Manual Chapter : Initial vCMP Configuration Tasks

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 12.1.4, 12.1.3, 12.1.2, 12.1.1

BIG-IP APM

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1

BIG-IP LTM

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1

BIG-IP DNS

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1

BIG-IP ASM

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1
Manual Chapter

Initial vCMP Configuration Tasks

Overview: vCMP application volume management

The BIG-IP® system allocates all but 30 gigabytes of the total disk space to the vCMP® application volume. Known as the reserve disk space, the remaining 30 gigabytes of disk space are left available for other uses, such as for installing additional versions of the BIG-IP system in the future. The vCMP disk space allocation, as well as the creation of the reserve disk space, occurs when you initially provision the vCMP feature as part of vCMP host configuration.

If you want the system to reserve more than the standard 30 gigabytes of disk space for non-vCMP uses, you must do this prior to provisioning the vCMP feature. Adjusting the reserved disk space after you have provisioned the vCMP feature can produce unwanted results.

Important: When increasing the reserve disk space for additional BIG-IP installations, the recommended amount of space to reserve is 8 gigabytes per installation.

Viewing disk space allocation for a vCMP application volume

Using this procedure, you can view the amount of disk space, in megabytes, that the system has allocated to a vCMP application volume.
  1. In the URL field, type the management IP address that you previously assigned to the system.
    https://<ip_address>
    The browser displays the login screen for the BIG-IP Configuration utility.
  2. On the Main tab, click System > Disk Management .
    The display shows the logical disks and application volumes from the perspective of the vCMP host.
  3. Click the logical disk for which you want to reserve disk space.
    An example of a logical disk is HD1.
  4. On the menu bar, click Image List if displayed.
    The screen displays a list of the installed images on the system.
  5. If a list of images appears, locate the relevant image, and in the Disk column, click the logical disk name.
  6. In the Contained Application Volumes area of the screen, in the Volume column, locate the vCMP application volume and its associated MySQL application volume.
  7. In the Size (MB) column, view the size of the application volume, in megabytes.

Modifying disk space allocation for a vCMP application volume

When you provision the BIG-IP system for vCMP, the BIG-IP system dedicates all but 30 gigabytes of disk space to running the vCMP feature. (The 30 gigabytes of reserved disk space protects against any possible resizing of the file system.) Before provisioning the vCMP feature, you can reserve additional space for a logical disk. Use this procedure if you decide that you need to change the amount of disk space (in megabytes) that the system allocates to a vCMP application volume.
  1. In the URL field, type the management IP address that you previously assigned to the system.
    https://<ip_address>
    The browser displays the login screen for the BIG-IP Configuration utility.
  2. On the Main tab, click System > Disk Management .
    The display shows the logical disks and application volumes from the perspective of the vCMP host.
  3. Click the logical disk for which you want to reserve disk space.
    An example of a logical disk is HD1.
  4. On the menu bar, click Image List if displayed.
    The screen displays a list of the installed images on the system.
  5. If a list of images appears, locate the relevant image, and in the Disk column, click the logical disk name.
  6. In the Reserved (MB) field, increase the amount of disk space that you want to reserve for the logical disk.
    The more space you reserve, the less disk space there is available for the vCMP application volume.
  7. Click Update.

Deleting a vCMP application volume

Whenever you de-provision the vCMP® feature, you must also delete its vCMP application volumes (named vmdisks) from the relevant software volume (boot location). There is one vmdisks volume for each blade that is assigned to one or more guests, for a specific software volume. De-provisioning the vCMP feature and deleting its application volumes allows you to perform certain disk management tasks such as increasing the amount of disk space that the BIG-IP® system reserves for non-vCMP uses.

Warning: Deleting vCMP application volumes deletes all guest configuration data. Therefore, prior to deleting vCMP application volumes, F5 Networks® strongly recommends that you create a UCS file for each guest configuration. This allows you to easily re-create the guests if you decide to provision the vCMP feature again later.
Important: When the BIG-IP system initially created a vCMP application volume for each assigned blade, the system also created a set of 2-GB, MySQL volumes in the same software volume as the vCMP application volumes. If you decide to de-provision vCMP and delete its application volumes, you should also delete the MySQL volumes in that software volume. Retaining these MySQL volumes consumes disk space that could negatively impact your ability to successfully provision other BIG-IP modules later. Be careful, however, not to delete MySQL volumes that reside in other software volumes.
  1. Use a browser and the management IP address of the vCMP host to log in to the vCMP host (hypervisor) and access the BIG-IP Configuration utility.
  2. On the Main tab, click System > Disk Management .
    The display shows the logical disks and application volumes from the perspective of the vCMP host.
  3. Click the logical disk for which you want to reserve disk space.
    An example of a logical disk is HD1.
  4. On the menu bar, click Image List if displayed.
    The screen displays a list of the installed images on the system.
  5. If a list of images appears, locate the relevant image, and in the Disk column, click the logical disk name.
  6. In the Contained Application Volumes area of the screen, to the left of the list of application volume names, select the boxes for the per-blade vCMP application volumes (named vmdisks), as well as any associated MySQL volumes in that same software volume.
    Important: Be careful not to delete MySQL application volumes pertaining to other software volumes.
  7. Click Delete.
After you perform this task, the BIG-IP system should have enough disk space to accommodate the provisioning of other BIG-IP modules.

vCMP host administrator tasks

As a vCMP® host administrator, you have the important task of initially planning the amount of total system CPU and memory that you want the vCMP host to allocate to each guest. This decision is based on the resource needs of the particular BIG-IP® modules that guest administrators intend to provision within each guest, as well as the maximum system resource limits for the relevant hardware platform. Thoughtful resource allocation planning prior to creating the guests ensures optimal performance of each guest. Once you have determined the resource allocation requirements for the guests, you are ready to configure the host. Overall, your primary duties are to provision the vCMP feature and to create and manage guests, ensuring that the proper system resources are allocated to those guests.

Task summary

Accessing the vCMP host

Before accessing the vCMP® host, verify that you have created a primary cluster management IP address. For information on creating this address, see the guide titled VIPRION® Systems: Configuration.

Performing this task allows you to access the vCMP host. Primary reasons to access the host are to create and manage vCMP® guests, manage virtual disks, and view or manage host and guest properties. You can also view host and guest statistics.

  1. From a system on the external network, display a browser window.
  2. In the URL field, type the primary cluster management IP address for the chassis, as follows:
    https://<ip_address>
    The browser displays the login screen for the BIG-IP® Configuration utility.

Provisioning the vCMP feature

Before performing this task, ensure that the amount of reserve disk space that the provisioning process creates is sufficient. Attempting to adjust the reserve disk space after you have provisioned the vCMP® feature produces unwanted results.
Performing this task creates the vCMP host (the hypervisor) and dedicates most of the system resources to running vCMP.
Warning: If the system currently contains any BIG-IP® module configuration data, this data will be deleted when you provision the vCMP feature.
  1. On the Main tab, click System > Resource Provisioning .
  2. Verify that all BIG-IP modules are set to None.
  3. From the vCMP list, select Dedicated.
  4. Click Update.
After provisioning the vCMP feature, the system reboots TMOS® and prompts you to log in again. This action logs you in to the vCMP host, thereby allowing you to create guests and perform other host configuration tasks.

Creating a vCMP guest

Before creating a guest on the system, verify that you have configured the base network on the system to create any necessary trunks, as well as VLANs for guests to use when processing application traffic.

You create a guest when you want to create an instance of the BIG-IP software for the purpose of running one or more BIG-IP® modules to process application traffic. For example, you can create a guest that runs BIG-IP® Local Traffic Manager™ and BIG-IP® DNS. When creating a guest, you specify the number of logical cores per slot that you want the vCMP host to allocate to each guest, as well as the specific slots that you want the host to assign to the guest.
Note: When creating a guest, if you see an error message such as Insufficient disk space on /shared/vmdisks. Need 24354M additional space., you must delete existing unattached virtual disks until you have freed up that amount of disk space.
Important: If you are planning to add this guest to a Sync-Failover device group and enable connection mirroring with a guest on another chassis, you must ensure that the two guests are configured identically with respect to slot assignment and core allocation. That is, the number of cores, the number of slots, and even the slot numbers on which the guests reside must be the same. Therefore, you must ensure that on each guest of the mirrored pair, the values match for the Cores per Slot, Number of Slots, Minimum Number of Slots, and Allowed Slots settings.
  1. Use a browser to log in to the VIPRION® chassis, using the primary cluster management IP address.
    If you provisioned the system for vCMP®, this step logs you in to the vCMP host.
  2. On the Main tab, click vCMP > Guest List .
    This displays a list of guests on the system.
  3. Click Create.
  4. From the Properties list, select Advanced.
  5. In the Name field, type a name for the guest.
  6. In the Host Name field, type a fully-qualified domain name (FQDN) name for the guest.
    If you leave this field blank, the system assigns the name localhost.localdomain.
  7. From the Cores Per Slot list, select the total number of logical cores that the guest needs, based on the guest's memory requirements.
    The value you select causes the host to assign that number of cores to each slot on which the guest is deployed. The host normally allocates cores per slot in increments of two (two, four, six, and so on).
    Important: Cores for a multi-slot guest do not aggregate to provide a total amount of memory for the guest. Therefore, you must choose a Cores per Slot value that satisfies the full memory requirement of the guest. After you finish creating the guest, the host allocates this amount of memory to each slot to which you assigned the guest. This ensures that the memory is suffcient for each guest if any blade becomes unavailable. For blade platforms with solid-state drives, you can allocate a minimum of one core per guest instead of two. For metrics on memory and CPU support per blade model, see the vCMP® guest memory/CPU allocation matrix at http://support.f5.com.
  8. From the Number of Slots list, select the maximum number of slots that you want the host to allocate to the guest.
  9. From the Minimum Number of Slots list, select the minimum number of chassis slots that must be available for this guest to deploy.
    Important: The minimum number of slots you specify must not exceed the maximum number of slots you specified.
  10. From the Allowed Slots list, select the specific slots that you want the host to assign to the guest and then use the Move button to move the slot number to the Selected field.
    Important: If you want to allow the guest to run on any of the slots in the chassis, select all slot numbers. For example, if you configure the Number of Slots value to be 2, and you configure the Allowed Slots values to be 1, 2, 3, and 4, then the host can assign any two of these four slots to the guest. Note that the number of slots in the Allowed Slots list must equal or exceed the number specified in the Minimum Number of Slots list.
  11. From the Management Network list, select a value:
    Value Result
    Bridged (Recommended) Connects the guest to the management network. Selecting this value causes the IP Address setting to appear.
    Isolated Prevents the guest from being connected to the management network and disables the host-only interface.
    Important: If you select Isolated, do not enable the Appliance Mode setting when you initially create the guest. For more information, see the step for enabling the Appliance Mode setting.
    Host-Only Prevents the guest from being connected to the management network but ensures that the host-only interface is enabled.
  12. If the IP Address setting is displayed, specify the required information:
    1. In the IP Address field, type a unique management IP address that you want to assign to the guest.
      You use this IP address to access the guest when you want to manage the BIG-IP modules running within the guest.
    2. In the Network Mask field, type the network mask for the management IP address.
    3. In the Management Route field, type a gateway address for the management IP address.
    Important: Assigning an IP address that is on the same network as the host management port has security implications that you should carefully consider.
  13. From the Initial Image list, select an ISO image file for installing TMOS® software onto the guest's virtual disk.
  14. In the Virtual Disk list, retain the default value of None.
    Note that if an unattached virtual disk file with that default name already exists, the system displays a message, and you must manually attach the virtual disk. You can do this using the tmsh command line interface, or use the Configuration utility to view and select from a list of available unattached virtual disks.
    The BIG-IP system creates a virtual disk with a default name (the guest name plus the string .img, such as guestA.img).
  15. For the VLAN List setting, select both an internal and an external VLAN name from the Available list, and use the Move button to move the VLAN names to the Selected list.
    The VLANs in the Available list are part of the vCMP host configuration.
    After you create the guest, the guest can use the selected VLANs to process application traffic.
  16. From the Requested State list, select Provisioned.
    Once the guest is created, the vCMP host allocates all necessary resources to the guest, such as cores and virtual disk.
  17. If you want to enable Appliance mode for the guest, select the Appliance Mode check box.
    Warning: Before enabling this feature on an isolated guest, you must perform some prerequisite tasks, such as creating a self IP address on the guest. Failure to perform these prerequisite tasks will make the guest unreachable by all host and guest administrators. Therefore, you must create the isolated guest with Appliance mode disabled, perform the prerequisite tasks, and then modify the guest to enable this setting. For more information, see the relevant appendix of this guide.
    When you enable Appliance Mode for a guest, the system enhances security by denying access to the root account and the Bash shell for all administrators.
  18. From the SSL-Mode list, select an option:
    Option Description
    Dedicated Assigns dedicated SSL hardware resources, in the form of SSL cores, to the guest. A guest in Dedicated mode has a fixed amount of SSL hardware resource available and does not share that resource with other guests on the system. SSL performance for a guest in Dedicated mode is not impacted by other guests' use of SSL hardware resources. The number of SSL cores that the system assigns to the guest is based on the number of vCMP cores allocated to the guest.
    Shared Gives the guest access to all available SSL hardware resources, that is, resources not used by guests in Dedicated mode. In Shared mode, the guest shares SSL hardware resources with all guests that are also in Shared mode. This option can impact SSL performance for the guest, depending on use of SSL resources by other guests. Guests in Shared mode do not impact the SSL performance of guests in Dedicated mode.
    None Prevents the guest from accessing SSL hardware resources. When you select None, the guest has no access to SSL hardware resources, but can access SSL software resources.
    Important: If you do not see the SSL-Mode setting, your hardware platform does not support this feature.
  19. From the Single Rate TCM Policer list:
    • Select None if you do not want to meter network traffic using a Single Rate Three Color Marker (srTCM) policer.
    • Select the name of an existing srTCM policer if you want the BIG-IP system to classify network traffic as green, yellow, or red using the srTCM standard.
  20. Click Finish.
    The system installs the selected ISO image onto the guest's virtual disk and displays a status bar to show the progress of the resource allocation.
You now have a new vCMP guest on the system in the Provisioned state with an ISO imaged installed.

Setting a vCMP guest to the Deployed state

Setting a guest to the Deployed state enables a guest administrator to then provision and configure the BIG-IP® modules within the guest.
Warning: For any isolated guest with Appliance mode enabled, you must first perform some additional tasks before deploying the guest. For more information, see the relevant appendix of this guide.
  1. Ensure that you are logged in to the vCMP host.
  2. On the Main tab, click vCMP > Guest List .
    This displays a list of guests on the system.
  3. In the Name column, click the name of the vCMP guest that you want to deploy.
  4. From the Requested State list, select Deployed.
  5. Click Update.
After moving a vCMP® guest to the Deployed state, a guest administrator can provision and configure the BIG-IP modules within the guest so that the guest can begin processing application traffic.

vCMP guest administrator tasks

The primary duties of a vCMP® guest administrator are to provision BIG-IP® modules within the guest, configure the correct management IP addresses for the slots pertaining to the guest, and configure any self IP addresses that the guest needs for processing application traffic. The guest administrator must also configure all BIG-IP modules, such as creating virtual servers and load balancing pools within BIG-IP Local Traffic Manager™ (LTM®).

Optionally, a guest administrator who wants a redundant system configuration can create a device group with the peer guests as members.

Task list

Provisioning BIG-IP modules within a guest

Before a guest administrator can access a guest to provision licensed BIG-IP® modules, the vCMP® guest must be in the Deployed state.
To run BIG-IP modules within a guest, the guest administrator must first provision them. For example, a guest administrator for guestA who wants to run LTM® and DNS must log into guestA and provision the LTM and BIG-IP DNS modules.
Note: For guests that are isolated from the management network, you must access them using a self IP address instead of a management IP address.
  1. Open a browser, and in the URL field, specify the management IP address that the host administrator assigned to the guest.
  2. At the login prompt, type the default user name admin, and password admin, and click Log in.
    The Setup utility screen opens.
  3. Click Next.
    This displays the Resource Provisioning screen.
  4. For each licensed BIG-IP module in the list, select the check box and select Minimal, Nominal, or Dedicated.
  5. Click Next.
    This displays the Certificate Properties screen.
  6. Click Next.
    This displays some general properties of the guest.
  7. Click Next.
    This displays the screen for specifying the guest's cluster member IP addresses.
  8. Click Next.
  9. Click Finished.

Specifying cluster member IP addresses for a guest

For each vCMP® guest, the guest administrator needs to create a unique set of management IP addresses that correspond to the slots of the VIPRION® cluster. Creating these addresses ensures that if a blade becomes unavailable, the administrator can log in to another blade to access the guest.

  1. On the Setup utility screen for resource provisioning, in the Cluster Member IP Address area, type a management IP address for each slot in the VIPRION chassis, regardless of how many blades are installed or how many slots are assigned to the guest.
    Each IP address must be on the same subnet as the management IP address that the host administrator assigned to the guest (displayed).
  2. Click Next.
  3. Click Finished.
After performing this task, a guest administrator can log in to a specific slot for a guest if blade availability becomes compromised.

Creating a self IP address for application traffic

A vCMP® guest administrator creates a self IP address within a guest, assigning a VLAN to the address in the process. The self IP address serves as a hop for application traffic destined for a virtual server configured within the guest. On a standalone system, the self IP address that a guest administrator creates is a static (non-floating) IP address. Note that the administrator does not need to create VLANs within the guest; instead, the VLANs available for assigning to a self IP address are VLANs that a host administrator previously created on the vCMP host.
  1. On the Main tab of the BIG-IP Configuration utility, click Network > Self IPs .
  2. Click Create.
    The New Self IP screen opens.
  3. In the Name field, type a unique name for the self IP address.
  4. In the IP Address field, type an IPv4 or IPv6 address.
    This IP address should represent the address space of the VLAN that you specify with the VLAN/Tunnel setting.
  5. In the Netmask field, type the network mask for the specified IP address.

    For example, you can type 255.255.255.0.

  6. From the VLAN/Tunnel list, select the VLAN to associate with this self IP address.
    • On the internal network, select the internal or high availability VLAN that is associated with an internal interface or trunk.
    • On the external network, select the external VLAN that is associated with an external interface or trunk.
  7. From the Port Lockdown list, select Allow Default.
  8. Click Finished.
    The screen refreshes, and displays the new self IP address.
After creating a self IP address, the BIG-IP system can send and receive traffic destined for a virtual server that allows traffic through the specified VLAN.

Next steps

After all guests are in the Deployed state, each individual guest administrator can configure the appropriate BIG-IP modules for processing application traffic. For example, a guest administrator can use BIG-IP® Local Traffic Manager™ (LTM®) to create a standard virtual server and a load-balancing pool. Optionally, if guest redundancy is required, a guest administrator can set up device service clustering (DSC®).

Another important task for a guest administrator is to create other guest administrator accounts as needed.

Important: If the guest has an isolated (rather than bridged) management network, you must grant access to the Traffic Management Shell (tmsh) to all guest administrator accounts. Otherwise, guest administrators have no means of logging in to the guest, due to the lack of access to the management network.

Configuration results

After you and all guest administrators have completed the initial configuration tasks, you should have a VIPRION®system provisioned for vCMP, with one or more guests ready to process application traffic.

When logged in to the vCMP® host, you can see the VLANs and trunks configured on the VIPRION system, as well as all of the guests that you created, along with their virtual disks. When using the BIG-IP Configuration utility, you can also display a graphical view of the number of cores that the host allocated to each guest and on which slots.

You can also view the current load on a specific guest in terms of throughput, as well as CPU, memory, and disk usage.

When logged in to a guest, the guest administrator can see one or more BIG-IP® modules provisioned and configured within the guest to process application traffic. If the guest administrator configured device service clustering (DSC®), the guest is a member of a device group.