Forum Discussion

Deena's avatar
Deena
Icon for Altocumulus rankAltocumulus
Oct 16, 2022

F5 Lingo

Hi All, complete newbie, trying to learn the f5 lingo. We recently purchased a pair of i5000 series. Each physical box will be deployed in seperate geographical locations.  I plan on carving each box up so that i have 2 Big IPs on each physical box at each location. Digging around trying to find configuration guidelines and best practices is a little tricky, when i'm not sure i have the right terminology :). Any help will be appreaciated.

 

Thanks

Deena

  • Hello Deena,

    i didn't migrate from this load balancer to F5 before, but you can check the below main points when you are migrating from any vendor to F5.

    • If the current load balancer is used as a reverse proxy, start by checking the ports used by back end servers (the ports that the backend server is listeneing on) to replicate and configure the same on F5.
    • Check the current health check monitors on the old load balancer (if exists) to be noted when you are making health check from F5.
    • Check the certificate and key for the HTTPS services, if you are planning to make SSL offloading/bridging on F5.
    • Start checking the VIPs on the old load balancer and decide whether the new VIPs on F5 will be the same IPs or new IPs.
    • If you are going to use the same IPs on the old load balancer, don't connect the F5 to the network (disable the network TMM interfaced) until the cut over maintenance window just to avoid replicating the IPs.

    The configuration on F5 is very simple and straigh forward as a load balancer. It is divided into three main objects as below:

    1. Node (which is the backend server itself). you are defining the backend server and adding it's IP.
    2. Pool (which is group of nodes "backend servers" for the same service). start adding the configured nodes and link each node with a port.
    3. Vritual server or VIP, which is the IP that the client will be communicating with. And then you can assign the pool to that virtual server.

    Good luck in your migration.

     

    BR,

    Mohamed Salah

    • Deena's avatar
      Deena
      Icon for Altocumulus rankAltocumulus

      Great info thanks Mo Salah 🙂

  • I would really advise getting a consultant in for something like this. If not for the whole project, then for doing some knowledge transfer and best practices and such. Sure people will help you here as you see, but still having someone around (in front or as backup) who has done it before it very valuable.

    • Deena's avatar
      Deena
      Icon for Altocumulus rankAltocumulus

      Absolutely agree, and yes we do have a consultant lined up. 

      I'm trying to be a little proactive and do some research on my own which will allow me to ask the right question and make appropriate decisions when the need arises.

      It's hard to google stuff when you don't know what it's called... 🙂

       

       

      • Totally clear, Mohamed Salah helped you with some load balancing terms.

        As for the carving up, that can be done with route domains and partitions or with vCMP. first is more like have separate routing instances, the second is more like running complete virtual machines. something to look into to have an idea what is most useful for you.

  • DeenaFirst off I do not recommend doing this yourself if you have never configured an BIG-IP before because it's a lot of ground to cover. If you must configure it yourself you should be able to use the following article. One big piece to keep in mind is if you will be deploying your BIG-IP in path or out of path, by this I mean in order for your client to reach the BIG-IP and ultimately the servers does it have to go through the BIG-IP or no? If you deploy this out of path (one arm mode) this will require SNAT so if you have to preserve the client IP for the server to see that will no longer be possible.

    https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-system-initial-configuration-11-6-0.html

    Aside from that a gotcha after setup is making sure you record your master key otherwise your backups are useless if a failure ever occurs. I do not recommend carving out your BIG-IP into multiple route domains or partitions unless absolutely necessary because it adds unnecessary complexity, especially if you are new to BIG-IPs. The following are the sections of the BIG-IPs and a general description of what is configured in each section.

    Local Traffic: This is where you configure load balancing
    Network: This is where you configure all device IPs except the management interface IP, VLANs, and routing
    System: This is where you configure almost everything for the management of the device such as SNMP, DNS, NTP, SSH, code upgrades, licensing, and so on.

    This next article is a study guide for the BIG-IP but it might help you understand the device a bit better as well.

    https://clouddocs.f5.com/training/community/f5cert/html/class1/class1.html