Forum Discussion

Marco_Lei's avatar
Marco_Lei
Icon for Altostratus rankAltostratus
Sep 19, 2022

P2V migration while LACP configured for links

I am working on a F5 LTM migration, where a pair of LTM running 14.1.x will be migrated to 2 VMs. All configs can be migrated via UCS loading, but there are LACP configured for their network interfaces. 

KB K85674611 already outlined the issue for LACP and VM, and provided workaround of removing LACP before UCS generation. However, the pair of LTM is running as production, and customer is reluctant to change F5 network config, worrying service interruption. 

Is there any other method to allow loading of F5 UCS with LACP configuration in VM appliances? Any ideas?

2 Replies

  • I won't recommend working with UCS if you're migrating platform, since UCS is intended for full platform recovery and import fails if hardware is different or if license changes. 

    SCF files are more suited for this purpose: https://support.f5.com/csp/article/K13408

    Please consider two things:

    1) SSL certificate repository is not normally contained in SCF file, use proper tar-file syntax if you need to export those as well

    2) platform migration might still introcuce some challanges, for example interface naming might not match between baremetal hardware and the new VM's. If the objects names aren't exact matches, configuration import will still fail. This might also apply to LACP -- if this is the case, you might have better luck with importing manually the configuration.

     

    I'm sometimes tasked to perform acceptance testing on some customer configuration, which often translates to me creating a VM environment from a baremetal unit backup. I'm pretty confident with bigip configuration files, and the quickest way for me to complete those configuration is just to just overwrite my VM configuration files with configurations that are extracted from a ucs/scf backup:

     

    # first, I manually configure VM with appropiate network settings
    # next, I import the other unit configuration files on the VM with SCP, let's assume I'm using /shared/tmp/ folder
    # lastly, I use these commands to import every file until configuration is fully loaded
    
    bash
    cp /config/bigip.conf /config/bigip.conf.backup
    cp /shared/tmp/other-hardware-bigip.conf /confing/bigip.conf
    tmsh load sys config verify
    tmsh load sys config
    tmsh save sys config 
    
    # for SSL, the keys in UCS file can be found under \var\tmp\filestore_temp\files_d\Common_d\certificate_key_d\
    # I use SCP to copy them all in  /config/filestore/files_d/Common_d/certificate_key_d/
    
    # same thing for certificates which are in same path ..\certificate_d 
    
    #then, I use tmsh command to import all crt/keys. It does not accept wildcards but it's easy to script 
    # https://support.f5.com/csp/article/K14031 for reference
    
    tmsh install /sys crypto key <SSL-key-name> from-local-file <path-to-key-file>
    tmsh install /sys crypto cert <SSL-certificate-name> from-local-file <path-to-certificate-file>
    
    #remember that SSL files aer referenced in the bigip.conf file, so if you need them you should import them before overwriting the bigip.conf file.