwarding tables accordingly, electing a root bridge, building a spanning
tree, and notifying each other about changes in interface status.
The term
bridge
refers to a Layer 2 device such as a switch, bridge, or
hub.When you configure spanning tree on the
rSeries
system, you must first decide which protocol, or mode, you
want to enable. Because MSTP recognizes VLANs, using MSTP is preferable. All bridges in
a network environment that you want to use spanning tree must run the same spanning tree
protocol. If a legacy bridge running RSTP or STP is added to the network, the rSeries
system must switch and also use that same
protocol.You cannot enable STP on individual LAG members. Live
upgrades will not work if STP is not configured correctly; resolve any
configuration issues before upgrading.
You cannot enable STP on interfaces that are configured as virtual
networks. For more information on configuring virtual wire and virtual
networks, see Virtual wire overview.
STP/RSTP/MSTP configuration from the webUI
You can configure Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and
Multiple Spanning Tree Protocol (MSTP) from the webUI by selecting the desired protocol
from the STP Configuration page under Network Settings. You can also disable STP
functionality by selecting
Disabled
.Configure STP from the webUI
You can configure Spanning Tree Protocol (STP) from
the webUI. To disable the use of STP Modes, select
Disabled
.Spanning tree protocols are only
supported on F5 r5000/r10000 platforms.
- Log in to the webUI using an account with admin access.
- On the left, click.
- ForSTP Mode, select:STP(single instance, best on networks with legacy systems).A message warns you that changing modes deletes any existing STP configuration settings. When you clickOK, the selected mode is enabled, and additional options for that mode display (with default values set).
- ForHello Time, specify the time interval, in seconds, that the system transmits spanning tree information (through BPDUs) to adjacent bridges in the network.The default value is 2.
- ForMax Age, specify the length of time, in seconds, that spanning tree information received from other bridges is considered valid.The default value is 20, and the valid range is from 6 to 40.
- ForForwarding Delay, specify the amount of time, in seconds, that the system blocks an interface from forwarding network traffic when the spanning tree algorithm reconfigures a spanning tree.The default value is 15, and the valid range is from 4 to 30. This has no effect when running in RSTP or MSTP unless using an added legacy STP bridge.
- ForHold Count, specify the maximum number of spanning tree frames (BPDUs) that the system can transmit on a port within the Hello Time interval.This ensures that spanning tree frames do not overload the network. The default value is 6, and the valid range is from 1 to 10.
- ForBridge Priority, specify the bridge in the spanning tree with the lowest relative priority becomes the root bridge, which is responsible for managing loop resolution on the network.Configure this setting so that the system never becomes the root bridge. The default value is 32768. The valid range is from 0 to 61440 in multiples of 4096.
- ForInterfaces, select (one at a time) the interfaces and LAGs, if any, for which you want to configure STP and specify these fields:OptionDescriptionCostUsed to calculate the cost of sending spanning tree traffic through the interface to an adjacent bridge or spanning tree region, based on the speed of the interface. The default value is 0, and the valid range is from 0 (lowest) to 200,000,000 (highest).Port PriorityUsed as the port identifier together with the port number. The default value is 128 (when an interface is selected), and the valid range is from 0 (highest) to 240 (lowest) in multiples of 16.Edge PortNeeded only for RSTP or MSTP. When enabled, indicates the interface or LAG is an edge port that does not receive any BPDU frames. Set to EDGE-AUTO, EDGE-ENABLE, or EDGE-DISABLE.If you enable EDGE-ENABLE, and the interface later receives BPDUs, the system disables the setting automatically, because only non-edge interfaces can receive BPDUs.Link TypeSpecifies the type of optimization:
- P2P: Optimizes for point-to-point spanning tree links (connects two spanning tree bridges only). Note that P2P is the only valid STP link type for a LAG.
- Shared: Optimizes for shared spanning tree links (connecting two or more spanning tree bridges).
For more information on the available interfaces and LAGs, see theorLAGsscreens. - ClickSave.The system displays a confirmation dialog confirming whether to change the STP mode.
STP is now set up for use on the
system.
Configure RSTP from the webUI
You can configure Rapid Spanning Tree Protocol
(RSTP) from the webUI. To disable the use of STP Modes, select
Disabled
.Spanning tree protocols are only supported on F5 r5000/r10000
platforms.
- Log in to the webUI using an account with admin access.
- On the left, click.
- ForSTP Mode, selectRSTP(single instance, fast convergence).A message warns you that changing modes deletes any existing STP configuration settings. When you clickOK, the selected mode is enabled, and additional options for that mode are displayed (with default values set).
- ForHello Time, specify the time interval, in seconds, that therSeriessystem transmits spanning tree information (through BPDUs) to adjacent bridges in the network.The default value is 2. For RSTP, maintain this relationship between the Maximum Age and Hello Time options:Max Age >= 2 * (Hello Time + 1)
- ForMax Age, specify the length of time, in seconds, that spanning tree information received from other bridges is considered valid.The default value is 20, and the valid range is from 6 to 40. For RSTP, maintain these relationships between the Maximum Age and the Hello Time and Forward Delay options:Max Age >= 2 * (Hello Time + 1)Max Age <= 2 * (Forward Delay - 1)
- ForForwarding Delay, specify the amount of time, in seconds, that the system blocks an interface from forwarding network traffic when the spanning tree algorithm reconfigures a spanning tree.The default value is 15, and the valid range is from 4 to 30. This has no effect when running in RSTP or MSTP unless using an added legacy STP bridge. For RSTP, maintain these relationships between the Maximum Age and Forward Delay options:Max Age <= 2 * (Forward Delay - 1)
- ForHold Count, specify the maximum number of spanning tree frames (BPDUs) that the system can transmit on a port within the Hello Time interval.This ensures that spanning tree frames do not overload the network. The default value is 6, and the valid range is from 1 to 10.
- ForBridge Priority, specify the bridge in the spanning tree with the lowest relative priority becomes the root bridge, which is responsible for managing loop resolution on the network.Configure this setting so that the system never becomes the root bridge. The default value is 32768. The valid range is from 0 to 61440 in multiples of 4096.
- ForInterfaces, select (one at a time) the interfaces and LAGs, if any, for which you want to configure RSTP and specify these fields:OptionDescriptionCostUsed to calculate the cost of sending spanning tree traffic through the interface to an adjacent bridge or spanning tree region, based on the speed of the interface. The default value is 0, and the valid range is from 0 (lowest) to 200,000,000 (highest).Port PriorityUsed as the port identifier together with the port number. The default value is 128 (when an interface is selected), and the valid range is from 0 (highest) to 240 (lowest) in multiples of 16.Edge PortNeeded only for RSTP or MSTP. When enabled, indicates the interface or LAG is an edge port that does not receive any BPDU frames. Set to EDGE-AUTO, EDGE-ENABLE, or EDGE-DISABLE.If you enable EDGE-ENABLE, and the interface later receives BPDUs, the system disables the setting automatically, because only non-edge interfaces can receive BPDUs.Link TypeSpecifies the type of optimization:
- P2P: Optimizes for point-to-point spanning tree links (connects two spanning tree bridges only). Note that P2P is the only valid STP link type for a LAG.
- Shared: Optimizes for shared spanning tree links (connecting two or more spanning tree bridges).
For more information on the available interfaces and LAGs, see theorLAGsscreens. - ClickSave.The system displays a confirmation dialog confirming whether to change the STP mode.
RSTP is now set up for use on the
system.
Configure MSTP from the webUI
If you want to use Multiple Spanning Tree Protocol
(MSTP) to define a region, you can configure it from the webUI. To disable the use of
STP Modes, select
Disabled
.Spanning tree protocols are only supported on F5 r5000/r10000
platforms.
- Log in to the webUI using an account with admin access.
- On the left, click.
- ForSTP Mode, selectMSTP(multiple instances, fast convergence).
- ForRegion Name, enter a name (string with 1 to 32 characters) that you assign to all bridges in a spanning tree region.A spanning tree region is a group of bridges with identical region names and MSTP revision numbers, as well as identical assignment of VLANs to spanning tree instances. The default value is the bridge MAC address. A region can have multiple members with the same MSTP configuration.
- ForRevision, specify a global revision number that you assign to all bridges in a spanning tree region.The default value is 0, and the valid range is 0 to 65535. All bridges in the same region must have this same configuration revision number.
- ForMax Hop, specify The maximum number of hops that a spanning tree frame (BPDU) can traverse before it is discarded.The default value is 20, and the valid range is from 1 to 255.
- ForHello Time, specify the time interval, in seconds, that the system transmits spanning tree information (through BPDUs) to adjacent bridges in the network.The default value is 2.
- ForMax Age, specify the length of time, in seconds, that spanning tree information received from other bridges is considered valid.The default value is 20, and the valid range is from 1 to 255.
- ForForwarding Delay, specify the amount of time, in seconds, that the system blocks an interface from forwarding network traffic when the spanning tree algorithm reconfigures a spanning tree.The default value is 15, and the valid range is from 4 to 30. This has no effect when running in RSTP or MSTP unless using an added legacy STP bridge.
- ForHold Count, specify the maximum number of spanning tree frames (BPDUs) that the system can transmit on a port within the Hello Time interval.This ensures that spanning tree frames do not overload the network. The default value is 6, and the valid range is from 1 to 10.
- To configure multiple instances for a region, adjust these settings forMSTP Instances:
- UnderInstances, click+.
- In the Add MSTP Instance popup, forInstance ID, enter a positive integer and clickAdd.
- UnderInstances, select one of the instances.Available interfaces are listed below.
- UnderVLANs, select the VLANs to map to this instance.
- ForBridge Priority, configure this setting so that therSeriessystem never becomes the root bridge.The default value is 32768, and the valid range is from 0 to 61440 in multiples of 4096. Each MSTP instance can have its own bridge priority.
- ForInterfaces, select the interfaces (one at a time) that traffic for this instance can use and specify these fields:
OptionDescriptionCostUsed to calculate the cost of sending spanning tree traffic through the interface to an adjacent bridge or spanning tree region, based on the speed of the interface. The default value is 0, and the valid range is from 0 (lowest) to 200,000,000 (highest).Port PriorityUsed as the port identifier together with the port number. The default value is 128 (when an interface is selected), and the valid range is from 0 (highest) to 240 (lowest) in multiples of 16.Edge PortNeeded only for RSTP or MSTP. When enabled, indicates the interface or LAG is an edge port that does not receive any BPDU frames. Set to EDGE-AUTO, EDGE-ENABLE, or EDGE-DISABLE.If you enable EDGE-ENABLE, and the interface later receives BPDUs, the system disables the setting automatically, because only non-edge interfaces can receive BPDUs.Link TypeSpecifies the type of optimization:- P2P: Optimizes for point-to-point spanning tree links (connects two spanning tree bridges only). Note that P2P is the only valid STP link type for a LAG.
- Shared: Optimizes for shared spanning tree links (connecting two or more spanning tree bridges).
- Continue to configure any other instances that you might need.
- ClickSave.The system displays a confirmation dialog confirming whether to change the STP mode.
MSTP is set up for use on the system.
STP/RSTP/MSTP configuration from the CLI
Change STP modes from the
CLI
If you want to change STP modes, you must
first remove the existing STP configuration by deleting the existing mode and
configuration from the CLI.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Change to config mode.configThe CLI prompt changes to include(config).
- Disable the current STP modeno stp global config enabled-protocol STP
- Commit the configuration changes.commit
- Remove the existing interface configuration for STP mode.no stp stp interfaces interface
- Remove the edge port and link type configuration.no stp interfaces interface
- Commit the configuration changes.commit
- Enable another STP mode.stp global config enabled-protocol {MSTP|RAPID_PVST|RSTP|STP}In this example, you enable RSTP:appliance-1(config)# stp global config enabled-protocol RSTP
- Commit the configuration changes.commit
Configure STP from the
CLI
STP is the original spanning tree
protocol, but it is not recommended in VLAN-rich environments due to poor
performance unless required by your configuration. STP can create only one
spanning tree (instance 0) for the entire network, and therefore cannot take
VLANs into account when managing redundant paths. You can configure STP from
the CLI.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Change to config mode.configThe CLI prompt changes to include(config).
- Enable STP.stp global config enabled-protocol {MSTP|RAPID_PVST|RSTP|STP]In this example, you enable STP mode:appliance-1(config)# stp global config enabled-protocol STP
- Configure the bridge-priority so that it is not selected as the root bridge.stp stp config bridge-priority <priority>The priority is used together with the address as a bridge identifier. The range is from 0 (highest) to 61440 (lowest), in increments of 4096. The default value is 32768.In this example, you set the bridge priority to 32768:appliance-1(config)# stp stp config bridge-priority 32768
- Configure interface cost and port priority.stp {global|interfaces|mstp|rstp|stp} interfaces interface <interface> config cost <cost> port-priority <priority>You must configure all interfaces that will be included in STP.The priority is used as the port identifier together with the port number. The port priority range is from 0 (highest) to 240 (lowest) in increments of 16. The default value is 128. The port path cost range is from 0 (lowest) to 20,000,000,000 in increments of 1. The default port path cost is assigned dynamically (cost = 20,000,000,000 / port speed in kbits).In this example, you configure the RSTP to use port 1.0, with an interface cost of 200 and a port priority of 128:appliance-1(config)# stp stp interfaces interface 1.0 config cost 200 port-priority 128
- Commit the configuration changes.commit
Configure RSTP from the CLI
RSTP is an enhancement to STP that
improves spanning tree performance. RSTP can create only one spanning tree
(instance 0) for the entire network, and therefore cannot take VLANs into
account when managing redundant paths. You can configure RSTP from the
CLI.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Change to config mode.configThe CLI prompt changes to include(config).
- Enable RSTP.stp global config enabled-protocol {MSTP|RAPID_PVST|RSTP|STP]The bridge-priority, forwarding-delay, hello-time, hold-count, and max-age have default values, which are recommended for use.In this example, you enable RSTP mode:appliance-1(config)# stp global config enabled-protocol RSTP
- Configure the bridge-priority so that it is not selected as the root bridge.stp {global|interfaces|mstp|rstp|stp} config bridge-priority <priority>The priority is used together with the address as a bridge identifier. The range is from 0 (highest) to 61440 (lowest), in increments of 4096. The default value is 32768.appliance-1(config)# stp rstp config bridge-priority 32768
- Configure interface cost and port priority.stp {global|interfaces|mstp|rstp|stp} interfaces interface <interface> config cost <cost> port-priority <priority>You must configure all interfaces that will be included in STP.The priority is used as the port identifier together with the port number. The port priority range is from 0 (highest) to 240 (lowest) in increments of 16. The default value is 128. The port path cost range is from 0 (lowest) to 20,000,000,000 in increments of 1. The default port path cost is assigned dynamically (cost = 20,000,000,000 / port speed in kbits).In this example, you configure the RSTP to use port 1.0, with an interface cost of 200 and a port priority of 128:appliance-1(config)# stp rstp interfaces interface 1.0 config cost 200 port-priority 128
- Configure interface edge-port and link-type.stp interfaces interface <interface> config edge-port {EDGE_AUTO|EDGE_DISABLE|EDGE_ENABLE} link-type {P2P|SHARED}You must configure all interfaces that will be included in STP.In this example, you configure port 2.0 to set the interface as an EDGE_AUTO port that uses point-to-point spanning tree links:appliance-1(config)# stp interfaces interface 2.0 config edge-port EDGE_AUTO link-type P2P
- Commit the configuration changes.commit
Configure MSTP from the CLI
MSTP is an enhancement to RSTP and
is the preferred spanning tree protocol (STP) for the
rSeries
system. MSTP is specifically designed to understand
VLANs and VLAN tagging (specified in IEEE 802.1q). MSTP allows for multiple
spanning tree instances. Each instance corresponds to a spanning tree and can
control one or more VLANs that you specify when you create the instance. Thus,
for any rSeries
system interface that
you assigned to multiple VLANs, MSTP can block a path on one VLAN, while still
keeping a path in another VLAN open for traffic. You can
configure MSTP from the CLI. The spanning tree algorithm automatically
groups bridges into regions, based on the values you assign to the MSTP
configuration name, revision number, instance numbers, and instance
members.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Change to config mode.configThe CLI prompt changes to include(config).
- Enable MSTP.stp mstp config name <region-name> revision <revision>Thenameoption is a string <= 32 characters, and the default value is the bridge MAC address. Therevisionoption is a range from 0 to 65535, and the default value is 0. Theforwarding-delay,hello-time,hold-count,max-age, andmax-hopoptions have default values, which are recommended for use.Thenameandrevisionoptions together form the common identifier of the BPDUs within the region. They must be identical on all bridges in the region.
- Create an MSTP instance.stp mstp mst-instances mst-instance <integer> config mst-id <integer>In this example, you create an instance named test with the default revision level (0):appliance-1(config)# stp mstp config name test revision 0
- Configure VLANs for the MSTP instance.vlans vlan <vlan-id>The VLANs must already exist.In this example, you create VLANs 300 and 301:appliance-1(config)# vlans vlan 300 appliance-1(config-vlan-300)# vlans vlan 301In this example, you assign VLANs 300 and 301 to MSTP instance 1:appliance-1(config)# stp mstp mst-instances mst-instance 1 config vlan [ 300 301 ]
- Exit to the top level of the configuration hierarchy.top
- Configure bridge priority for the MSTP instance.stp mstp mst-instances mst-instance <instance> config bridge-priority <priority>Each MSTP instance can have its own priority. The priority is used together with the address as a bridge identifier. The default value is 32768, and the range is from 0 (highest) to 61440 (lowest) in multiples of 4096.In this example, you configure MTSP instance 1 with a bridge priority of 32768:appliance-1(config)# stp mstp mst-instances mst-instance 1 config bridge-priority 32768
- Exit to the top level of the configuration hierarchy.top
- Configure interface cost and port priority.stp mstp mst-instances mst-instance <instance> interface interface <interface> config cost <cost> port-priority <priority>You must configure all interfaces that will be included in STP.The priority is used as the port identifier together with the port number. The port priority range is from 0 (highest) to 240 (lowest) in increments of 16. The default value is 128. The port path cost range is from 0 (lowest) to 20,000,000,000 in increments of 1. The default port path cost is assigned dynamically (cost = 20,000,000,000 / port speed in kbits).In this example, you configure MSTP instance 1 to use port 1.0, with an interface cost of 200 and a port priority of 128:appliance-1(config)# stp mstp mst-instances mst-instance 1 interfaces interface 1.0 config cost 200 port-priority 128
- Exit to the top level of the configuration hierarchy.top
- Configure interface edge-port and link-type.stp interfaces interface <interface> config edge-port {EDGE_AUTO|EDGE_DISABLE|EDGE_ENABLE} link-type {P2P|SHARED}You must configure all interfaces that will be included in STP.In this example, you configure port 2.0 to set the interface as an EDGE_AUTO port that uses point-to-point spanning tree links:appliance-1(config)# stp interfaces interface 2.0 config edge-port EDGE_AUTO link-type P2PThese settings speed up convergence time by eliminating the learning state on ports that do not receive BPDUs. This configuration is cancelled automatically upon reception of a BPDU.
- Commit the configuration changes.commit
Virtual wire overview
A virtual wire (also known as L2 inline service) logically
connects either two interfaces/physical ports or two LAGs, to each other. This
enables the system to forward traffic from one interface to another, in either
direction. Packets received on a virtual-wire interface are forwarded to the
other endpoint of the virtual wire.
The endpoints of a
virtual wire must be of the same type. For example, you cannot mix an
interface and a LAG in a virtual wire.
A virtual network forms an internal virtual L2/L3 network in
the system. Each virtual network has its own set of external network endpoints
and can be configured using one of two modes: default and virtual-wire.
After you create a virtual wire, you can attach it to a
tenant. A single tenant can use multiple virtual networks.
Virtual wire is supported only on
F5 r5000/r10000 platforms.
You cannot enable spanning tree protocol (STP) on interfaces
that are configured as virtual networks. For more information on configuring
STP, see Spanning tree protocol (STP) overview.
Virtual wire configuration from the CLI
Configure virtual networks from the CLI
You can configure virtual networks with a
specified mode from the CLI.
Only STATIC LAGs (not LACP)
support virtual networks.
- Connect using SSH to the management IP address.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Change to config mode.configThe CLI prompt changes to include(config).
- Create a virtual network.You cannot create a virtual wire using this virtual network if you specifydefaultfor themodeoption.virtual-networks virtual-network <name> config mode {default|virtual-wire}This example creates a virtual network named vn1:appliance-1(config)# virtual-networks virtual-network vn1 config mode virtual-wire
- Exit to the top level of the configuration hierarchy.top
- Create a second virtual network if you plan to configure a virtual wire (a virtual wire must include exactly two virtual networks).You cannot create a virtual wire using this virtual network if you specifydefaultfor themodeoption.virtual-networks virtual-network <name> config mode {default|virtual-wire}This example creates a virtual network named vn2:appliance-1(config)# virtual-networks virtual-network vn2 config mode virtual-wire
- Exit to the top level of the configuration hierarchy.top
- Commit the configuration changes.commit
After you have configured two virtual networks, you can associate these
networks with an interface or STATIC LAG.
Configure the interface/LAG for virtual networks from
the CLI
You can configure the interface or
STATIC LAG to associate with two previously-configured virtual networks from
the CLI.
- Connect using SSH to the management IP address.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Change to config mode.configThe CLI prompt changes to include(config).
- Associate an interface or STATIC LAG with a virtual network.interfaces interface <interface-or-lag-name> {ethernet|aggregation} config virtual-networks <virtual-network>This example associates interface 1.0 with a virtual network named vn1:appliance-1(config)# interfaces interface 1.0 ethernet config virtual-networks vn1This example associates LAG-11 with a virtual network named vn1:appliance-1(config)# interfaces interface LAG-11 aggregation config virtual-networks vn1
- Exit to the top level of the configuration hierarchy.top
- Associate a different interface or STATIC LAG with the other virtual network.interfaces interface <interface-or-lag> ethernet config virtual-networks <virtual-network>This example associates interface 2.0 with a virtual network named vn2:appliance-1(config)# interfaces interface 2.0 ethernet config virtual-networks vn2This example associates LAG-12 with a virtual network named vn12:appliance-1(config)# interfaces interface LAG-12 aggregation config virtual-networks vn2
- Exit to the top level of the configuration hierarchy.top
- Commit the configuration changes.commit
After you have associated the virtual networks with an interface or LAG,
you can create a virtual wire that uses these virtual networks.
Configure a virtual wire from the CLI
You can configure a virtual wire
from the CLI.
- Connect using SSH to the management IP address.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Change to config mode.configThe CLI prompt changes to include(config).
- Create a virtual wire.virtual-wires virtual-wire <name> config virtual-networks [ <virtual-networks> ] vwire-propagate-linkstatus {false|true}This example creates a virtual wire named vwire that includes virtual networks named vn1 and vn2. It also specifies that link status is propagated, which means that if one interface in the virtual wire loses its connection (link down), that state propagates to the other interface in the virtual wire.appliance-1(config)# virtual-wires virtual-wire vwire config virtual-networks [ vn1 vn2 ] vwire-propagate-linkstatus true
- Commit the configuration changes.commit
After you have created virtual networks and a virtual wire, you can add a
virtual wire to a tenant.
Add a virtual wire to a tenant from the CLI
You can add a virtual wire to a
configured tenant from the CLI.
- Connect using SSH to the management IP address.
- Log in to the command line interface (CLI) of the system using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Change to config mode.configThe CLI prompt changes to include(config).
- Add a virtual wire to a tenant.tenants tenant <tenant-name> config virtual-wires <virtual-wire-name>This example adds a virtual wire named vwire to a tenant named bigip:appliance-1(config)# tenants tenant bigip config virtual-wires vwire
- Commit the configuration changes.commit
- Return to user (operational) mode.end
- Verify the tenant configuration.A summary similar to this excerpt displays:appliance-1# show tenants tenant bigip tenants tenant bigip state unit-key-hash ab3yFvh6S/23DuLw6JQ1jaw72rZllkn734sgLOCAyU3ffr2JL9Y798E+AJdY8wTmV+auiNQ9amIy60KC/DALww== state type BIG-IP state image BIGIP-bigip15.1.x-europa-15.1.8-0.0.371.ALL-F5OS.qcow2.zip.bundle state mgmt-ip 192.0.2.75 state prefix-length 24 state gateway 192.0.2.254 state vlans [ 100 ] state cryptos enabled state vcpu-cores-per-node 4 state memory 14848 state storage size 77 state running-state deployed state appliance-mode disabled state status Running state primary-slot 1 state image-version "BIG-IP 15.1.8 0.0.371" state virtual-wires [ vwire ] state mac-data base-mac 00:94:a1:69:61:14 state mac-data mac-pool-size 1 ...
Virtual wire configuration from the webUI
Configure virtual networks from the webUI
You can create a virtual network with a specified mode and interface members or
link aggregation groups (LAGs).
Only STATIC LAGs (not LACP)
support virtual networks.
- Log in to the webUI using an account with admin access.
- On the left, click.
- In the Virtual Networks area, clickAdd.
- ForName, enter a name for the virtual network.
- ForMode, selectvirtual-wire.You cannot create a virtual wire using this virtual network if you selectdefault.
- ForMember, select from available interface members and STATIC LAGs.
- ClickSave & Close.
After you have configured virtual networks, you can create virtual wires
that use these virtual networks.
Configure virtual wires from the webUI
You can create a virtual wire that
includes exactly two virtual networks.
- Log in to the webUI using an account with admin access.
- On the left, click.
- In the Virtual Wires area, clickAdd.
- ForName, enter a name for the virtual network.
- ForPropagate Link Status, select either whether to specify that if one interface in the virtual wire loses its connection (link is own), that state propagates to the other interface in the virtual wire.The default value isFalse.
- ForVirtual Networks, select exactly two existing virtual networks to add to this virtual wire.The virtual wire networks must have the same member type (either interface or LAG). Mixing types is not supported. Also, each virtual network must have the same number of configured members.
- ClickSave & Close.
After you have configured virtual networks and virtual wires, you can assign
virtual wires to a tenant.
Add a virtual wire to a tenant from the webUI
You can add a virtual wire to a
configured tenant from the webUI.
- Log in to the webUI using an account with admin access.
- On the left, click.The Tenant Deployment screen displays showing the existing tenant deployments and associated details.
- Click the name of the tenant deployment you want to modify.The Tenant Deployment screen displays.
- ForVirtual Wires, select configured virtual wires to be used by the tenant.This field displays only when virtual wires are configured on the system.
- ClickSave & Close.
The tenant is reconfigured to use the
selected virtual wires.