For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

How to automate licenses management on F5 BIG-IP via BIG-IQ License Manager ( Part-1 )

This article Managing BIG-IP Licensing With BIG-IQ is a good start to introduce how to setup and use a BIG-IQ License Manager to manage BIG-IP licenses ( assign/revoke/relicense etc.), please check this article to understand these basic processes.

 

For example, below is the process how a F5 Flex Consumption Program (FCP) (former Enterprise License Agreement – ELA) customer centralized manage their BIG-IP VE licenses via a BIG-IQ LM under F5 ELA program. The customer can spin up BIG-IP VE as their business requirements across on-premises DC and multiple Clouds.

 

 

 

Now if customer want to automate these licenses management processes on BIG-IP and BIG-IQ License Manager (LM), there are two kinds of APIs available.

I will have Part-1 and Part-2 article to cover these two options.

 

  • Option-1:  Send API calls towards to BIG-IQ License Manager (LM) automatic assign/revoke (push) a license from an ELA/Utility license pool to a BIG-IP instance.
  • Option-2: Send API calls towards to BIG-IP via Declaration Onboarding (DO), automatic assign, revoke and relicense a license (pull) from an ELA/Utility license pool on a BIG-IQ LM.

 

Note: before the testing, make sure the connectivity between your BIG-IQ LM and BIG-IP is up, vnet/vpc peering should be configured properly if the communications are not over public network/internet in Cloud.

 

Now let’s dive into these two options,

 

Option-1: Send API calls towards to BIG-IQ License Manager (LM) automatic assign/revoke (push) a license from an ELA/Utility license pool to a BIG-IP instance.

F5 API Document: CloudDocs Link

 

API calls target: BIG-IQ LM

API type: REST API

Licenses Action: push license from BIG-IQ LM to BIG-IP(s)

BIG-IQ LM API Endpoint:

 

POST https://localhost/mgmt/cm/device/tasks/licensing/pool/member-management

 

 

License assign from BIG-IQ LM

 

In my below example, I have an ELA MSP loadv10 license catalogue was activated on my test BIG-IQ LM, I will assign a BTAWF200M license to a new previsioned BIG-IP VE (unmanaged) in Azure.

 

Specified the license pool name, license key words, BIG-IP management IP address, command (e.g., assign or revoke etc.), unit of measure, BIG-IP login credential and chargebackTag etc. and post the API call to the BIG-IQ LM API Endpoint.

 

 

{

  "licensePoolName": "loadv10",

  "command": "assign",

  "address": "10.6.1.11",

  "skuKeyword1": "BTAWF",

  "skuKeyword2": "200M",

  "unitOfMeasure": "yearly",

  "user": "admin"

  "password": "xxxxxx"

  "chargebackTag": "f5vm01"

}

 

 

 

 

On the new provisioned BIG-IP, you can find the BEST+AWAF 200Mbps MSP license was applied successfully.

 

 

On BIG-IQ LM, Devices>License Management>Assignments, you can find this BIG-IP was assigned a right license successfully as expected.

 

 

 

License revoke from BIG-IQ LM

 

Similar to the license assignment process, license revoke process needs to specify the revoke license pool name, BIG-IP management IP address, command (e.g. revoke), license key words, unit of measure, BIG-IP login credential etc. and post the API call to the BIG-IQ LM API Endpoint.

 

{

    "label": "Revoke license on BIG-IP via BIG-IQ CM utility license when BIG-IP is reachable from BIG-IQ CM",

    "licensePoolName": "loadv10",

    "command": "revoke",

    "address": "10.6.1.11",

    "skuKeyword1": "BTAWF",

    "skuKeyword2": "200M",

    "unitOfMeasure": "yearly",

    "user": "admin",

    "password": "xxxxxx",

    "chargebackTag":"f5vm01"
  }

 

 

 

On BIG-IP, the license was revoked back to the license pool on BIG-IQ LM successfully.

 

 

On BIG-IQ LM, there is no license was assigned.

 

 

 

 

Updated Dec 19, 2022
Version 2.0
application delivery
cloud