Manual Chapter : Deploying BIG-IP Virtual Edition in ESXi

Applies To:

Show Versions Show Versions

BIG-IP DNS

  • 13.1.1, 13.1.0

BIG-IP Analytics

  • 13.1.1, 13.1.0

BIG-IP AFM

  • 13.1.1, 13.1.0

BIG-IP PEM

  • 13.1.1, 13.1.0

BIG-IP ASM

  • 13.1.1, 13.1.0

BIG-IP AAM

  • 13.1.1, 13.1.0

BIG-IP APM

  • 13.1.1, 13.1.0

BIG-IP LTM

  • 13.1.1, 13.1.0
Manual Chapter

Deploy BIG-IP VE on ESXi

To create a BIG-IP® VE virtual appliance, download a template from F5® and deploy it in your environment.
  1. In a browser, open the F5 Downloads page (https://downloads.f5.com) and log in.
  2. On the Downloads Overview page, select Find a Download.
  3. Under Product Line, select BIG-IP v13.x/Virtual Edition.
  4. Under Name, select Virtual-Edition.
  5. If the End User Software License is displayed, read it and then click I Accept.
  6. Download one of the files that ends with scsi.ova.
  7. Start the vSphere client and log in.
  8. From the vSphere File menu, choose Deploy OVF Template.
  9. Browse to the .ova file and click Next.
    The template is verified.
  10. Click Next and complete the wizard. Note the following.
    Section Details
    Configuration Choose from the available configurations. You can change CPU or RAM later.
    Storage If you decide to increase storage later, you must also adjust the BIG-IP directories to use the extra storage space. See Increasing disk space for BIG-IP® VE for details.
    Datastore Choose Thick for production environments. Thin is sufficient for lab environments.
    Source Networks The wizard leads you through creating four networks: internal, external, management, and high availability (HA).
    Ready to Complete If you want to deploy with the four default networks, then select the Power on after deployment check box. If you want a single NIC deployment, do not select this check box.
  11. Click Finish.
  12. For a single NIC deployment, edit the virtual machine's properties and remove Network adapter 2, 3, and 4.

The virtual machine is created, as well as two user accounts.

  • The root account provides access locally, using SSH, or the F5 Configuration utility. The root account password is default.
  • The admin account provides access through the web interface. The admin account password is admin.

You should change passwords for both accounts before bringing a system into production.

If you need to create a redundant configuration, place the two BIG-IP VE virtual appliances (the active-standby pair) on separate physical hosts. You can accomplish this in one of two ways:
  • Manually create a virtual machine peer on each host.
  • If you are using VMware Dynamic Resource Scheduler (DRS), create a DRS rule with the Separate Virtual Machine option that includes each BIG-IP VE in the pair.

Setting the BIG-IP VE management IP address and passwords

When you deploy BIG-IP VE:

  • If you have DHCP in your environment, a management IP address is assigned.
  • If you do not have DHCP, a generic management IP address (192.168.1.245) is assigned.
  • A password is assigned to the default accounts: root (default) and admin (admin).

In ESXi 5.5 u2, 6.0, 6.5, and later, in BIG-IP VE 13.1.0.2 and later, you can specify a specific management IP address (IPv4 or IPv6) and different default passwords.

There are many different ways to do this.

  • Before deploy, by editing the OVA file's properties:
    • By using the Common OVF Tool (COT)
    • By editing the OVA descriptor file, or
    • By using the VMware OVF tool
    • By using the tool of your choice
  • During deploy, by using the API of your choice to set the vApp properties
  • After deploy:
    • By manually updating the vApp properties
    • By using a Custom Specification
    • By using the BIG-IP management config tool
Important: This functionality is supported in a multi-NIC environment only.

Use Common OVF Tool to set management IP address and default passwords

You can edit the OVA (template) properties so that when you deploy BIG-IP VE, you can specify values for the management IP address and default passwords.

To edit the OVA, you can use the Common OVF Tool (COT).

For more information about COT, see http://cot.readthedocs.io/en/latest.

  1. Copy the OVA to a machine with enough free space (at least two times the OVA file size).
  2. Run a command like the following:
    cot edit-properties <source filename>.ova -p net.mgmt.addr=""+string -p net.mgmt.gw=""+string -p user.root.pwd=""+string -p user.admin.pwd=""+string -u -o <destination filename>.ova
The OVA properties are updated.
Then, when you deploy the OVA file, you can specify the values.
Note: After you set the IP address and password, if you want to set it again, you must first delete this file on BIG-IP: /shared/vadc/.ve_cust_done

OVA properties file for setting management IP address and default passwords

You can edit the OVA (template) properties so that when you deploy BIG-IP VE, you can specify values for the management IP address and default passwords.

Before deploy, you can extract the contents of the OVA file to edit the OVF properties directly.

Modify the OVF file and add the following properties to the <ProductSection> area of the descriptor file.

<Category>Network properties</Category>  
  <Property ovf:key="net.mgmt.addr" ovf:type="string" ovf:value="" ovf:userConfigurable="true">    
    <Label>mgmt-addr</Label>    
    <Description>F5 BIG-IP VE's management address in the format of "IP/prefix"</Description>  
  </Property>  
  <Property ovf:key="net.mgmt.gw" ovf:type="string" ovf:value="" ovf:userConfigurable="true">    
    <Label>mgmt-gw</Label>    
    <Description>F5 BIG-IP VE's management default gateway</Description>  
  </Property>
<Category>User properties</Category>  
  <Property ovf:key="user.root.pwd" ovf:type="string" ovf:value="" ovf:userConfigurable="true">    
    <Label>root-pwd</Label>    
    <Description>F5 BIG-IP VE's SHA-512 shadow or plain-text password for "root" user</Description>  
  </Property>  
  <Property ovf:key="user.admin.pwd" ovf:type="string"ovf:value="" ovf:userConfigurable="true">    
    <Label>admin-pwd</Label>    
    <Description>F5 BIG-IP VE's SHA-512 shadow or plain-text password for "admin" user</Description>  
  </Property>

OVF tool for setting management IP address and default passwords

You can edit the OVA (template) properties so that when you deploy BIG-IP VE, you can specify values for the management IP address and default passwords.

Using VMware’s OVF tool, here is an example of code you would use to deploy BIG-IP VE with these settings.
ovftool
     --sourceType=OVA \ 
     --acceptAllEulas \ 
     --noSSLVerify \ 
     --diskMode=thin \ 
     --skipManifestCheck \ 
     --X:logToConsole \ 
     --X:logLevel=verbose \ 
     --datastore='mylab' \ 
     --name='vmname' \ 
     --vmFolder='myfolder' \ 
     --deploymentOption='dualcpu' \ 
     --net:"Internal=Internal" \ 
     --net:"Management=Management" \ 
     --net:"HA=HA" \ 
     --net:"External=External" \ 
     --X:injectOvfEnv \ 
     --prop:net.mgmt.addr="10.10.10.124/22" \ 
     --prop:net.mgmt.gw="10.10.11.254" \ 
     --prop:user.root.pwd ="mypassword" \ 
     --prop:user.admin.pwd="mypassword" \ 
     <path_to_bigip.ova> \ 
     "vi://user[@userdomain]:password@domain.com/<datacenter-name>/host/<esxi-host>" 

Edit vApp to set the management IP address and default passwords

After you deploy a VM running BIG-IP VE, you can manually assign a management IP address and root and admin passwords. Use this procedure if you want to set these values one time on a specific VM.
Note: These instructions may differ slightly, based on your version of vSphere.
  1. Stop the VM.
  2. Right-click the VM and choose Edit Settings.
  3. Click the vApp Options tab.
  4. In the Authoring section, expand the Properties area.
  5. Click New.
  6. On the Edit Property Settings window, complete the fields.
    Category Label Key ID Type
    BIG-IP VE admin-pwd user.admin.pwd String
    Important: The password can be plain text or SHA-512 encrypted.
  7. Click OK.
  8. Create three more properties, using these values:
    Category Label Key ID Type
    BIG-IP VE root-pwd user.root.pwd String
    BIG-IP VE mgmt-addr net.mgmt.addr String
    BIG-IP VE mgmt-gw net.mgmt.gw String
    Important: The Key ID must be the exact value shown in the table.
  9. Scroll up and you should now have these settings available:
  10. Populate these fields and click OK.
  11. Start the VM. The properties are applied.
After you set the IP address and password, if you want to set it again, you must first delete this file: /shared/vadc/.ve_cust_done

Use Customization Specification to set management IP address

You can prompt the user to enter an IP address and mask after BIG-IP VE is deployed. To do this, you can create a VMware Custom Specification that you can use over and over on multiple VMs.
Notes:
  • These instructions may differ slightly, based on your version of vSphere.
  • This procedure is for setting the management IP address; not for setting default passwords.
  • You can do this procedure after you deploy, not during.
  1. Ensure the BIG-IP VE instance is powered off.
  2. Create a Custom Specification policy.
    1. Open the vSphere Client Home page.
    2. In the Navigator pane, under Policies and Profiles, click Customization Specification Manager.
    3. Click Create a new specification.
      Page Setting Value
      Specify Properties Target VM Operating System Linux
      Set Computer Name Use the virtual machine name Recommended
      Set Computer Name Domain Your domain
      Time Zone Area Your area/time zone
      Configure Network Manually select custom settings

      Create four NICs (management, internal, external, HA).

      For the management NIC, click Edit the selected adapter. Then for IPv4 or IPv6, click Prompt the user for an address when the specification is used and click OK.

      If you enter static values, they are applied. However, if you want to re-use this Custom Spec, you likely want to prompt the user.

      Note: For IPv6, you must set values for both IPv4 and IPv6.
      Enter DNS and Domain Settings   Not supported. You may have to enter a value to move past this page.
  3. Edit the VM to use this policy.
    1. Right-click the VM and choose Guest OS > Customize Guest OS .
    2. Select your specification from the list and click Next.
    3. Enter the IP address and mask and click Finish.
Note: After you set the IP address and password, if you want to set it again, you must first delete this file: /shared/vadc/.ve_cust_done

Use BIG-IP Configuration utility tool to set management IP address

If your network has DHCP, an IP address is automatically assigned to BIG-IP® VE during deployment. You can use this address to access the BIG-IP VE Configuration utility or tmsh command-line utility.

If no IP address was assigned, you can assign one by using the BIG-IP Configuration utility tool.

  1. Connect to the virtual machine by using the hypervisor's console.
  2. At the login prompt, type root.
  3. At the password prompt, type default.
  4. Type config and press Enter.
    The F5 Management Port Setup screen opens.
  5. Click OK.
  6. Select No and follow the instructions for manually assigning an IP address and netmask for the management port.
You can use a hypervisor generic statement, such as tmsh show sys management-ip to confirm that the management IP address was set properly.
You can now log into the BIG-IP VE Config utility, and license and provision BIG-IP VE.

Configure SR-IOV on the guest

Before you can complete these steps, you must have configured Single Root I/O Virtualization (SR-IOV) on the hypervisor.
After deploying BIG-IP® VE, to configure SR-IOV on the guest, you must add three PCI device NICs and map them to your networks.
  1. In vSphere, delete the existing Source Networks for External, Internal, and HA.
    Important: Leave the Source Network for Management.
  2. Edit the settings for the virtual machine to add a PCI device.
    If your hypervisor was set up correctly, there will be 16 virtual functions on each port (05:10.x and 05:11:x).
  3. Map the new device to the VLAN for your internal subnet.
  4. Repeat steps 2 and 3 for the external and HA VLANs.
  5. When all four destination networks are correctly mapped, click Next.
    The Ready to Complete screen opens.