What am I doing wrong with this network configuration for KVM (F5 virtual edition)
Hello, I have been trying to setup an F5 lab using KVM on debian. I currently have the following network configuration (/etc/network/interfaces - see output pasted at end of post) although whenever I go to create the VM in KVM, only one tap is associated with the bridge (trying to use the taps for management, external, and internal interfaces on the F5 VM). (see screenshot at end of post) Would anyone have any suggestions for configuring networking properly for this setup? I'm open to anything at this point in time. Thanks for your help. source /etc/network/interfaces.d/* auto lo iface lo inet loopback allow-hotplug eth0 iface eth0 inet dhcp iface eth0 inet6 auto auto br0 iface br0 inet dhcp pre-up ip tuntap add dev tap0 mode tap user root pre-up ip tuntap add dev tap1 mode tap user root pre-up ip tuntap add dev tap2 mode tap user root pre-up ip link set tap0 up pre-up ip link set tap1 up pre-up ip link set tap2 up bridge_ports all tap0 tap1 tap2 bridge_stp off bridge_maxwait 0 bridge_fd 0 post-down ip link set tap0 down post-down ip link set tap1 down post-down ip link set tap2 down post-down ip tuntap del dev tap0 mode tap post-down ip tuntap del dev tap1 mode tap post-down ip tuntap del dev tap2 mode tap
How to best Create Big-IP lab on VE from Physical production configuration to test upgrade?
I'm in the process of upgrading our physical Big-IP LTMs and would like to import as much of the configuration as possible (while maintaining VE management configuration) into a virtual edition lab to perform a mock upgrade. I exported the SCF from the source physical and the VE for comparison. I found K81271448: Merging BIG-IP configuration objects into the running configuration using tmsh https://support.f5.com/csp/article/K81271448 So it looks like I could remove portions from physical source configuration file and massage the rest, and merge. I converted the vlans to use the last interface on the VE (and disconnected from the VM). But which parts of the config should I keep, and which should I remove prior to merging? I also read that a UCS configuration might be more appropriate to export and import. What is the best recommendation to migrate production Big-IP configuration to a VE lab to test an upgrade prior to actual upgrade?
VE lost communication after upgrade to ESXi 6.7 Update 2
After upgrade ESXi 6.7 from build 13004448 (last public patch before Update 2) to 13006603 (Update 2), VE 14.1.0.3 lost communication on TMM interfaces (mgmt worked fine). I did some research then. Egress traffic from TMM went correctly (another VM could see it), but ingress traffic did not fall into TMM. Tried to send burst of 10k broadcast ARP requests in VLAN with TMM interfaces connected, but with no adequate change in stats (tmsh show net interface all-properties raw) on TMM interfaces (stats of mgmt interface, connected to the same VLAN, are increased adequately). Restarting VE did not help. Restarting ESXi did not help. After rolling the ESXi back to the previous build, everything started to work. Tried once again upgrade to 6.7u2 and rollback, with the same results. Speculation: Since Update 2 release notes mention bugfix in vmxnet3, this may be related. AFAIK, TMM takes care of interfaces by itself (in linux, these are visible in lspci, but neither in ifconfig, ip link nor /sys/class/net/), so there could have been made some change in host-side vmxnet3 that is not yet reflected in TMM code. Has anyone similar experience with ESXi 6.7u2? Best regards, Ondrej
Multiple DNS Views?
Hi, in our environment we have bind (tcp/udp port 53) behind an L4 virtual server on big-ip ltm virtual edition. "Views" define where the DNS traffic should be going - is there an easy and effective way to maintain source information while routing to the backend servers in our pool? Are we able to have multiple DNS views to accommodate for the different client request sources? OR Is there a better way to handle this, such as with irules, snat pools, etc? Thanks!
importance of having dedicated vCPU for BIG-IP VE installation ?
Can you help me check the importance of having dedicated vCPU for BIG-IP VE installation ? For OVA installation, we have gone with VPC standard; (ie. no CPU reservation; no Thick provision) Can you advise if we have concerns on: a.No CPU reservation b.No Thick provisioning ** Note: The VPC team monitors the whole Hypervisor Frame and ensure util of CPU never exceed 40%; and guarantee disk space availability even VM is provision is Thin.BIG-IP VE - VMWare ESXi recommended settings
How well does Big-IP F5 work on VMWare Dynamic resource scheduler ? we have successfully migrated a standalone physical to Virtual but soon after we had to revert as their were reach-ability issues with the virtual servers ? any guess on what could have caused the issue ? currently the security settings on VMware for Promiscuous mode, mac address change and forged transits are set to reject. -- I suspect the issue might have been because of this setting.. but our device is only standalone. changing the vm settings is not easy without justification.
VE F5 not passing tagged vlan traffic across Vxrail ESXI
Hi Guys, Been working on this and cannot come to a conclusion, our VE F5 which sits in an esxi enclosure, does not work when tagged vlan is configured (this is the way, rest of the other VE F5s are configured across the estate). However If we untag 1 vlan (and only allows you to untag 1 vlan on the VE) This works for the backend server and traffic passes as we can now see the pool members up, however the front end sits on another vlan and we cannot untag. The only difference is the other f5s sit on a 'UCS' or HP chassis and the problematic one sits on the 'vxrail'. my f5 version is 12.1.2 HF2 And the ESXI is version 6.0. Many thanks if someone can give me a descent answer, i have read most of the forums and nothing helpful.
Big-IP VE Lab License Not Working With v10.2
Actually two questions, both dealing with the installation of the Virtual Lab VE license. 1) I have one license running successfully on a VM. I want to move the license to a new VM. Do I need to contact support for this or is there a way to do it without deactivation/reactivation? 2) I bought a second license, to configure HA. I have yet to install/activate it. I currently need to test upgrading from 10.2 to 11.5. I downloaded the 10.2 VM (.OVA) from F5, but I get an error that my license cannot be installed on that version. What gives? Shouldn't my license be valid for any version? Thanks!Virtual edition unable to deploy on vmware workstation
Team, Please help ,, I am trying to deploy Virtual edition of BIG-IP (BIGIP-11.6.0.0.0.401.ALL-scsi.ova) on VMware workstation pro12. When I try to import the .ova file it just sits on the import screen forever. not sure how long the actual import takes but after few hours like 10-12hrs my C drive disk space will go low from 175GB free. I tried different 11.4 ova file with VMworkstation 11. still the same problem. Please help me to get the labsetup running .. -Bhaskar
