Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Move configuration from Physical LTM(10.x) to Virtual LTM(12.x)

N__197982
Nimbostratus
Nimbostratus

Folks, We are going to switch one of our environment from a physical device to a virtual device. The physical device is on 10.x version and the new virtual devices would be on 12.x version.

 

We need to move the entire configuration and then make the virtual box live in Production.

 

Does anyone have any suggestions on how to do this? We have VIP's running with SSL certificates already loaded for those. While we have ASM/APM/AFM licenses on the virtual box we are only using the LTM feature for now.

 

Thanks!! N.

 

11 REPLIES 11

youssef1
Cumulonimbus
Cumulonimbus

Hello,

 

First of I advise you to put them in the same version (can you Upgrade Hardware version to V12 before Migration to VE?)

 

Regards,

 

RaghavendraSY
Altostratus
Altostratus

Please perform following steps:

 

  1. Take UCS backup of your physical device
  2. Configure only management IP on your virtual machine.
  3. Copy UCS file from your physical device to virtual machine( use SCP or WISCP or other tools)
  4. Once UCS file is copied to virtual machine install UCS using below command tmsh load sys ucs /var/local/ucs/ verify
  5. See for any errors and if no errors are observed then install UCS as mentioned below. tmsh load sys ucs /var/local/ucs/ no-license
  6. Note down all your encrypted password rg: Tacacs, LDAP etc.. because some time ucs will not load with encrypted passwords.
  7. If you receive errors for encrypted password
  8. Go to Config folder and take bigip.conf file and then nullify all the passwords with empty
  9. Then load ucs file again Please let me know any more information is required

How would we be able to take care about the SSL certificates with this? That is a challenge, right?

 

and also how to nullify the password?

 

Hi.

We're migrating our F5 Platform from  Hardware to Virtual appliance (BIG-IP v13.1.5 (Build 0.0.32) and we've built already the VM part and successfully tested one VIP for testing purpose.

My ask was, we wanted to move/transfer our existing 100+ VIPs having on Hardware to the Virtual Machine.

Could you suggest best suitable solution for this and interfaces mismatch is observing on our devices 

Currenlty Hardware is having active interfaces 2.1 and 2.2 and our virtual Machine is configured with 1.1 Interfaces.

Suppose if we upload the .UCS file which we took from Hardware and upload it to Virtual machine, How can we deal with Interface mismatch part?

RaghavendraSY_7
Cumulonimbus
Cumulonimbus

Please perform following steps:

 

  1. Take UCS backup of your physical device
  2. Configure only management IP on your virtual machine.
  3. Copy UCS file from your physical device to virtual machine( use SCP or WISCP or other tools)
  4. Once UCS file is copied to virtual machine install UCS using below command tmsh load sys ucs /var/local/ucs/ verify
  5. See for any errors and if no errors are observed then install UCS as mentioned below. tmsh load sys ucs /var/local/ucs/ no-license
  6. Note down all your encrypted password rg: Tacacs, LDAP etc.. because some time ucs will not load with encrypted passwords.
  7. If you receive errors for encrypted password
  8. Go to Config folder and take bigip.conf file and then nullify all the passwords with empty
  9. Then load ucs file again Please let me know any more information is required

How would we be able to take care about the SSL certificates with this? That is a challenge, right?

 

and also how to nullify the password?

 

N__197982
Nimbostratus
Nimbostratus

Unfortunately, that is not possible. We would have liked to take that route.

 

These are old devices which are no longer supported. Upgrading the physical device can land us in trouble and then we would be left without support.

 

RaghavendraSY
Altostratus
Altostratus

I have not seen any issues with SSL certificates during migration till now.

 

youssef1
Cumulonimbus
Cumulonimbus

Hello,

 

Another way to import your configuration: First of be sure that your UCS is don in version 10.1.0 or later (Check release notes).

 

before migration (small manual work): -> Activate license in F5 VE -> Create VLAN and selfIP in F5 VE (the vlans must have the same names as on the physical equipment)

 

-> Do the backup in Hardware equipement. -> Import the backup in VE -> With winscp retrieve file bigip_base.conf (from VE) and keeo it on the side.

 

-> Load Hardware backup in VE trough CLI(tmsh) load sys ucs sv02353.zadm.local_backup.ucs no-platform-check no-license

 

You will get an error (normal 🙂

 

you will have to give back the file that you have backup bigip_base.conf.

 

Then load configuration (tmsh) load sys config

 

after that it should work without any problem. except for issues that are not related to migration but more to the upgrade...

 

Just warning about HTTP class if you use it you have to keep in mind the following article before upgrade: https://support.f5.com/csp/article/K14409

 

Regards