Forum Discussion
CSS -> F5 Migration
Hi there,
Wondering if anyone can help me. I have the following CSS configuraiton and wondering how I can translate this into F5 code.
ssl-server 38
ssl-server 38 vip address 10.1.240.10
ssl-server 38 rsakey rsakey1
ssl-server 38 cipher rsa-with-rc4-128-sha 10.1.240.10 9113 weight 7
ssl-server 38 cipher rsa-with-rc4-128-md5 10.1.240.10 9113 weight 8
ssl-server 38 cipher rsa-with-3des-ede-cbc-sha 10.1.240.10 9113 weight 6
ssl-server 38 dhparam dhparam1024
ssl-server 38 port 9013
content inbsslwit
add service SSL
vip address 10.1.240.10
port 9013
content inb/wit9013
balance leastconn
advanced-balance sticky-srcip
vip address 10.1.240.10
protocol tcp
port 9113
add service inbuw01-wit
add service inbuw02-wit
active
service inbuw01-wit
port 9013
ip address 10.1.240.88
string inbuw1wit
keepalive frequency 15
keepalive type none
active
Many thansk in advance
- Carl_Brothers
Employee
Welcome to Devcentral!It has been a long time since I did any CSS configs, but let me kind of give a Rosetta stone of CSS to BigIP LTM terms to help foster the understanding. Additionally, feel free to use the management UI and the wizards to safely build things in BIGIP LTM, I know that Cisco tried a UI a few times, but always failed with the CSS, thus leaving you at the CLI to build things.
CSS - Service
LTM - Pool Member
The LTM has a container for server nodes/ ports called Pools. You would create a Pool first, and then define your health monitors there.
CSS - Keep-alive
LTM - Monitor
Monitors in LTM are significantly more robust than what the CSS (or Netscaler) offers. These are usually assigned to a Pool, but can be defined per pool member(service).
CSS - Content
LTM - Virtual
In the LTM config GUI these are listed as virtual servers.
Michael it would be nice to get some background on the functionality of the service that you are load balancing and its requirements. The examples below are a general guide and may not work, but I assume that you have a version of the service that uses SSL and another that does not, however between CSS and server there is no use of SSL.
You would need to import your certificate onto the LTM and then apply it and a key to a clientSSL profile (9013ClientSSL in example below). There are protocol, persistence, services and other profiles that I do not go into much detail about here, but they should be self explanatory once you familiarize yourself with the interface.
I would take advantage of the free online LTM essentials class while you prepare for your deployment.
Hope this helps!
virtual inb/wit9013{
snat automap
pool inbwit9103_pool
fallback persist source_addr
destination 10.1.240.10:9113
ip protocol tcp
rules
profiles
9013-Oneconnect
9013-TCP-LAN
serverside
9013-TCP-WAN
clientside
9013_HTTP-PRD
persist 9013-srcIP
}
virtual inbsslwit{
snat automap
pool inbwit9103_pool
fallback persist source_addr
destination 10.1.240.10:9013
ip protocol tcp
rules
profiles
9013-Oneconnect
9013-TCP-LAN
serverside
9013-TCP-WAN
clientside
9013_HTTP-PRD
9013ClientSSL
persist 9013-srcIP
}
pool 9013_Prd {
lb method member least conn
monitor all ICMP
members
10.1.240.88:9013
10.1.240.89:9013
}
- JRahm
Admin
We have a few scripts coming from Cisco CSS, CSM, & ACE: - SK_126140
Nimbostratus
Can someone tell me how to migrate rules from CSS to F5?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com