For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

deployment

3848 Topics

BIG-IP VE: 40G Throughput from 4x10G physical NICs
Hello F5 Community, I'm designing a BIG-IP VE deployment and need to achieve 40G throughput from 4x10G physical NICs. After extensive research (including reading K97995640), I've created this flowchart to summarize the options. Can you verify if this understanding is correct? **My Environment:** - Physical server: 4x10G NICs - ESXi 7.0 - BIG-IP VE (Performance LTM license) - Goal: Maximize throughput for data plane **Research Findings:** From F5 K97995640: "Trunking is supported on BIG-IP VE... intended to be used with SR-IOV interfaces but not with the default vmxnet3 driver. [Need 40G to F5 VE] ┌──────┴──---------------------- ────┐ │ │ [F5 controls] [ESXi controls] (F5 does LACP) (ESXi does LACP) │ │ Only SR-IOV Link Aggregation │ │ ┌───┴───┐ ┌───┴───┐ │40G per│ │40G agg │ │ flow │ │10G/flow │ └───────┘ └───────┘
Karthick1
Dec 05, 2025 Place Technical Forum
43Views
0likes
4Comments
Import the iSeries UCS file into the rSeries BIG IP tenant.
Hello, I have import ucs file from my iseries and trying to import it into big ip tenant on rseries but I got this error. I have tried the manual version and F5 journeys but the result is always the same. --------------------------------------------------------------------------------------------------------------------------------------------------------------- load_config_files[4900]: "/usr/bin/tmsh -n -g -a load sys config partitions all " - failed. -- 010713d0:3: Symmetric Unit Key decrypt failure - decrypt failure Unexpected Error: Loading configuration process failed. 2025 Nov 20 21:05:12 localhost.localdomain load_config_files[4900]: "/usr/bin/tmsh -n -g -a load sys config partitions all " - failed. -- 010713d0:3: Symmetric Unit Key decrypt failure - decrypt failure Broadcast message from systemd-journald@localhost.localdomain (Thu 2025-11-20 21:05:14 EAT): load_config_files[5614]: "/usr/bin/tmsh -n -g -a load sys config partitions all base " - failed. -- 010713d0:3: Symmetric Unit Key decrypt failure - decrypt failure Unexpected Error: Loading configuration process failed. 2025 Nov 20 21:05:14 localhost.localdomain load_config_files[5614]: "/usr/bin/tmsh -n -g -a load sys config partitions all base " - failed. -- 010713d0:3: Symmetric Unit Key decrypt failure - decrypt failure Configuration loading error: base-config-load-failed For additional details, please see messages in /var/log/ltm
Solved
Manu99
Dec 04, 2025 Place Technical Forum
112Views
0likes
4Comments
BIG-IP device fails to install node-inspector
Hi all, when I followed the steps in 'Steps to Setup Node-Inspector on BIG-IP' and executed the following command, an error occurred. command: [root@bigip1:Active:Standalone] ~ # npm install -g node-inspector@0.12.8 errors: npm ERR! Linux 3.10.0-862.14.4.el7.ve.x86_64 npm ERR! argv "/usr/bin/node" "/usr/bin/.npm__" "install" "-g" "node-inspector@0.12.8" npm ERR! node v6.9.1 npm ERR! npm v3.10.8 npm ERR! path /usr/lib/node_modules npm ERR! code EROFS npm ERR! errno -30 npm ERR! syscall access npm ERR! rofs EROFS: read-only file system, access '/usr/lib/node_modules' npm ERR! rofs This is most likely not a problem with npm itself npm ERR! rofs and is related to the file system being read-only. npm ERR! rofs npm ERR! rofs Often virtualized file systems, or other file systems npm ERR! rofs that don't support symlinks, give this error. npm ERR! Please include the following file with any support request: npm ERR! /root/npm-debug.log logs: [root@bigip1:Active:Standalone] ~ # tail -30 /root/npm-debug.log 7616 silly idealTree | `-- lodash@3.10.1 7616 silly idealTree +-- xmldom@0.1.31 7616 silly idealTree +-- xtend@4.0.2 7616 silly idealTree +-- y18n@3.2.2 7616 silly idealTree `-- yargs@3.32.0 7617 silly generateActionsToTake Starting 7618 silly install generateActionsToTake 7619 warn checkPermissions Missing write access to /usr/lib/node_modules 7620 silly rollbackFailedOptional Starting 7621 silly rollbackFailedOptional Finishing 7622 silly runTopLevelLifecycles Finishing 7623 silly install printInstalled 7624 verbose stack Error: EROFS: read-only file system, access '/usr/lib/node_modules' 7624 verbose stack at Error (native) 7625 verbose cwd /root 7626 error Linux 3.10.0-862.14.4.el7.ve.x86_64 7627 error argv "/usr/bin/node" "/usr/bin/.npm__" "install" "-g" "node-inspector@0.12.8" 7628 error node v6.9.1 7629 error npm v3.10.8 7630 error path /usr/lib/node_modules 7631 error code EROFS 7632 error errno -30 7633 error syscall access 7634 error rofs EROFS: read-only file system, access '/usr/lib/node_modules' 7635 error rofs This is most likely not a problem with npm itself 7635 error rofs and is related to the file system being read-only. 7635 error rofs 7635 error rofs Often virtualized file systems, or other file systems 7635 error rofs that don't support symlinks, give this error. 7636 verbose exit [ -30, true ] This seems like a directory access permission issue, but I can't change the read/write permissions on the F5 device. How should this be resolved? f5-appsvcs-extension/contributing/node_inspector_profiling_as3.md at v3.54.2 · F5Networks/f5-appsvcs-extension
Solved
ecolauce
Dec 03, 2025 Place Technical Forum
72Views
0likes
4Comments
F5 HA deployment in Azure using Azure Load Balancer
I just created an HA 90 (Active/Standby) peer for one of our customers adding an F5 to their current stand alone infrastructure in Azure. We are using a 3-NIC deployment model using the external interface for the VIPs and the Internal for our HA peering. We are also using secondary IP addresses on the external NIC which are in turn used for the VIPs on the F5. ✔ 3-NIC BIG-IP deployment (Management, Internal, External) ✔ Secondary IPs on the external NIC ✔ Those secondary IPs are mapped to BIG-IP Virtual Servers (VIPs) ✔ Internal NIC is used only for HA sync (not for traffic) For redundancy I have suggested using CFE in for failover but the customer wants to use and Azure load balancer and having the F5s as backend pool members. They do not want to use CFE. Is it possible to deploy an F5 HA pair in Azure using an Azure Load Balancer while the VIPs are using secondary NICs on the external interface? I'm afraid using an ALB would require making changes to the current VIP configurations on F5 to support a wildcard. Any other HA deployment models within Azure given the current infrastructure would also be helpful. Thank You
bmainline
Dec 03, 2025 Place Technical Forum
73Views
0likes
2Comments
Big-IP LTM integration with Big-IP DNS in Azure
We are deploying Big-IPs to Azure. We are going with 3 NICs(mgmt/client/server) Big-IP LTM/APM nodes. They will integrate with existing Big-IP DNS nodes. What is the NIC to use for not only the initial bigip_add (port 22), but for also iquery 4353? Best practice? I understand big3d will listen on self ips and mgmt. Per https://clouddocs.f5.com/cloud/public/v1/azure/Azure_multiNIC.html, it mentions 4353 comms on internal network for config sync, etc. What about for F5 DNS integration and iquery comms? Does anybody have any experience with this configuration and/or best practice recommendations?
Solved
jparri2323
Nov 25, 2025 Place Technical Forum
93Views
0likes
3Comments
Requirement for BIG-IQ VM Deployment in AWS
Can anyone please suggest on below. We have a requirement to deploy a BIG-IQ VM in the AWS cloud to manage our existing LTM, GTM, and WAF devices. We are planning to manage approximately 100 F5 devices using BIG-IQ. Could you please share the recommended system requirements (RAM and disk space) for the BIG-IQ instance to support this scale? and other details as well if required for the same. Kind regards
Rishi
Nov 24, 2025 Place Technical Forum
63Views
0likes
3Comments
Cannot ping external interface
Hi All, first post here, first time F5 devices and a complete novice. I have a couple of BIG-IP devices and the luxury to play and learn before we go live. I have one I am sure is going to be a simple (and probably stupid question) On our LAN I have been able to set one device with a management interface, a virtual server and all the hosts and nodes are connecting fine. This is in a typical round robin setup. The thing I cannot figure out is the external port and address. For brevities sake and simplicity I have one physical interface connected directly to the gateway provided by our ISP and we have a block of static public IPs provided. I have assigned , or want to assign, one of the spare IP address to this interface. This is method we have with our other (non F5 firewalls) and it works, but not here. I have created a VLAN called external , set it to untagged and assigned the interface connected to the gateway to this VLAN. I then assigned that VLAN to my VirtualServer. However I cannot ping or reach the external IP address in any fashion and I am not sure why
peeryog
Nov 21, 2025 Place Technical Forum
157Views
0likes
9Comments
HA Failover between two Datacenters
I currently have three Host Load Balancers with LTM Guest, with GSLB. In datacenter 1 is two Host standalone w/two Guest in HA Failover / Synchronization - GSLB. In datacenter 2 is one Host standalone w/one Guest in standalone - GSLB. I am creating another set of three Guest for application isolation, two in datacenter 1 and one in datacenter 2, with no GSLB, due to application limitations of not using FQDN. Is if feasible to create a HA Failover/Synchronization between three Guest, even though they are in separate datacenters (450 miles apart). If so, what are some precautions that I should be aware of? Regards, Larry
Larry_Wilks
Nov 21, 2025 Place Technical Forum
98Views
0likes
3Comments
SSL Orchestrator and Layer 2 Service Integration
Has anyone encountered issues with rSeries Big IP Tenant with the integration of a layer 2 service? In my case, I cannot make the service to come up even though I have the exact VLAN name and tagging set in the OS bare metal, and exactly the same VLAN and tagging configured in the tenant.
RedBaron
Nov 13, 2025 Place Technical Forum
184Views
0likes
6Comments
Ansible - Upload Certificates requires Administrator Role?
Hi, I'm trying to give people the opportunity to manage their SSL Certificates themself. So I build something, that triggers an ansible playbook upload and update certificates on a LTM. The user has the role "Certificate Manager". When logged into the GUI with that user (for testing purpose), one can upload, update, delete certifactes and keys, no problem. When trying to use an ansible playbook with the credentials of that "Certificate Manager" Role user, the playbook fails with the following message: { "msg": "Failed to upload the file." } For uploading/updating certificates and keys I use the F5 ansible modules: f5networks.f5_modules.bigip_ssl_certificate f5networks.f5_modules.bigip_ssl_key When I change the user-role mapping from "Certificate Manager" to "Adminstrator" the playbooks works as inspected. I also tried the following role mappings, none of which had the permission to upload certificates and keys. Resource Administrator Operator Application Editor Manager Do i really have to use an user with Administrator Role? This would be a huge security issue in my opinion. Supplement: I've noticed, that "Terminal Access" was disabled for the specific user. I set it to "tmsh" and tried again. This time, I was at least able to run the playbook successfully, when the certificate was already the same I've tried to upload. So the result of ansible change was false. But uploading new certificates is still not possible.
Solved
Ichnafi
Nov 13, 2025 Place Technical Forum
136Views
0likes
3Comments