How to deploy an F5 VE in ESXi

As part of my series of posts related to the infrastructure behind websites, this post will show how to deploy an F5 VE in ESXi. Here’s a high level overview of the steps:

  1. Download the template from https://downloads.f5.com/
  2. Deploy to your hypervisor (ESXi in this case)
  3. Boot Vitual Machine
  4. Configure management networking
  5. Install License
  6. Setup Basic Networking
  7. Lock down and customize

First, create and/or login to F5 Downloads (it’s free, don’t hesitate to register):

dowloadsf5.jpg

 

Select the BIG-IP v11.x/Virtual Edition:

productline

 

 

Now select the OS version you want to use. I chose 11.6.0, which right now is the latest version:

product11.6

 

Save the appropriate image for the hypervisor you’re using to Hard Disk:

imagelist

Like I mentioned before, I prefer ESXi…

 

Login to VMWare VSphere, Deploy OVF Template:

vshpereOVF

 

Deploy the BIG-IP image you downloaded from F5 

selectOVF

 

Click Next…

detailsOVF

 

Click Next some more and grab a beer (Germans prefer Hefeweizen):

IMG_0545

I won this shirt at an F5 User’s Group — w00t w00t!

 

storageOVF

 

I’ll let you know why I like to choose Thin Provision later

formatOVF

 

Choose proper networking — I have three VLANs, Management, Public, Private, I’m not using HA, so I’ll leave it at my default:

network-ovf-mapping

 

Pop out Console, login with user: root — password: default

launchVMconsole

consolelogin

 

Type ‘config’ and hit enter to get to the CLI setup utility of BIG-IP:

configutil

 

BIG-IP always needs at least two addresses, the management and traffic interfaces:

configureIP

confirmconfig

 

Connect via GUI using Chrome:

GUI2

 

 

Login with user: admin — password: admin

BigIPLogin

 

Activate license(Click here if you need a temporary license or here if you want to buy a permanent license for $95):

BigIPsetuputil

BigIPlicense

 

Change the activation method to ‘Manual’, unless your Management interface has Internet access.

BigIPregistration

 

Copy the Dossier and click on the link in Step 2:

BigIPdossier

 

Enter your dossier here:

dossier

 

Click next and then we’ll copy the license:

BigIPactivate

 

After you hit next, copy the license and paste in into your Big-IP (Step 3 in the Setup Utility):

BigIPwithlicense

 

Now that you’re licensed, the Setup Utility will take you to the Provisioning screen. Provision Local Traffic Manager (LTM) to Nominal for optimum performance:

BigIPLTMprovisioned

 

If you wish to change the Device Cert you can do this here, but it’s not required.

BigIPLTMdevicecert

Just go ahead and click next, will you?

 

Best practices of security say “Do Not Keep Default Passwords!”:

BigIPLTMGeneralProp

I will have to slap you if you didn’t change your passwords!

 

Click “Advanced networking” to do our own setup — you can run the wizard, but I prefer more control.

EndSetupUpUtil

 

Before we configure the networking, here’s a quick explanation of what the F5 terminology means for us in the VE:

  • VLAN – In the VE, this is really just to associate traffic coming from one of the interfaces we assigned in ESXi to the Virtual Machine so we can assign an IP to the interface. The first interface in ESXi is the management, or eth0 in the F5. The second interface is generally going to appear as “physical” interface 1.1, which we will create a VLAN associated with that interface. We will then create a “Self IP” on the F5 for each VLAN. This is to gain IP connectivity into those subnets. The WAN interface is my lab “internet” facing network where we will create VIPs, and the apps network is where my web servers live.

Let’s set this up now!

On your BIG-IP GUI go to Network –> VLANs –> VLAN list. On the top right click create. Only the red rectangles matter, don’t change anything else. I’ll explain why in another blog post.

vlansetup1

 

Create VLAN for WAN:

vlansetup2

 

To create the Self IP got to Network –> Self IPs and click create. The Self IPs need to be in the VLAN of the VM. Create Self IP for apps:

selfIPsetup2

 

Create Self IP for WAN:

selfIPsetup3

Test: Ping the Self IPs in WAN and apps — if this works, you are probably all set!

pingselfip

If it doesn’t, change around your hypervisor VLANs or the interfaces you chose for your VLANs. Having issues? Contact us directly or leave a comment!

Do you want to learn how to build a basic f5 virtual server?

Ready to setup F5 device clustering in an HA group?

Leave a Reply

Your email address will not be published. Required fields are marked *