F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Centers
  3. BIG-IQ Centralized Management
  4. BIG-IQ Centralized Management: Local Traffic and Network Implementations
  5. Managing Network Objects
Manual Chapter : Managing Network Objects

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 6.0.0
Manual Chapter
Table of Contents | << Previous Chapter | Next Chapter >>

Managing Network Objects

How do I change object settings on a managed device?

To change the object settings on a managed device, there are four tasks to perform.

This figure illustrates the workflow you perform to manage the objects on BIG-IP® devices. Changing the settings is the second step in this process.

Workflow for changing object settings on a managed device

Change managed object workflow

Change a network object

You can make revisions to the configuration of Local Traffic objects to simplify managing your devices.
  1. At the top of the screen, click Configuration, then, on the left, click NETWORK.
  2. Under NETWORK, click the object type that you want to modify, such as Interfaces or VLANs.
    The screen displays a list of objects of that type that are defined on this BIG-IQ.
  3. Click the name of the object you want to change.
    The Properties screen for the selected object opens.
  4. Make changes to the properties that you want to modify.
  5. When you are satisfied with the changes you have made, click Save & Close.
    The revisions you saved are made, and the Properties screen for the selected object closes.
Changes that you make are made only to the pending version. The pending version serves as a repository for changes you stage before deploying them to the managed device. Object settings for the pending version are not the same as the object settings on the actual BIG-IP device until they are deployed or discarded.
To apply the pending version settings to the BIG-IP device, you next need to deploy the revisions.

Manage a network interface

You can use the BIG-IQ Local Traffic component to enable or disable network interfaces on a managed device.
Important: When you revise configurations on devices that belong to a high availability cluster, it is important to let the changes synchronize to the cluster members instead of trying to make the same changes to multiple devices. If you try to replicate changes you made on one device in the cluster, the next config sync attempt could fail.
  1. At the top of the screen, click Configuration, then, on the left, click NETWORK > Interfaces .
    The screen displays the list of interfaces defined on this device.
  2. Select the check box for the interface you want to change, and then click Enable or Disable.
    The State for the selected interface changes on the BIG-IQ.

Create a new route

You can use the BIG-IQ Local Traffic component to add a route to a managed device.
Important: When revising configurations on devices that belong to a high availability cluster, it is important to let the changes synchronize to the cluster members instead of trying to make the same changes to multiple devices. If you try to replicate changes you made on one device in the cluster, the next config sync attempt could fail.
  1. At the top of the screen, click Configuration, then, on the left, click NETWORK > Routes .
    The screen displays the list of routes defined on this device.
  2. Click Create.
    The New Route screen opens.
  3. In the Name field, type in a name for the route you are creating.
  4. In the Description field, type in a brief description for the route you are creating.
  5. From the Device list, select the device on which to create the route.
  6. For Partition, type the name of the BIG-IP device partition on which you want to create the route.
  7. In the Destination/Mask field, type a self IP address and net mask for this route.
    These addresses display in the Destination and Netmask columns of the routing table.
    For example: 
    10.145.193.0/24
  8. Specify the Resource setting.
    • To use a gateway, select Use Gateway, and then from Gateway Address, choose either IP Address or IPv6 Link-Local Address. This is the method through which you want the BIG-IQ system to forward packets to the route destination.
    • To use a pool, select Use Pool, and then select the pool through which you want the BIG-IQ system to forward packets to the route destination.
    • To use a VLAN or tunnel, select Use VLAN/Tunnel, and then select the VLAN or tunnel through which you want the BIG-IQ system to forward packets to the route destination.
    • To reject packets forwarded to the route destination, select Reject.
  9. In the MTU field, type an optional frame size value for Path Maximum Transmission Unit (MTU). By default, BIG-IP devices use the standard Ethernet frame size of 1518 bytes (1522 bytes if VLAN tagging is used) with the corresponding MTU of 1500 bytes. For BIG-IP devices that support Jumbo Frames, you can specify another MTU value.
  10. Click Save & Close.
    The system creates the new route with the settings you specified.

Create a new route domain

You can use the BIG-IQ Local Traffic component to add a route domain to a managed device. Using route domains, you can assign the same IP address to more than one device on a network, as long as each instance of the IP address resides in a separate route domain.
  1. At the top of the screen, click Configuration, then, on the left, click NETWORK > Route Domains .
    The screen displays the list of route domains defined on this device.
  2. Click Create.
    The New Route Domain screen opens.
  3. In the Name field, type in a unique name for the route you are creating.
  4. In the ID field, type an integer to represent the route domain.
    The integer must be unique on the BIG-IP device and be between 1 and 65534. The default value (0) indicates that all VLANs on a system pertain to this route domain. When you create new route domains, you can assign VLANs to those route domains which moves the VLANs out of the default route domain.
    Important: When you assign a VLAN to a route domain, keep in mind that any self IP addresses that use that VLAN must use the same route domain. For example, if self IP 10.0.0.0%20 (route domain with ID 20) is assigned to VLAN-1, you cannot assign VLAN-1 to any route domain except a route domain with ID 20.
  5. In the Description field, type in a brief description for the route domain you are creating.
  6. From the Device list, select the device on which to create the route domain.
  7. For Partition, type the name of the BIG-IP device partition on which you want to create the route domain.
  8. Select Strict Isolation if you want to enforce cross-routing restrictions.
    When Enabled is selected, routes cannot cross route domain boundaries (so they are strictly isolated to the current route domain). The default is enabled. When this setting is disabled, routes can cross route domains. For example, you could add a route to the routing table with a 10.0.0.0%20 (route domain 20) destination and a gateway of 172.27.84.29%32 (route domain 32).
  9. To specify a VLAN or tunnel for the BIG-IP device to use in the route domain, select it in the Available list, and use the arrow to add it to the Selected list.
    Note: A VLAN and tunnel can only be referenced by one route domain at a time, so if the VLAN or tunnel you select is currently referenced by another route domain, it will be removed from that route domain when you attach it to this route domain.
    Note: Before removing a VLAN from a route domain, recall that every self IP address must use the same route domain as its VLAN, so make sure the VLAN is not already in use by a self IP address. For example, if a self IP address uses a VLAN named VLAN-2 and also uses the default route domain 0, do not remove VLAN-2 from route domain 0.
  10. Click Save & Close.
    The system creates the new route domain with the settings you specified.

Create a new VLAN

You can use the BIG-IQ Local Traffic component to add a VLAN to a managed device. Using VLANs, you can assign the same IP address to more than one device on a network, as long as each instance of the IP address resides in a separate VLAN.
  1. At the top of the screen, click Configuration, then, on the left, click NETWORK > VLANs .
    The screen displays the list of VLANs defined on this device.
  2. Click Create.
    The New VLAN screen opens.
  3. In the Name field, type a unique name for the VLAN you are creating.
  4. In the Description field, type a brief description for the VLAN you are creating.
  5. In the Tag field, type a tag number for the VLAN.
    The tag number can be between 1 and 4094, but must be unique on the target device. If you do not specify a value, the system automatically assigns a tag number.
  6. From the Device list, select the device on which to create the VLAN.
  7. For Partition, type the name of the BIG-IP device partition on which you want to create the VLAN.
  8. In the MTU field, specify the maximum transmission unit (MTU) for traffic on this VLAN.
    The default is 1500.
  9. To specify which interfaces this VLAN uses for traffic management, select one from the Interface list, and then select the Tagging for it.
    You can add more than one interface by clicking the Add + button.
  10. Click Save & Close.
    The system creates the new VLAN with the settings you specified.

Create a new self IP address

You can use the BIG-IQ Local Traffic component to add a self IP address to a managed device.
Important: When revising configurations on devices that belong to a high availability cluster, it is important to let the changes synchronize to the cluster members instead of trying to make the same changes to multiple devices. If you try to replicate changes you made on one device in the cluster, the next config sync attempt could fail.
  1. At the top of the screen, click Configuration, then, on the left, click NETWORK > Self IPs .
    The screen displays the list of self IP addresses defined on this device.
  2. Click Create.
    The New Self IP screen opens.
  3. In the Name field, type in a name for the self IP address you are creating.
  4. From the Device list, select the device on which to create the self IP address.
  5. For Partition, type the name of the BIG-IP device partition on which you want to create the self IP.
  6. In the IP Address field, type either an IPv4 or an IPv6 address. For an IPv4 address, you should specify a /32 IP address per RFC 3021.
  7. In the Netmask field, type the netmask for this self IP address. You must type the full netmask.
    Specifying the prefix length in bits is not supported. For example, you could type 255.255.255.255 or ffff:ffff:ffff:ffff:0000:0000:0000:0000 or ffff:ffff:ffff:ffff:: (with two colons at the end).
  8. For VLAN/Tunnel, select the VLAN or tunnel to associate with this self IP address.
    Important: When you assign a VLAN to this self IP address, keep in mind that the self IP address and VLAN must use the same route domain. For example, if you assign self IP 10.0.0.0%20 (route domain with ID 20) to VLAN-1, you will not be able to assign VLAN-1 to any route domain except a route domain with ID 20.
  9. Specify the Port Lockdown.
    • Select Allow Default to activate only the default protocols and services. You can determine the supported protocols and services by logging in to the target BIG-IP device and running tmsh list net self-allow defaults on the command line.
    • Select Allow All to activate all TCP and UDP services on this self IP address.
    • Select Allow None to specify that this self IP address accepts no traffic. If you are using this self IP address as the local endpoint for WAN optimization, select this option to avoid potential port conflicts.
    • Select Allow Custom or Allow Custom (Include Default) to expand the Custom List setting, where you can specify the ports, protocols, and services to activate on this self IP address.
  10. For the Traffic Group, select a specific traffic group for the self IP address.
  11. Click Save & Close.
    The system creates the new self IP address with the settings you specified.

Create a new DNS resolver

You can use the BIG-IQ Local Traffic component to add a DNS resolver to a managed device. Using DNS resolvers, you can assign the same IP address to more than one device on a network, as long as each instance of the IP address resides in a separate DNS resolver.
  1. At the top of the screen, click Configuration, then, on the left, click NETWORK > DNS Resolvers .
    The screen displays the list of DNS resolvers defined on this device.
  2. Click Create.
    The New DNS Resolver screen opens.
  3. In the Name field, type in a unique name for the DNS resolver you are creating.
  4. For Partition, type the name of the BIG-IP device partition on which you want to create the DNS resolver.
  5. Select the Route Domain Name that this resolver uses for outbound traffic.
    The default is the default route domain.
  6. To specify the Resolver properties, expand the Resolver area.
  7. For the Cache Size, type the size of the internal DNS resolver cache.
    The default is 5767168 bytes. After the cache reaches this size, when new or refreshed content arrives, the system removes expired and older content and caches the new or updated content.
  8. Select Answer Default Zones if you want the system to answer DNS queries for the default zones localhost, reverse, 127.0.0.1, ::1, and AS112.
    The default is disabled, meaning that the system passes along the DNS queries for the default zones.
  9. Select Randomize Query Character Case if you want the internal DNS resolver to randomize character case in domain name queries issued to the root DNS servers.
    The default is enabled.
  10. To specify the Traffic properties, expand the area and select the format or formats for which you want the system to answer and issue queries.
  11. To specify a forward zone used to resolve matching DNS queries, expand the Forward Zones area and click Add.
    A popup screen opens.
    1. In the Name field, type in a unique name for the forward zone you are creating.
    2. In the Address field, type in an IP address for the forward zone you are creating.
    3. In the Service Port field, type in the port number for the forward zone you are creating.
    4. Click the Add button next to the Service Port.
      The address and port combination is added to the Nameservers box.
    5. To add additional nameservers, repeat the last two sub-steps.
  12. When you are satisfied with the new forward zone, click the Add button.
  13. If you have specified forward zones, select the check boxes for the zones you want to use.
  14. When you are satisfied with the new DNS resolver, click Save & Close.
    The system creates the new DNS resolver with the settings you specified.
When the BIG-IP system receives a query that cannot be resolved from the cache, the system forwards the query to a nameserver associated with the matching forward zone. When the nameserver returns a response, the BIG-IP system caches the response, and returns the response to the resolver making the query.
To pin this resolver to specific devices, click Configuration > LOCAL TRAFFIC > Pinning Policies .
Note: For detail about how pinning works, refer to Managing Object Pinning on support.f5.com.
Table of Contents | << Previous Chapter | Next Chapter >>
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5 Networks, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information