As part of my series of posts related to the infrastructure behind websites, this post will show how to deploy an F5 VE in ESXi. Here’s a high level overview of the steps:
- Download the template from https://downloads.f5.com/
- Deploy to your hypervisor (ESXi in this case)
- Boot Vitual Machine
- Configure management networking
- Install License
- Setup Basic Networking
- Lock down and customize
First, create and/or login to F5 Downloads (it’s free, don’t hesitate to register):
Select the BIG-IP v11.x/Virtual Edition:
Now select the OS version you want to use. I chose 11.6.0, which right now is the latest version:
Save the appropriate image for the hypervisor you’re using to Hard Disk:
Like I mentioned before, I prefer ESXi…
Login to VMWare VSphere, Deploy OVF Template:
Deploy the BIG-IP image you downloaded from F5
Click Next some more and grab a beer (Germans prefer Hefeweizen):
I won this shirt at an F5 User’s Group — w00t w00t!
I’ll let you know why I like to choose Thin Provision later
Choose proper networking — I have three VLANs, Management, Public, Private, I’m not using HA, so I’ll leave it at my default:
Pop out Console, login with user: root — password: default
Type ‘config’ and hit enter to get to the CLI setup utility of BIG-IP:
BIG-IP always needs at least two addresses, the management and traffic interfaces:
Connect via GUI using Chrome:
Login with user: admin — password: admin
Activate license(Click here if you need a temporary license or here if you want to buy a permanent license for $95):
Change the activation method to ‘Manual’, unless your Management interface has Internet access.
Copy the Dossier and click on the link in Step 2:
Enter your dossier here:
Click next and then we’ll copy the license:
After you hit next, copy the license and paste in into your Big-IP (Step 3 in the Setup Utility):
Now that you’re licensed, the Setup Utility will take you to the Provisioning screen. Provision Local Traffic Manager (LTM) to Nominal for optimum performance:
If you wish to change the Device Cert you can do this here, but it’s not required.
Just go ahead and click next, will you?
Best practices of security say “Do Not Keep Default Passwords!”:
I will have to slap you if you didn’t change your passwords!
Click “Advanced networking” to do our own setup — you can run the wizard, but I prefer more control.
Before we configure the networking, here’s a quick explanation of what the F5 terminology means for us in the VE:
- VLAN – In the VE, this is really just to associate traffic coming from one of the interfaces we assigned in ESXi to the Virtual Machine so we can assign an IP to the interface. The first interface in ESXi is the management, or eth0 in the F5. The second interface is generally going to appear as “physical” interface 1.1, which we will create a VLAN associated with that interface. We will then create a “Self IP” on the F5 for each VLAN. This is to gain IP connectivity into those subnets. The WAN interface is my lab “internet” facing network where we will create VIPs, and the apps network is where my web servers live.
Let’s set this up now!
On your BIG-IP GUI go to Network –> VLANs –> VLAN list. On the top right click create. Only the red rectangles matter, don’t change anything else. I’ll explain why in another blog post.
Create VLAN for WAN:
To create the Self IP got to Network –> Self IPs and click create. The Self IPs need to be in the VLAN of the VM. Create Self IP for apps:
Create Self IP for WAN:
Test: Ping the Self IPs in WAN and apps — if this works, you are probably all set!
If it doesn’t, change around your hypervisor VLANs or the interfaces you chose for your VLANs. Having issues? Contact us directly or leave a comment!
Do you want to learn how to build a basic f5 virtual server?
Ready to setup F5 device clustering in an HA group?