Getting Started with BIG-IP Next: Licensing Instances in Central Manager

This article assumes that the license was not applied during the initial instance setup and covers only the GUI process. For the API process or for disconnected mode, please reference the instructions for licensing on Clouddocs.

Download the JSON Web Token from MyF5

I don't have a paid license, so I'm going to use my trial license available at MyF5. Your mileage may vary here. Go to my products & plans, trials, and then in the my trials listing (assuming you've requested/received one) click BIG-IP Next.

Click downloads and licenses (note, however, the helpful list of resources down in guides and references).

You can just copy your JSON web token, but I chose to download.

Install the Token

Login to Central Manager and click manage instances.

Click on your new unlicensed instance.

In the left-hand menu at the bottom, click License.

Click activate license.

We already downloaded our token, so after reviewing the information, click next. Note that I made sure that my Central Manager has access to the licensing server and the steps covered in this article assume the same. If you've managed classic BIG-IP licenses, copying and pasting dossiers to get licenses should be a well-understood process.

On this screen, paste your token into the box, give it a name, and click activate.

After a brief interrogation of the licensing server,  you should now have a healthy, licensed, BIG-IP Next Instance!

Resources

How to: Manage BIG-IP Next instance licenses

Updated Jul 24, 2024
Version 2.0
  • The licensing process is very opaque. Even with outbound access, and a working default route, I am still unable to license an F5 NEXT instance.

    LICENSING-0011: InvalidToken: TokenExpiredOrInvalid

    Are there any troubleshooting steps? Logs we can review?

    • whisperer's avatar
      whisperer
      Icon for MVP rankMVP

      Ok, so found there is a licensing k8s container running... 

      tail -f /var/log/containers/*-llm-*.log

      Removing a lot of timestamp gibberish, here is what I get...

      Start: verify token...
      token verification successful !, returning 200
      Start: saving token...
      Certificates not available, using token for further processing
      failed, err: Post "https://product.apis.f5.com/ee/v1/certificates": dial tcp: lookup product.apis.f5.com on 100.75.0.10:53: server misbehaving, retry count: 1
      failed, err: Post "https://product.apis.f5.com/ee/v1/certificates": dial tcp: lookup product.apis.f5.com on 100.75.0.10:53: server misbehaving, retry count: 2
      failed, err: Post "https://product.apis.f5.com/ee/v1/certificates": dial tcp: lookup product.apis.f5.com on 100.75.0.10:53: server misbehaving, retry count: 3

      Resolves just fine....

      root@nextcm:/var/log/containers# ping product.apis.f5.com
      PING rgwe1rt100-0-routers.dn.apigee.net (35.199.173.84) 56(84) bytes of data.
      

      Definitely think the article could benefit from some troubleshooting info. CANNOT find this anywhere within any KB :/ I may be blind though.

      • JRahm's avatar
        JRahm
        Icon for Admin rankAdmin

        asking internally for additional info. Will keep you posted.

  • So what are the ports and ip addresses that are needed opened thru the firewall?  The disconnected method is not working. :(

     

  • What is the address of the licensing server? as need to open the firewall to allow access.
    Also what is the method to validate license where no Internat Acess is allowed? 

    • JRahm's avatar
      JRahm
      Icon for Admin rankAdmin

      proxy methods are coming; I'm told there are methods with the API for disconnected mode, but I don't have details for that yet. Taking a wireshark capture, the process to connect to licensing server in DNS lookups:

      CM -> product-s.apis.f5.com 
         -> CNAME f5-prod-webdev-prod.apigree.net 
         -> CNAME rgwe1rt100-0-routers.dn.apigee.net 
         -> A 35.199.173.84

      I'll update article after I have concrete details.

    • JRahm's avatar
      JRahm
      Icon for Admin rankAdmin

      Hi Charles_Harding good questions, let me find those answers and a) get back to you and b) update the article, that's important information.

  • It has been 1 week and I still don't have a trial license approved.

     

    "

    Pending approval

    Trial fulfillment on hold, pending approval from F5 Inc.

    "

    • JRahm's avatar
      JRahm
      Icon for Admin rankAdmin

      glad that got worked out, sorry it took as long as it did...