Forum Discussion

N__197982's avatar
N__197982
Icon for Nimbostratus rankNimbostratus
Apr 04, 2018

Move configuration from Physical LTM(10.x) to Virtual LTM(12.x)

Folks, We are going to switch one of our environment from a physical device to a virtual device. The physical device is on 10.x version and the new virtual devices would be on 12.x version.

 

We need to move the entire configuration and then make the virtual box live in Production.

 

Does anyone have any suggestions on how to do this? We have VIP's running with SSL certificates already loaded for those. While we have ASM/APM/AFM licenses on the virtual box we are only using the LTM feature for now.

 

Thanks!! N.

 

  • Hello,

     

    First of I advise you to put them in the same version (can you Upgrade Hardware version to V12 before Migration to VE?)

     

    Regards,

     

  • Please perform following steps:

     

    1. Take UCS backup of your physical device
    2. Configure only management IP on your virtual machine.
    3. Copy UCS file from your physical device to virtual machine( use SCP or WISCP or other tools)
    4. Once UCS file is copied to virtual machine install UCS using below command tmsh load sys ucs /var/local/ucs/ verify
    5. See for any errors and if no errors are observed then install UCS as mentioned below. tmsh load sys ucs /var/local/ucs/ no-license
    6. Note down all your encrypted password rg: Tacacs, LDAP etc.. because some time ucs will not load with encrypted passwords.
    7. If you receive errors for encrypted password
    8. Go to Config folder and take bigip.conf file and then nullify all the passwords with empty
    9. Then load ucs file again Please let me know any more information is required
    • N__197982's avatar
      N__197982
      Icon for Nimbostratus rankNimbostratus

      How would we be able to take care about the SSL certificates with this? That is a challenge, right?

       

  • Please perform following steps:

     

    1. Take UCS backup of your physical device
    2. Configure only management IP on your virtual machine.
    3. Copy UCS file from your physical device to virtual machine( use SCP or WISCP or other tools)
    4. Once UCS file is copied to virtual machine install UCS using below command tmsh load sys ucs /var/local/ucs/ verify
    5. See for any errors and if no errors are observed then install UCS as mentioned below. tmsh load sys ucs /var/local/ucs/ no-license
    6. Note down all your encrypted password rg: Tacacs, LDAP etc.. because some time ucs will not load with encrypted passwords.
    7. If you receive errors for encrypted password
    8. Go to Config folder and take bigip.conf file and then nullify all the passwords with empty
    9. Then load ucs file again Please let me know any more information is required
    • N__197982's avatar
      N__197982
      Icon for Nimbostratus rankNimbostratus

      How would we be able to take care about the SSL certificates with this? That is a challenge, right?

       

    • David2's avatar
      David2
      Icon for Nimbostratus rankNimbostratus

      Hi.

      We're migrating our F5 Platform from  Hardware to Virtual appliance (BIG-IP v13.1.5 (Build 0.0.32) and we've built already the VM part and successfully tested one VIP for testing purpose.

      My ask was, we wanted to move/transfer our existing 100+ VIPs having on Hardware to the Virtual Machine.

      Could you suggest best suitable solution for this and interfaces mismatch is observing on our devices 

      Currenlty Hardware is having active interfaces 2.1 and 2.2 and our virtual Machine is configured with 1.1 Interfaces.

      Suppose if we upload the .UCS file which we took from Hardware and upload it to Virtual machine, How can we deal with Interface mismatch part?

  • Unfortunately, that is not possible. We would have liked to take that route.

     

    These are old devices which are no longer supported. Upgrading the physical device can land us in trouble and then we would be left without support.

     

  • Hello,

     

    Another way to import your configuration: First of be sure that your UCS is don in version 10.1.0 or later (Check release notes).

     

    before migration (small manual work): -> Activate license in F5 VE -> Create VLAN and selfIP in F5 VE (the vlans must have the same names as on the physical equipment)

     

    -> Do the backup in Hardware equipement. -> Import the backup in VE -> With winscp retrieve file bigip_base.conf (from VE) and keeo it on the side.

     

    -> Load Hardware backup in VE trough CLI(tmsh) load sys ucs sv02353.zadm.local_backup.ucs no-platform-check no-license

     

    You will get an error (normal :-)

     

    you will have to give back the file that you have backup bigip_base.conf.

     

    Then load configuration (tmsh) load sys config

     

    after that it should work without any problem. except for issues that are not related to migration but more to the upgrade...

     

    Just warning about HTTP class if you use it you have to keep in mind the following article before upgrade: https://support.f5.com/csp/article/K14409

     

    Regards