F5 LTM Virtual Edition Part 1

I have been digging in the last months with a couple of deployments of F5 Load Balancers, and to be honest i didn´t have a clue about these interesting devices, and i foud it a really interesting subject. So i started to study in my free time and i have passed already the first exam of the two that you need to pass to achieve the first F5 certification "F5 BIG IP Certified Administrator" and i am on my way studying for the second one.

What i am going to explain here is how to build a Home Lab using VMware Workstation and GNS3.

You will need the following systems in your virtual lab:

• Two virtual machines running your favourite web server.
• One virtual machine running any operating system capable of running a web browser
• Two virtual machines running F5 Local Traffic Manager Virtual Edition.

In my case, i will be using Microsoft IIS as a web server, because i work with it in a daily basis, and a Windows virtual machine as a client.

Get your copy of the F5 Virtual Appliance.

Go to the F5 Site and you will see a blue button with the text ... "Get Trial" click on it, and follow the instructions. You will need to create an account if you don´t have one already. In my case i downloaded the free 90 days trial which is the version "VE Trial 11.3.0 hotfix 1". Also you have to generate a couple of license keys that we will use later. The image comes in .OVF format and you can deploy it easily.

Deploy the Virtual Appliance.

Open your VMWare Worksatation, Ctrl+O, and deploy two copies of the OVF Image. You will have to accept the License Agreement but the process is straightforward and you will finish with two virtual machines with this configuration:

Initial LTM Setup.

The LTM VE comes with four interfaces, eth0 to eth3, eth0 is the dedicated management interface and we will use it to access to the configuration utility and the CLI, and the other three interfaces for the Internal, External, and High Availavility networks. The phisical topology of our deployment will looks like:

This topology is called Two Arm mode or in-line mode, where the Load Balancer is in-line with the traffic. The other deployment mode is called One Arm mode, where the Load Balancer is not in-line with the traffic, and you have to use tricks like SNAT or source routing to pass the returning traffic back trought the Load Balancer.

We will have three different networks, one the External that is from where the client requests will come, another the Internal that is where our servers are located and a dedicated High Availability network that allows the two devices monitor each other. For management purposes i am using a bridged interface directly connected to my laptop. Putting all together it will looks like:

Now we have to create all the networks in the Virtual Network Editor that comes with VMware Workstation.

• 10.245.0.0/24 for the internal and is conected to VMNet 2 Adapter (Host-only Network)
• 172.16.245.0/24 for the external network and is connected to VMNet 4 Adapter (Host-only Network)
• 172.16.246.0/24 for the HA network and is connected to VMNet 5 Adapter (Host-only Network)

And this is how my Virtual Network Editor configuration looks like:

And now we just need to connect the LTM to the configured networks.

At this point we should have access to the LTM thorught the management network (but we don´t know the assigned ip) and throught the VMware Workstation Console, so we can go to the VMware console and execute the config utility to assign a static ip to the LTM.

After typing the default username and password(root/default), you are loged on the sell of the LTM.

The device is unlicensed right now, but we will short it out later. At this stage nothing stops us now on typing

config

in the LTM console, to configure the management IP address, network mask, and the management route.

Now, access to the LTM from your worksation, via telnet or https. I am going to use my web browser to access to the configuration utility to assign a license to the device and create the initial config. Just remember that the you have to use https and that the default login credentials are admin/admin.

At this stage is where the Config utility process starts.

The first step is assigning a license to the LTM, so press next and the licensing window will apear.

Now click activate, to access the licensing process parameter window, and enter the license key and choose automatic licensing method trough the management interface.

and press next.

Now, accept the eula, and if you have internet connctivity through the management interface you will finish with a 90 days license for your LTM. Wait until the Continue button is available and click on it.

The next step is to provision the device, apply the values taht you can see in the image and press next.

We have already an activated license and a provisioned device, in the next sreen we have to assing a hostname and some other parameters, in my case you can see the parameter in the next screenshot.

Click next, and you have the oportunity to start an stardard network configuration wizzard or choose finish, if you want to do it manually. In my case I clicked finish because i prefer to configure the device manually.

The first step is to configure the VLANS that we are going to use in our topology. On the left menu, click Network and then VLANS. This will redirect you to the VLAN List screen, and click on create.

The first VLAN is named Internal, with a tag of 10, asigned to the interface 1.1 untagged.

The second VLAN is named External, with a tag of 20, asigned to the interface 1.2 untagged.

The last VLAN is named HA, with a tag of 30, asigned to the interface 1.3 untagged.

Now we need to create the self IPs for each of the VLANS that we created previously. On the left menu, click Network and then Self IPs. This will redirect you to the Self IP List screen, and click on create. You have to create three Self IPs, one for each VLAN named InternalSelf, ExternalSelf and HA Self but you can choose another names if you want.

If you need information about what Port Lockdown is, you can read the following Link: We will cover traffic groups on future post, so don´t worry about that at the moment.

Adding GNS3 to the picture.

We need 3 clouds, one switch and one router. And here is the final topology.

On the InsideVLAN Cloud, we have to add the VMNet2 Interface.

On the OutsideVLAN Cloud, we have to add the VMNet4 Interface.

On the HAVLAN Cloud, we have to add the VMNet5 Interface.

And now we connect each cloud to its respective VLAN. And the router to the External VLAN as well.

Here is the configuration of the router.

R1#show running-config interface gigabitEthernet 1/0
Building configuration...

Current configuration : 95 bytes
!
interface GigabitEthernet1/0
 ip address 172.16.245.247 255.255.255.0
 negotiation auto
end

We should be able to ping the External Self IP of the LTM.

R1#ping 172.16.245.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.245.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/29/56 ms

And that is all for today. Hope to see you in my next post.