Applies To:
Show VersionsBIG-IP AAM
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
BIG-IP APM
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
BIG-IP GTM
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
BIG-IP Link Controller
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
BIG-IP LTM
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
BIG-IP AFM
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
BIG-IP PEM
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
BIG-IP ASM
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
Overview: Configuring basic system settings
Whether you implement an ECMP-based all-active device group using SNAT Auto Map or by creating SNAT pools, you must first perform some basic Traffic Management Operating System (TMOS) tasks. These basic tasks pertain to licensing and DNS confirmation, and NTP server configuration, followed by tasks to create VLANs and self IP addresses. Other tasks pertain to creating a BIG-IP device group along with an administrative partition for local traffic objects.
After configuring these TMOS objects, you can choose to implement either the SNAT Automap or the SNAT pool use case.
Task List
Confirming the contents of the BIG-IP license
On each BIG-IP device that you intend to include in the cluster, you must verify that the license includes the advanced routing modules for dynamic routing.
- Access the BIG-IP system by logging in to the BIG-IP Configuration utility with your user credentials.
- On the Main tab, click .
- In the Active Modules division of the properties, verify that Routing Bundle appears in the list of active modules.
Viewing the DNS server configuration
Specifying a list of NTP servers
Creating VLANs
VLANs represent a logical collection of hosts that can share network resources, regardless of their physical location on the network. You create a VLAN to associate physical interfaces with that VLAN. For this implementation, F5 Networks recommends that you create three VLANs on each BIG-IP device: a VLAN for the external network, a VLAN for the internal network, and a VLAN for high availability communications.
Creating self IP addresses
Self IP addresses enable the BIG-IP system, and other devices on the network, to route application traffic through the associated VLAN. For this implementation, you perform this task on each BIG-IP device to create a unique static self IP address for each of the three VLANs (external, internal, and high availability). In this task, you replace any sample self IP names or IP addresses with the relevant self IP names or addresses for your network.
Sample self IP addresses for BIG-IP devices
This table shows sample IP addresses for BIG-IP devices, along with explanatory information.
BIG-IP device | Self IP address | Associated VLAN | Purpose |
---|---|---|---|
Bigip_1 | 20.1.1.2 | External | The upstream ECMP router uses this address to load balance traffic to the virtual server on Bigip_1. |
10.1.1.2 | Internal | This is the address that other device group members use when synchronizing a configuration to Bigip_1. | |
10.1.2.2 | High availability | This the address that other device group members use for high availability communications with Bigip_1. | |
Bigip_2 | 20.1.1.3 | External | The upstream ECMP router uses this address to load balance traffic to the virtual server on Bigip_2. |
10.1.1.3 | Internal | This is the address that other device group members use when synchronizing a configuration to Bigip_2. | |
10.1.2.3 | High availability | This the address that other device group members use for high availability communications with Bigip_2. | |
Bigip_3 | 20.1.1.4 | External | The upstream ECMP router uses this address to load balance traffic to the virtual server on Bigip_3. |
10.1.1.4 | Internal | This is the address that other device group members use when synchronizing a configuration to Bigip_3. | |
10.1.2.4 | High availability | This the address that other device group members use for high availability communications with Bigip_3. |
Enabling dynamic routing protocols for route domain 0
Specifying an IP address for config sync
Establishing device trust
Before you begin this task, verify that:
- Each BIG-IP device that is to be part of the local trust domain has a device certificate installed on it.
- The local device is designated as a certificate signing authority.
You perform this task to establish trust among devices on one or more network segments. Devices that trust each other constitute the local trust domain. A device must be a member of the local trust domain prior to joining a device group.
By default, the BIG-IP software includes a local trust domain with one member, which is the local device. You can choose any one of the BIG-IP devices slated for a device group and log into that device to add other devices to the local trust domain. For example, devices Bigip_1, Bigip_2, and Bigip_3 each initially shows only itself as a member of the local trust domain. To configure the local trust domain to include all three devices, you can simply log into device Bigip_1 and add devices Bigip_2 and Bigip_3 to the local trust domain; there is no need to repeat this process on devices Bigip_2 and Bigip_3.
- On the Main tab, click Peer List or Subordinate List. , and then either
- Click Add.
-
Type a device IP address, administrator user name, and administrator password
for the remote BIG-IP device with which you want to
establish trust. The IP address you specify depends on the type of BIG-IP
device:
- If the BIG-IP device is an appliance, type the management IP address for the device.
- If the BIG-IP device is a VIPRION device that is not licensed and provisioned for vCMP, type the primary cluster management IP address for the cluster.
- If the BIG-IP device is a VIPRION device that is licensed and provisioned for vCMP, type the cluster management IP address for the guest.
- If the BIG-IP device is an Amazon Web Services EC2 device, type one of the Private IP addresses created for this EC2 instance.
- Click Retrieve Device Information.
- Verify that the certificate of the remote device is correct.
- Verify that the management IP address and name of the remote device are correct.
- Click Finished.
Creating a Sync-Only device group
Syncing the BIG-IP configuration to the device group
Creating an administrative partition
Changing the current partition
- Locate the Partition list in the upper right corner of the BIG-IP Configuration utility screen, to the left of the Log out button.
- From the Partition list, select the partition in which you want to create local traffic objects.