Forum Discussion
How to best Create Big-IP lab on VE from Physical production configuration to test upgrade?
I'm in the process of upgrading our physical Big-IP LTMs and would like to import as much of the configuration as possible (while maintaining VE management configuration) into a virtual edition lab to perform a mock upgrade.
I exported the SCF from the source physical and the VE for comparison.
I found K81271448: Merging BIG-IP configuration objects into the running configuration using tmsh https://support.f5.com/csp/article/K81271448
So it looks like I could remove portions from physical source configuration file and massage the rest, and merge. I converted the vlans to use the last interface on the VE (and disconnected from the VM).
But which parts of the config should I keep, and which should I remove prior to merging?
I also read that a UCS configuration might be more appropriate to export and import.
What is the best recommendation to migrate production Big-IP configuration to a VE lab to test an upgrade prior to actual upgrade?
- DanSchellNimbostratus
I had done the migration from HW to VE for release upgrade tests too and the option "tmsh load sys ucs <filename> platform-migrate" alone isn't sufficient.
At the end I done a mix.
- Export UCS "tmsh load sys ucs <filename> platform-migrate" from HW
- config base options like mgmt ip-address etc. manual at the VE
- Extact exported UCS file
- Import SCF config files from the extracted UCS file with "load /sys config merge file <filename> verify"
- Delete verify errors manual from the SCF files
This was a lot manual work.
I would be also interested in a more effective way of migration.
- DamionCirrus
Even though I used the verify option, it appears that ASM security policies are still loaded with tmsh load sys config merge file verify
That is a little disconcerting.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com