Add a Data Collection Device to your BIG-IQ Cluster

Hi,

Nice article. I have some doubts about what is best practice for most advanced scenario from Planning and Implementing a Centralized Management Deployment - Network environment for large-scale, distributed management and configuration.

Let's assume that we have two DCs with separate IP ranges and routing between them. One BIG-IQ node is in DC1 along with DCDs and BIG-IPs, second BIG-IQ node along with DCDs and BIG-IPs are in DC2. We are dealing with three IP config objects here:

• MGMT IP
• External VLAN IP
• Internal VLAN IP

MGMT IP and routing seems to be easy - we can configure Management Route or some additional static routes so each BIG-IQ and DCD can be reached for management from relevant workstations. As in this scenario MGMT IP is only used for management not big deal.

Then we have Internal VLAN IPs - in this scenario used for Cluster Network - so each BIG-IQ and DCD should be able to reach each other. Because those IPs are in different networks (two DCs) we need some routing - but GUI is not allowing to create routes on BIG-IQ (at least in 5.2.0). Sure routes can be created using CLI but... is there reason routing in not available via GUI - so it's not advised/supported?

Last but not least we have External VLAN IPs - used for communication with BIG-IP devices. I assume that each BIG-IQ (one in DC1, second in DC2 - let's say this is secondary) as well as each DCD (again some in DC1 some in DC2) should be able to reach all BIG-IPs - both located in DC1 as well as DC2.

Like BIG-IQ1 should be able to reach BIG-IPs in DC1 and DC2 (same for DCDs located in DC1) and BIG-IQ2 should be able to reach BIG-IPs in DC2 and DC1 (same for DCDs located in DC2) - Am I right here?

If I am right again routing configuration is necessary on both BIG-IQs and DCDs - again to be done via CLI.

Is that OK? Or OK for Internal VLAN IPs but not External VLAN IPs?

Side question is if there is a way to assign given DCD to given set of BIG-IPs - I can't recall such option in 5.2.0? Or maybe it can be set up via IP reachability - so if given DCD have IP/routing set so it can reach given BIG-IPs that's it?

Which VLAN potentially will cary most traffic and require highest throughput? Internal or External?

I am not sure as well if manual chapter (Planning and Implementing a Centralized Management Deployment)** is really correct**:

The external network routes traffic between the BIG-IQ Centralized Management cluster and the BIG-IP® devices.

The internal network is used to replicate data to maintain the BIG-IQ Centralized Management cluster. Note: It is best practice to isolate the traffic between BIG-IQ cluster nodes for performance and improved security.

Traffic on the management network is used to do the following:

* Provide communication between the BIG-IQ system and DCD nodes.
* Enable bidirectional traffic between the BIG-IQ systems and the BIG-IP devices.
* If you use a secondary high availability BIG-IQ system, enable traffic between the BIG-IQ systems. This traffic keeps the state information synchronized on your BIG-IQ systems.
* Provide access the BIG-IQ user interface. You can also use it to access the BIG-IQ system using SSH if you need to run manual commands.

Is above info about what management network is used for is indeed correct

I as well found such info in 5.2.0 Setup Wizard help regarding Discovery Address set in third step - Management Address:

The self IP address must be in Classless InterDomain Routing (CIDR) format. For example: 10.10.10.10/24. If you are configuring a Data Collection Device, you must use the

internal self IP address

A bit in conflict with description above where External network is used for communication with BIG-IP.

Last question is related to DCD license. There is very little info about how to acquire one - I only located info that this is free license (and unlimited number of DCDs can be deployed) and should be requested from partner?

Piotr