Add a Data Collection Device to your BIG-IQ Cluster
Gathering and analyzing data helps organizations make intelligent decisions about their IT infrastructure. You may need a data collection device (DCD) to collect BIG-IP data so you can manage that device with BIG-IQ. BIG-IQ is a platform that manages your devices and the services they deliver. Let’s look at how to discover and add a data collection device in BIG-IQ v5.2. You can add a new data collection device to your BIG-IQ cluster so that you can start managing it using the BIG-IP device data.
In addition to Event and Alert Log data, you can view and manage statistical data for your devices. From licensing to policies, traffic to security, you’ll see it all from a single pane of glass.
But you need a DCD to do that.
So, we start by logging in to a BIG-IQ.
Then, under the System tab, go to BIG-IQ Data Collection and under that, click BIG-IQ Data Collection Devices.
The current DCD screen shows no devices in this cluster. To add a DCD, click Add.
This brings us to the DCD Properties screen. For Management Address field, we add the management IP address of the BIG-IP/DCD we want to manage. We’ll then add the Admin username and password for the device. For Data Collection IP Address, we put the transport address which is usually the internal Self-IP address of the DCD and click Add.
The process can take a little while as the BIG-IQ authenticates with the BIG-IQ DCD and adds it to the BIG-IQ configuration. But once complete, you can see the devices has been added successfully.
Now you’ll notice that the DCD has been added but there are no Services at this point. To add Services, click Add Services.
In this instance, we’re managing a BIG-IP with multiple services including Access Policies so we’re going to activate the Access services. The listener address already has the management address of the DCD populated so we’ll simply click Activate. Once activated, you can see that it is Active.
When we go back to the Data Collection Devices page, we can see that the Access Services have been added and the activation worked.
Congrats! You’ve added a Data Collection Device! You can also watch a video demo of How to Add a data collection device to your BIG-IQ cluster.
ps
Related:
Hi Peter,
I was waiting for this posting as we are trying to use BIG-IQ DCD node. One quick question.
Can I use the same IP address for management and DCD collection IP address? Or it is required that management and DCD collection IP should be separated?
Thank you.
- PSilvaRet. Employee
Hi Chan~ Thanks for the note.
I checked with the BIG-IQ folks and best practices is to use the management and a self-ip as described. You might be able to force everything thru the management port but it is not recommended.
I found a couple support articles about DCDs which may clarify.
Planning and Implementing a Centralized Management Deployment
Managing a Data Collection Device Cluster
Hope that helps
ps
- dragonflymrCirrostratus
Hi,
Nice article. I have some doubts about what is best practice for most advanced scenario from Planning and Implementing a Centralized Management Deployment - Network environment for large-scale, distributed management and configuration.
Let's assume that we have two DCs with separate IP ranges and routing between them. One BIG-IQ node is in DC1 along with DCDs and BIG-IPs, second BIG-IQ node along with DCDs and BIG-IPs are in DC2. We are dealing with three IP config objects here:
- MGMT IP
- External VLAN IP
- Internal VLAN IP
MGMT IP and routing seems to be easy - we can configure Management Route or some additional static routes so each BIG-IQ and DCD can be reached for management from relevant workstations. As in this scenario MGMT IP is only used for management not big deal.
Then we have Internal VLAN IPs - in this scenario used for Cluster Network - so each BIG-IQ and DCD should be able to reach each other. Because those IPs are in different networks (two DCs) we need some routing - but GUI is not allowing to create routes on BIG-IQ (at least in 5.2.0). Sure routes can be created using CLI but... is there reason routing in not available via GUI - so it's not advised/supported?
Last but not least we have External VLAN IPs - used for communication with BIG-IP devices. I assume that each BIG-IQ (one in DC1, second in DC2 - let's say this is secondary) as well as each DCD (again some in DC1 some in DC2) should be able to reach all BIG-IPs - both located in DC1 as well as DC2.
Like BIG-IQ1 should be able to reach BIG-IPs in DC1 and DC2 (same for DCDs located in DC1) and BIG-IQ2 should be able to reach BIG-IPs in DC2 and DC1 (same for DCDs located in DC2) - Am I right here?
If I am right again routing configuration is necessary on both BIG-IQs and DCDs - again to be done via CLI.
Is that OK? Or OK for Internal VLAN IPs but not External VLAN IPs?
Side question is if there is a way to assign given DCD to given set of BIG-IPs - I can't recall such option in 5.2.0? Or maybe it can be set up via IP reachability - so if given DCD have IP/routing set so it can reach given BIG-IPs that's it?
Which VLAN potentially will cary most traffic and require highest throughput? Internal or External?
I am not sure as well if manual chapter (Planning and Implementing a Centralized Management Deployment)** is really correct**:
The external network routes traffic between the BIG-IQ Centralized Management cluster and the BIG-IP® devices.
The internal network is used to replicate data to maintain the BIG-IQ Centralized Management cluster. Note: It is best practice to isolate the traffic between BIG-IQ cluster nodes for performance and improved security.
Traffic on the management network is used to do the following:
* Provide communication between the BIG-IQ system and DCD nodes. * Enable bidirectional traffic between the BIG-IQ systems and the BIG-IP devices. * If you use a secondary high availability BIG-IQ system, enable traffic between the BIG-IQ systems. This traffic keeps the state information synchronized on your BIG-IQ systems. * Provide access the BIG-IQ user interface. You can also use it to access the BIG-IQ system using SSH if you need to run manual commands.
? Looks like copy/paste from previous configuration Network environment for advanced management and configuration?Is above info about what management network is used for is indeed correct
I as well found such info in 5.2.0 Setup Wizard help regarding Discovery Address set in third step - Management Address:
The self IP address must be in Classless InterDomain Routing (CIDR) format. For example: 10.10.10.10/24. If you are configuring a Data Collection Device, you must use the
.internal self IP address
A bit in conflict with description above where External network is used for communication with BIG-IP.
Last question is related to DCD license. There is very little info about how to acquire one - I only located info that this is free license (and unlimited number of DCDs can be deployed) and should be requested from partner?
Piotr
- Hoang_HungCirrus
Hi
I have a question for BIG-IQ. I have a BIG-IQ enable WAF event log.I want to BIG-IP ---> BIG-IQ ---> SOC System. At this time: BIG-IP >> BIG-IQ but I not solution yet for " CONFIG from BIG-IQ to SOC"
Do you know for solution it.
Thanks
Hung Hoang
- dragonflymrCirrostratus
Hi,
Unfortunately I never touched this are so I have no idea how to send data from BIG-IQ to external system.
Piotr
- Hoang_HungCirrus
Thanks you so much
Hung Hoang