F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Centers
  3. BIG-IP LTM
  4. BIG-IP TMOS: Tunneling and IPsec
  5. Configuring an EtherIP Tunnel
Manual Chapter : Configuring an EtherIP Tunnel

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 12.1.4, 12.1.3, 12.1.2, 12.1.1, 12.1.0

BIG-IP APM

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1, 12.1.0

BIG-IP LTM

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1, 12.1.0

BIG-IP AFM

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1, 12.1.0

BIG-IP ASM

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1, 12.1.0
Manual Chapter
Table of Contents | << Previous Chapter | Next Chapter >>

Configuring an EtherIP Tunnel

Overview: Preserving BIG-IP connections during live virtual machine migration

In some network configurations, the BIG-IP® system is configured to send application traffic to destination servers that are implemented as VMware® virtual machines (VMs). These VMs can undergo live migration, using VMware vMotion, across a wide area network (WAN) to a host in another data center. Optionally, an iSession® tunnel could provide WAN optimization.

To preserve any existing connections between the BIG-IP system and a virtual machine while the virtual machine migrates to another data center, you can create an EtherIP tunnel.

An EtherIP tunnel is an object that you create on each of two BIG-IP systems that sit on either side of a WAN. The EtherIP tunnel uses the industry-standard EtherIP protocol to tunnel Ethernet and IEEE 802.3 media access control (MAC) frames across an IP network. The two EtherIP tunnel objects together form a tunnel that logically connects two data centers. When the application traffic that flows between one of the BIG-IP systems and the VM is routed through the EtherIP tunnel, connections are preserved during and after the VM migration.

After you have configured the BIG-IP system to preserve connections to migrating VMs, you can create a Virtual Location monitor for the pool. A Virtual Location monitor ensures that the BIG-IP system sends connections to a local pool member rather than a remote pool one, when some of the pool members have migrated to a remote data center.

Tip: The BIG-IP system that is located on each end of an EtherIP tunnel can be part of a redundant system configuration. Make sure that both units of any redundant system configuration reside on the same side of the tunnel.

Illustration of EtherIP tunneling in a VMotion environment

EtherIP tunneling in a vMotion environment

EtherIP tunneling in a VMware vMotion environment

Task summary

Implement an EtherIP tunneling configuration to prevent the BIG-IP® system from dropping existing connections to migrating virtual machines in a VMware VMotion environment.

Important: Perform these tasks on the BIG-IP system in both the local data center and the remote data center.

Task List

Creating a VLAN

VLANs represent a logical collection of hosts that can share network resources, regardless of their physical location on the network. You create a VLAN to associate physical interfaces with traffic destined for a specific address space. For the most basic BIG-IP® system configuration with redundancy enabled, you typically create multiple VLANs. That is, you create a VLAN for each of the internal and external networks, as well as a VLAN for high availability communications. If your hardware platform supports ePVA, you have the additional option of configuring double tagging (also known as Q-in-Q tagging) for a VLAN.

  1. On the Main tab, click Network > VLANs .
    The VLAN List screen opens.
  2. Click Create.
    The New VLAN screen opens.
  3. In the Name field, type a unique name for the VLAN.
  4. In the Tag field, type a numeric tag, between 1-4094, for the VLAN, or leave the field blank if you want the BIG-IP system to automatically assign a VLAN tag.
    The VLAN tag identifies the traffic from hosts in the associated VLAN.
  5. From the Customer Tag list:
    1. Retain the default value of None or select Specify.
    2. If you chose Specify in the previous step, type a numeric tag, between 1-4094, for the VLAN.
    The customer tag specifies the inner tag of any frame passing through the VLAN.
  6. For the Interfaces setting:
    1. From the Interface list, select an interface number or trunk name.
    2. From the Tagging list, select Tagged or Untagged.
      Select Tagged when you want traffic for that interface to be tagged with a VLAN ID.
    3. If you specified a numeric value for the Customer Tag setting and from the Tagging list you selected Tagged, then from the Tag Mode list, select a value.
    4. Click Add.
    5. Repeat these steps for each interface or trunk that you want to assign to the VLAN.
  7. If you want the system to verify that the return route to an initial packet is the same VLAN from which the packet originated, select the Source Check check box.
  8. In the MTU field, retain the default number of bytes (1500).
  9. From the Configuration list, select Advanced.
  10. If you want to base redundant-system failover on VLAN-related events, select the Fail-safe check box.
  11. From the Auto Last Hop list, select a value.
  12. From the CMP Hash list, select a value.
  13. To enable the DAG Round Robin setting, select the check box.
  14. Configure the sFlow settings or retain the default values.
  15. Click Finished.
    The screen refreshes, and displays the new VLAN in the list.
After you create the VLAN, you can assign the VLAN to a self IP address.
After creating the VLAN, ensure that you repeat this task to create as many VLANs as needed.

Creating an EtherIP tunnel object

Before you perform this task, you must know the self IP address of the instance of the VLAN that exists, or will exist, on the BIG-IP® system in the other data center.
The purpose of an EtherIP tunnel that contains an EtherIP type of profile is to enable the BIG-IP system to preserve any current connections to a server that is using VMware vMotion for migration to another data center.
  1. On the Main tab, click Network > Tunnels > Tunnel List > Create .
    The New Tunnel screen opens.
  2. In the Name field, type a unique name for the tunnel.
  3. From the Profile list, select etherip.
  4. In the Local Address field, type the self IP address of the local BIG-IP system.
  5. In the Remote Address field, type the self IP address of the remote BIG-IP system.
  6. If the BIG-IP system is part of an HA cluster, select the corresponding traffic group from the Traffic Group list.
  7. Click Finished.

Creating a VLAN group

VLAN groups consolidate Layer 2 traffic from two or more separate VLANs.
  1. On the Main tab, click Network > VLANs > VLAN Groups .
    The VLAN Groups list screen opens.
  2. Click Create.
    The New VLAN Group screen opens.
  3. In the Name field, type a unique name for the VLAN group.
  4. For the VLANs setting, select the EtherIP tunnel that you created (which appears in the VLAN list) and the VLAN that connects to the host where the VMs exist, and using the Move button (<<), move your selections from the Available list to the Members list.
  5. From the Transparency Mode list, select Transparent.
  6. Select the Bridge All Traffic check box if you want the VLAN group to forward all frames, including non-IP traffic.
    The default setting is disabled (not selected).
  7. Select the Bridge in Standby check box if you want the VLAN group to forward frames, even when the system is the standby unit of a redundant system.
  8. Click Finished.

Creating a self IP address

Before you create a self IP address, ensure that you have created a VLAN that you can associate with the self IP address.

A self IP address enables the BIG-IP® system and other devices on the network to route application traffic through the associated VLAN or VLAN group. When you do not intend to provision the vCMP® feature, you typically create self IP addresses when you initially configure the BIG-IP system on the VIPRION® platform.

If you plan to provision vCMP, however, you do not need to create self IP addresses during initial BIG-IP system configuration. Instead, the host administrator creates VLANs for use by guests, and the guest administrators create self IP addresses to associate with those VLANs.

  1. On the Main tab, click Network > Self IPs .
  2. Click Create.
    The New Self IP screen opens.
  3. In the Name field, type a unique name for the self IP address.
  4. In the IP Address field, type an IPv4 or IPv6 address.
    This IP address should represent the address space of the VLAN that you specify with the VLAN/Tunnel setting.
  5. In the Netmask field, type the full network mask for the specified IP address.
  6. From the VLAN/Tunnel list, select the VLAN to associate with this self IP address.
    • On the internal network, select the internal or high availability VLAN that is associated with an internal interface or trunk.
    • On the external network, select the external VLAN that is associated with an external interface or trunk.
  7. From the Port Lockdown list, select Allow Default.
  8. If the BIG-IP system is part of a redundant system configuration, select the corresponding traffic group from the Traffic Group list.
  9. Click Finished.
    The screen refreshes, and displays the new self IP address.
After you perform this task, the BIG-IP system can send and receive traffic through the specified VLAN or VLAN group. If the self IP address is member of a floating traffic group and you configure the system for redundancy, the self IP address can fail over to another device group member if necessary.

Creating a self IP for a VLAN group

Before you create a self IP address, ensure that you have created at least one VLAN group.
You perform this task to create a self IP address for a VLAN group. The self IP address for the VLAN group provides a route for packets destined for the network. With the BIG-IP® system, the path to an IP network is a VLAN. However, with the VLAN group feature used in this procedure, the path to the IP network 10.0.0.0 is actually through more than one VLAN. As IP routers are designed to have only one physical route to a network, a routing conflict can occur. With a self IP address on the BIG-IP system, you can resolve the routing conflict by associating a self IP address with the VLAN group.
  1. On the Main tab, click Network > Self IPs .
  2. Click Create.
    The New Self IP screen opens.
  3. In the Name field, type a unique name for the self IP address.
  4. In the IP Address field, type an IPv4 address.
    This IP address should represent the address space of the VLAN group that you specify with the VLAN/Tunnel setting.
  5. In the Netmask field, type the network mask for the specified IP address.
    For this example, type 255.255.255.0.
  6. From the VLAN/Tunnel list, select the VLAN group with which to associate this self IP address.
  7. From the Port Lockdown list, select Allow Default.
  8. If the BIG-IP system is part of a redundant system configuration, select the corresponding traffic group from the Traffic Group list.
  9. Click Finished.

Creating a Virtual Location monitor

When the BIG-IP® system is directing application traffic to pool members that are implemented as virtual machines, you should configure a Virtual Location type of monitor on the BIG-IP system. A Virtual Location monitor determines if a pool member is local to the data center or remote, and assigns a priority group to the pool member accordingly. The monitor assigns remote pool members a lower priority than local members, thus ensuring that the BIG-IP directs application requests to local pool members whenever possible.
  1. On the Main tab, click Local Traffic > Monitors .
    The Monitor List screen opens.
  2. Click Create.
    The New Monitor screen opens.
  3. Type my_virtual_location_monitor in the Name field.
  4. From the Type list, select Virtual Location.
  5. From the Configuration list, select Advanced.
  6. Retain the default value (in seconds) of 5 in the Interval field.
  7. Retain the default value of Disabled in the Up Interval list.
  8. Retain the default value (in seconds) of 0 in the Time Until Up field.
  9. Retain the default value (in seconds) of 16 in the Timeout field.
  10. Type the name of the pool that you created prior to configuring EtherIP tunneling in the Pool Name field.
  11. Click Finished.
After configuring the Virtual Location monitor, the BIG-IP system assigns each member of the designated pool a priority group value to ensure that incoming connections are directed to a local pool member whenever possible.
F5 Networks recommends that you verify that BIG-IP® DNS has automatically assigned a BIG-IP type of monitor to BIG-IP® Local Traffic Manager™ (LTM®). A BIG-IP type of monitor can use the priority group assigned to each pool member to retrieve a gtm_score value.

Syncing the BIG-IP configuration to the device group

Before you sync the configuration, verify that the devices targeted for config sync are members of a device group and that device trust is established.
This task synchronizes the BIG-IP® configuration data from the local device to the devices in the device group. This synchronization ensures that devices in the device group operate properly. When synchronizing self IP addresses, the BIG-IP system synchronizes floating self IP addresses only.
Important: You perform this task on either of the two devices, but not both.
  1. On the Main tab, click Device Management > Overview .
  2. In the Device Groups area of the screen, from the Name column, select the name of the relevant device group.
    The screen expands to show a summary and details of the sync status of the selected device group, as well as a list of the individual devices within the device group.
  3. In the Devices area of the screen, from the Sync Status column, select the device that shows a sync status of Changes Pending.
  4. In the Sync Options area of the screen, select Sync Device to Group.
  5. Click Sync.
    The BIG-IP system syncs the configuration data of the selected device in the Device area of the screen to the other members of the device group.
After performing this task, all BIG-IP configuration data that is eligible for synchronization to other devices is replicated on each device in the device group.

Implementation result

After you configure EtherIP tunneling on the BIG-IP system, you must perform the same configuration procedure on the BIG-IP system in the remote data center to fully establish the EtherIP tunnel.

After the tunnel is established, the BIG-IP system preserves any open connections to migrating (or migrated) virtual machine servers.

Table of Contents | << Previous Chapter | Next Chapter >>
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5 Networks, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information