Forum Discussion

Micka_61352's avatar
Micka_61352
Icon for Nimbostratus rankNimbostratus
Mar 02, 2011

CSS -> F5 Migration

Hi there,

 

 

Wondering if anyone can help me. I have the following CSS configuraiton and wondering how I can translate this into F5 code.

 

 

ssl-server 38

 

ssl-server 38 vip address 10.1.240.10

 

ssl-server 38 rsakey rsakey1

 

ssl-server 38 cipher rsa-with-rc4-128-sha 10.1.240.10 9113 weight 7

 

ssl-server 38 cipher rsa-with-rc4-128-md5 10.1.240.10 9113 weight 8

 

ssl-server 38 cipher rsa-with-3des-ede-cbc-sha 10.1.240.10 9113 weight 6

 

ssl-server 38 dhparam dhparam1024

 

ssl-server 38 port 9013

 

 

content inbsslwit

 

add service SSL

 

vip address 10.1.240.10

 

port 9013

 

 

content inb/wit9013

 

balance leastconn

 

advanced-balance sticky-srcip

 

vip address 10.1.240.10

 

protocol tcp

 

port 9113

 

add service inbuw01-wit

 

add service inbuw02-wit

 

active

 

 

service inbuw01-wit

 

port 9013

 

ip address 10.1.240.88

 

string inbuw1wit

 

keepalive frequency 15

 

keepalive type none

 

active

 

 

Many thansk in advance

 

  • Welcome to Devcentral!

     

     

    It has been a long time since I did any CSS configs, but let me kind of give a Rosetta stone of CSS to BigIP LTM terms to help foster the understanding. Additionally, feel free to use the management UI and the wizards to safely build things in BIGIP LTM, I know that Cisco tried a UI a few times, but always failed with the CSS, thus leaving you at the CLI to build things.

     

     

     

    CSS - Service

     

    LTM - Pool Member

     

    The LTM has a container for server nodes/ ports called Pools. You would create a Pool first, and then define your health monitors there.

     

     

     

    CSS - Keep-alive

     

    LTM - Monitor

     

    Monitors in LTM are significantly more robust than what the CSS (or Netscaler) offers. These are usually assigned to a Pool, but can be defined per pool member(service).

     

     

     

     

    CSS - Content

     

    LTM - Virtual

     

    In the LTM config GUI these are listed as virtual servers.

     

     

     

    Michael it would be nice to get some background on the functionality of the service that you are load balancing and its requirements. The examples below are a general guide and may not work, but I assume that you have a version of the service that uses SSL and another that does not, however between CSS and server there is no use of SSL.

     

     

     

    You would need to import your certificate onto the LTM and then apply it and a key to a clientSSL profile (9013ClientSSL in example below). There are protocol, persistence, services and other profiles that I do not go into much detail about here, but they should be self explanatory once you familiarize yourself with the interface.

     

     

     

    I would take advantage of the free online LTM essentials class while you prepare for your deployment.

     

     

     

    Hope this helps!

     

     

     

    virtual inb/wit9013{

     

    snat automap

     

    pool inbwit9103_pool

     

    fallback persist source_addr

     

    destination 10.1.240.10:9113

     

    ip protocol tcp

     

    rules

     

    profiles

     

    9013-Oneconnect

     

    9013-TCP-LAN

     

    serverside

     

    9013-TCP-WAN

     

    clientside

     

    9013_HTTP-PRD

     

    persist 9013-srcIP

     

    }

     

     

     

     

    virtual inbsslwit{

     

    snat automap

     

    pool inbwit9103_pool

     

    fallback persist source_addr

     

    destination 10.1.240.10:9013

     

    ip protocol tcp

     

    rules

     

    profiles

     

    9013-Oneconnect

     

    9013-TCP-LAN

     

    serverside

     

    9013-TCP-WAN

     

    clientside

     

    9013_HTTP-PRD

     

    9013ClientSSL

     

    persist 9013-srcIP

     

    }

     

     

     

     

    pool 9013_Prd {

     

    lb method member least conn

     

    monitor all ICMP

     

    members

     

    10.1.240.88:9013

     

    10.1.240.89:9013

     

    }

     

     

     

     

     

     

     

     

     

     

  • We have a few scripts coming from Cisco CSS, CSM, & ACE:

     

     

    http://devcentral.f5.com/wiki/default.aspx/AdvDesignConfig/Cisco.html Click Here