For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Add a Data Collection Device to your BIG-IQ Cluster

Gathering and analyzing data helps organizations make intelligent decisions about their IT infrastructure. You may need a data collection device (DCD) to collect BIG-IP data so you can manage tha...
Published Sep 26, 2017
Version 1.0
application delivery
big data
BIG-IP
BIG-IQ
management
statistics
PSilva's avatar
Ret. Employee
Technical writer, evangelist, speaker, video host, story teller and overall clever guy. Bringing the slightly theatrical and fairly technical together, I train, write, speak, along with overall evangelism. Highly technical information security professional with social media skills who has also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others.
View Profile
PSilva's avatar
Ret. Employee
Technical writer, evangelist, speaker, video host, story teller and overall clever guy. Bringing the slightly theatrical and fairly technical together, I train, write, speak, along with overall evangelism. Highly technical information security professional with social media skills who has also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others.
View Profile
dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
Sep 27, 2017

Hi,

Nice article. I have some doubts about what is best practice for most advanced scenario from Planning and Implementing a Centralized Management Deployment - Network environment for large-scale, distributed management and configuration.

Let's assume that we have two DCs with separate IP ranges and routing between them. One BIG-IQ node is in DC1 along with DCDs and BIG-IPs, second BIG-IQ node along with DCDs and BIG-IPs are in DC2. We are dealing with three IP config objects here:

  • MGMT IP
  • External VLAN IP
  • Internal VLAN IP

MGMT IP and routing seems to be easy - we can configure Management Route or some additional static routes so each BIG-IQ and DCD can be reached for management from relevant workstations. As in this scenario MGMT IP is only used for management not big deal.

Then we have Internal VLAN IPs - in this scenario used for Cluster Network - so each BIG-IQ and DCD should be able to reach each other. Because those IPs are in different networks (two DCs) we need some routing - but GUI is not allowing to create routes on BIG-IQ (at least in 5.2.0). Sure routes can be created using CLI but... is there reason routing in not available via GUI - so it's not advised/supported?

Last but not least we have External VLAN IPs - used for communication with BIG-IP devices. I assume that each BIG-IQ (one in DC1, second in DC2 - let's say this is secondary) as well as each DCD (again some in DC1 some in DC2) should be able to reach all BIG-IPs - both located in DC1 as well as DC2.

Like BIG-IQ1 should be able to reach BIG-IPs in DC1 and DC2 (same for DCDs located in DC1) and BIG-IQ2 should be able to reach BIG-IPs in DC2 and DC1 (same for DCDs located in DC2) - Am I right here?

If I am right again routing configuration is necessary on both BIG-IQs and DCDs - again to be done via CLI.

Is that OK? Or OK for Internal VLAN IPs but not External VLAN IPs?

Side question is if there is a way to assign given DCD to given set of BIG-IPs - I can't recall such option in 5.2.0? Or maybe it can be set up via IP reachability - so if given DCD have IP/routing set so it can reach given BIG-IPs that's it?

Which VLAN potentially will cary most traffic and require highest throughput? Internal or External?

I am not sure as well if manual chapter (Planning and Implementing a Centralized Management Deployment)** is really correct**:

The external network routes traffic between the BIG-IQ Centralized Management cluster and the BIG-IP® devices.

The internal network is used to replicate data to maintain the BIG-IQ Centralized Management cluster. Note: It is best practice to isolate the traffic between BIG-IQ cluster nodes for performance and improved security.

Traffic on the management network is used to do the following:

* Provide communication between the BIG-IQ system and DCD nodes.
* Enable bidirectional traffic between the BIG-IQ systems and the BIG-IP devices.
* If you use a secondary high availability BIG-IQ system, enable traffic between the BIG-IQ systems. This traffic keeps the state information synchronized on your BIG-IQ systems.
* Provide access the BIG-IQ user interface. You can also use it to access the BIG-IQ system using SSH if you need to run manual commands.


Is above info about what management network is used for is indeed correct
? Looks like copy/paste from previous configuration Network environment for advanced management and configuration?

I as well found such info in 5.2.0 Setup Wizard help regarding Discovery Address set in third step - Management Address:

The self IP address must be in Classless InterDomain Routing (CIDR) format. For example: 10.10.10.10/24. If you are configuring a Data Collection Device, you must use the 

internal self IP address
.

A bit in conflict with description above where External network is used for communication with BIG-IP.

Last question is related to DCD license. There is very little info about how to acquire one - I only located info that this is free license (and unlimited number of DCDs can be deployed) and should be requested from partner?

Piotr