Big-Ip Systems: Getting Started Guide

BIG-IP Systems: Getting Started Guide
version 10.0.0
MAN-0291-00
Product Version
This manual applies to product version 10.0.0 of the BIG-IP Local Traffic Manager, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP SSL Accelerator, BIG-IP Application Security Manager, and the BIG-IP WebAccelerator System, BIG-IP WAN Optimization Module, and VIPRION systems.
Publication Date
This manual was published on September 22, 2009.
Legal Notices
Copyright
Copyright 2008-2009, F5 Networks, Inc. All rights reserved. F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5 assumes no responsibility for the use of this information, nor any infringement of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent, copyright, or other intellectual property right of F5 except as specifically described by applicable user licenses. F5 reserves the right to change specifications at any time without notice.
Trademarks
F5, F5 Networks, the F5 logo, BIG-IP, 3-DNS, Acopia, Acopia Networks, Application Accelerator, Ask F5, Application Security Manager, ASM, ARX, Data Guard, Enterprise Manager, EM, FirePass, FreedomFabric, Global Traffic Manager, GTM, iControl, Intelligent Browser Referencing, Internet Control Architecture, IP Application Switch, iRules, Link Controller, LC, Local Traffic Manager, LTM, Message Security Module, MSM, NetCelera, OneConnect, Packet Velocity, SSL Accelerator, SYN Check, Traffic Management Operating System, TMOS, TrafficShield, Transparent Data Reduction, uRoam, VIPRION, WANJet, WebAccelerator, and ZoneRunner are trademarks or service marks of F5 Networks, Inc., in the U.S. and other countries, and may not be used without F5's express written consent.
Patents
This product protected by U.S. Patents 6,327,242; 6,374,300; 6,473,802; 6,970,933; 7,051,126; 7,102,996; 7,146,354; 7,197,661; 7,206,282; 7,287,084. Other patents pending.
Export Regulation Notice

This product may include cryptographic software. Under the Export Administration Act, the United States government may consider it a criminal offense to export this product from the United States.
RF Interference Warning
This is a Class A product. In a domestic environment this product may cause radio interference, in which case the user may be required to take adequate measures.
FCC Compliance
This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This unit generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case the user, at his own expense, will be required to take whatever measures may be required to correct the interference. Any modifications to this device, unless expressly approved by the manufacturer, can void the user's authority to operate this equipment under part 15 of the FCC rules.
Canadian Regulatory Compliance

This Class A digital apparatus complies with Canadian ICES-003.
Standards Compliance
This product conforms to the IEC, European Union, ANSI/UL and Canadian CSA standards applicable to Information Technology products at the time of manufacture.
Acknowledgments
This product includes software developed by Bill Paul. This product includes software developed by Jonathan Stone. This product includes software developed by Manuel Bouyer. This product includes software developed by Paul Richards. This product includes software developed by the NetBSD Foundation, Inc. and its contributors. This product includes software developed by the Politecnico di Torino, and its contributors. This product includes software developed by the Swedish Institute of Computer Science and its contributors. This product includes software developed by the University of California, Berkeley and its contributors. This product includes software developed by the Computer Systems Engineering Group at the Lawrence Berkeley Laboratory. This product includes software developed by Christopher G. Demetriou for the NetBSD Project. This product includes software developed by Adam Glass. This product includes software developed by Christian E. Hopps. This product includes software developed by Dean Huxley. This product includes software developed by John Kohl. This product includes software developed by Paul Kranenburg. This product includes software developed by Terrence R. Lambert. This product includes software developed by Philip A. Nelson. This product includes software developed by Herb Peyerl. This product includes software developed by Jochen Pohl for the NetBSD Project. This product includes software developed by Chris Provenzano. This product includes software developed by Theo de Raadt. This product includes software developed by David Muir Sharnoff. This product includes software developed by SigmaSoft, Th. Lockert. This product includes software developed for the NetBSD Project by Jason R. Thorpe. This product includes software developed by Jason R. Thorpe for And Communications, http://www.and.com. This product includes software developed for the NetBSD Project by Frank Van der Linden. This product includes software developed for the NetBSD Project by John M. Vinopal. This product includes software developed by Christos Zoulas. This product includes software developed by the University of Vermont and State Agricultural College and Garrett A. Wollman. This product includes software developed by Balazs Scheidler <bazsi@balabit.hu>, which is protected under the GNU Public License. This product includes software developed by Niels Mueller <nisse@lysator.liu.se>, which is protected under the GNU Public License. In the following statement, "This software" refers to the Mitsumi CD-ROM driver: This software was developed by Holger Veit and Brian Moore for use with "386BSD" and similar operating systems. "Similar operating systems" includes mainly non-profit oriented systems for research and education, including but not restricted to "NetBSD," "FreeBSD," "Mach" (by CMU). This product includes software developed by the Apache Group for use in the Apache HTTP server project (http://www.apache.org/). This product includes software licensed from Richard H. Porter under the GNU Library General Public License ( 1998, Red Hat Software), www.gnu.org/copyleft/lgpl.html.
ii
This product includes the standard version of Perl software licensed under the Perl Artistic License ( 1997, 1998 Tom Christiansen and Nathan Torkington). All rights reserved. You may find the most current standard version of Perl at http://www.perl.com. This product includes software developed by Jared Minch. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product contains software based on oprofile, which is protected under the GNU Public License. This product includes RRDtool software developed by Tobi Oetiker (http://www.rrdtool.com/index.html) and licensed under the GNU General Public License. This product contains software licensed from Dr. Brian Gladman under the GNU General Public License (GPL). This product includes software developed by the Apache Software Foundation <http://www.apache.org/>. This product includes Hypersonic SQL. This product contains software developed by the Regents of the University of California, Sun Microsystems, Inc., Scriptics Corporation, and others. This product includes software developed by the Internet Software Consortium. This product includes software developed by Nominum, Inc. (http://www.nominum.com). This product contains software developed by Broadcom Corporation, which is protected under the GNU Public License. This product includes software developed by the Computer Systems Engineering Group at Lawrence Berkeley Laboratory. Copyright 1990-1994 Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by the Computer Systems Engineering Group at Lawrence Berkeley Laboratory. 4. Neither the name of the University nor of the Laboratory may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This product includes software developed by Sony Computer Science Laboratories Inc. Copyright 1997-2003 Sony Computer Science Laboratories Inc. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY SONY CSL AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL SONY CSL OR CONTRIBUTORS BE LIABLE FOR ANY
iii
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
iv
Table of Contents
Table of Contents
1
Introducing BIG-IP Systems
Getting started with BIG-IP systems ..........................................................................................1-1 Understanding this guide ...............................................................................................................1-2 Choosing a configuration tool ......................................................................................................1-2 Using the Configuration utility ............................................................................................1-2 Using command line utilities ................................................................................................1-4 Understanding stylistic conventions ...........................................................................................1-5 Identifying references to products .....................................................................................1-5 Identifying references to other documents .....................................................................1-5 Using the examples ................................................................................................................1-5 Identifying new terms ............................................................................................................1-5 Identifying references to objects, names, and commands ............................................1-5 Identifying command syntax ................................................................................................1-6 Finding help and technical support resources ..........................................................................1-7
2
Preparing the System for Installation
Summarizing 10.x installation and upgrade ...............................................................................2-1 Performing prerequisite tasks ......................................................................................................2-2 Configuring the management interface .............................................................................2-2 Establishing a connection to the system ...........................................................................2-4 Working with volumes .........................................................................................................2-6 Activating the software license ...........................................................................................2-8 Performing optional tasks .......................................................................................................... 2-10 Managing pre-existing configuration files ....................................................................... 2-10 Preparing units in a redundant system configuration ................................................. 2-13
3
Performing the Installation
Introducing the installation process ............................................................................................3-1 Upgrading from 9.6.x or earlier versions of 10.x ...........................................................3-1 Upgrading from version 9.3.x or 9.4.x ..............................................................................3-2 Upgrading from software versions earlier than 9.3.x ....................................................3-2 Downloading and importing the installation file ......................................................................3-3 Starting the installation ..................................................................................................................3-4 Rebooting the system ....................................................................................................................3-5
4
Completing Post-Installation Tasks
Understanding system configuration ..........................................................................................4-1 Running the Setup utility ...............................................................................................................4-2 Preventing the Setup utility from running automatically ...............................................4-2 Specifying settings in the Setup utility ...............................................................................4-3 Configuring basic management settings ............................................................................4-3 Configuring traffic management settings ..........................................................................4-6 Provisioning TMOS modules ........................................................................................................4-8 Understanding Resource Provisioning settings ...............................................................4-8 Specifying provisioning levels ..............................................................................................4-9 Understanding rolling forward and provisioning ......................................................... 4-10 Completing system configuration ............................................................................................. 4-11
Table of Contents
A
Using the image2disk and diskinit Utilities
Introducing the image2disk and diskinit utilities .....................................................................A-1 Upgrading version 9.3.x or 9.4.x systems ................................................................................A-2 Preparing for system upgrade ............................................................................................A-2 Performing system upgrade ................................................................................................A-2 Downloading the installation file .......................................................................................A-2 Installing the image2disk upgrade utility ..........................................................................A-3 Starting the installation ........................................................................................................A-3 Formatting for volumes .......................................................................................................A-4 Rebooting after installation .................................................................................................A-5 Completing post-installation tasks ....................................................................................A-5 Recovering the system using image2disk ..................................................................................A-6 Recovering blank or damaged hard drives ...............................................................................A-7 Preparing the system to run the diskinit utility .............................................................A-7 Running the diskinit utility ..................................................................................................A-8
B
Creating a Bootable USB Thumb Drive
Introducing the mkdisk utility ..................................................................................................... B-1 Creating the bootable thumb drive ........................................................................................... B-2
C
Monitoring the BIG-IP System
Introducing the dashboard ...........................................................................................................C-1 Viewing BIG-IP system information ...........................................................................................C-2 Viewing CPU statistics .........................................................................................................C-3 Viewing memory usage statistics .......................................................................................C-4 Viewing connection statistics .............................................................................................C-4 Viewing throughput statistics .............................................................................................C-5 Viewing statistics for other modules .........................................................................................C-6
Glossary Index
ii
1
Getting started with BIG-IP systems Understanding this guide Choosing a configuration tool Understanding stylistic conventions Finding help and technical support resources
Getting started with BIG-IP systems

The BIG-IP system is a set of application delivery products that work together to ensure high availability, improved performance, application security, and access control. The primary module in the product family, the Local Traffic Manager, directs different types of protocol and application traffic to an appropriate destination server. Other modules available on the BIG-IP system provide critical functions such as WAN Optimization Module, which optimizes connections across a wide-area network, the WebAccelerator system, which accelerates HTTP connections, Application Security Manager, which applies security policies to network traffic, and Global Traffic Manager, which maintains responsive user access regardless of network conditions. All products and modules in the BIG-IP product family run on the powerful Traffic Management Operating System, commonly referred to as TMOS. For an overview of the complete BIG-IP product offering, see the introductory chapter of the TMOS Management Guide for BIG-IP Systems, which contains the information you need to configure and maintain the network and system-related components. You can find this document in the Ask F5SM Knowledge Base, at https://support.f5.com
1-1
Chapter 1
Understanding this guide

This guide describes all the setup tasks you must complete to install, license, provision, and configure initial settings for any BIG-IP system. This guide is intended to help users get their version 10.x BIG-IP systems up and running. Before you start installing the BIG-IP system, we recommend that you review the basic configuration tasks and collect the few pieces of required information, such as IP addresses and host names. You can use the BIG-IP Local Traffic Manager Configuration Worksheet, available in the Ask F5 Knowledge Base, at https://support.f5.com, to help you gather the information you need. The chapters in this guide provide step-by-step procedures for setup tasks. Before you start configuring your system, we recommend that you review the available documentation for the Local Traffic Manager, as well as any other modules you plan to use. You can find a list of documentation in Finding help and technical support resources, on page 1-7.
Choosing a configuration tool

The BIG-IP system offers both browser-based and command line configuration tools, so that users can work in the environment where they are most comfortable. Once you have completed the initial configuration using the Setup utility, you can continue with more detailed configuration of the system. To do so, you can use the browser-based Configuration utility or the command line utilities, or a combination of the two.
Using the Configuration utility

The Configuration utility is a browser-based application that you can use to install, configure, and monitor the BIG-IP system. Figure 1.1 shows the Welcome screen of the Configuration utility.
1-2
Figure 1.1 Welcome screen in the Configuration utility
Understanding the components of the Configuration utility

The Configuration utility contains the following components:
The identification and messages area The identification and messages area of the Configuration utility is the screen region that is above the navigation pane, the menu bar, and the body. In this area, you find the system identification, including the host name, management IP address, logged on user name and role, and date and time information. Below the top area are identifiers for the unit and
1-3
Chapter 1
state of the system. This area is also where the system presents certain system messages, for example Activation Successful, which appears after a successful licensing process.
The navigation pane The navigation pane, on the left side of the screen, contains the Main tab, the Help tab, and the About tab. The Main tab provides links to the major configuration objects. The Help tab provides context-sensitive help for each screen in the Configuration utility. The About tab presents the content from the Welcome screen. When the Help or About tab is active, you can open the content of the navigation pane in a new window using the Launch button. You can also print the content of the Help or About panes using the Print button. The menu bar The menu bar, which is below the identification and messages area, and above the body, provides links to the additional configuration objects within each major object. The body The body is the screen area where the configuration settings display.
Browser support for the Configuration utility

The BIG-IP Configuration utility works with a majority of the commonly-available web browsers. For the most current list of the supported browsers for the Configuration utility, refer to the current release note, available in the Ask F5 Knowledge Base, at https://support.f5.com.
Using command line utilities

In addition to using the Configuration utility, you can also manage the BIG-IP system using command line utilities such as the bigpipe utility and the Traffic Management Shell (tmsh) utility. You can use the command line utilities directly on the BIG-IP system console, or you can run commands using a remote shell, such as the SSH client or a Telnet client. For more information on command line utilities, see Bigpipe Utility Reference Guide, the Traffic Management Shell (tmsh) Reference Guide, or the online man pages.
Note
All users must use the browser-based Configuration utility to license the system for the first time. For information about running Setup using the Configuration utility, see Running the Setup utility, on page 4-2.
1-4
Understanding stylistic conventions

To help you easily identify and understand important information, all of our documentation uses the stylistic conventions described in this section.
Identifying references to products

We refer to all products in the BIG-IP product family as BIG-IP systems. We refer to the software modules by their name, for example, we refer to the Local Traffic Manager module as simply the Local Traffic Manager. If configuration information relates to a specific hardware platform, we note the platform.
Identifying references to other documents

We use italic text to denote a reference to another document or section of a document. We use bold, italic text to denote a reference to a book title. For example, you can find information about local traffic virtual servers in the Configuring Virtual Servers chapter of the Configuration Guide for BIG-IP Local Traffic Management.
Using the examples

All examples in this document use only private class IP addresses. When you set up the configurations we describe, you must use valid IP addresses suitable to your own network in place of our sample addresses.
Identifying new terms

To help you identify sections where a term is defined, the term itself is shown in bold italic text. For example, a virtual server is a specific combination of a virtual address and virtual port, associated with a content site that is managed by a BIG-IP system or other type of host server.
Identifying references to objects, names, and commands

We apply bold text to a variety of items to help you easily pick them out of a block of text. These items include web addresses, IP addresses, utility names, most controls in the Configuration utility, and portions of commands, such as variables and keywords. For example, you can set the Idle Timeout value to 5.
1-5
Chapter 1
Identifying command syntax

We show complete commands in bold Courier text. Note that we do not include the corresponding screen prompt, unless the command is shown in a figure that depicts an entire command line screen. For example, the following command shows the configuration of the specified pool name:
bigpipe self <ip_address> show
or
b self <ip_address> show
Table 1.1 explains additional special conventions used in command line syntax.
Item in text
\
Description Indicates that the command continues on the following line, and that you should type the entire command without entering a line break.
<
>
Identifies a user-defined parameter. For example, if the command has <your name>, type in your name, but do not include the brackets. Separates parts of a command.
| [ ]
Indicates that syntax inside the brackets is optional. Indicates that you can type a series of items.
...
Table 1.1 Command syntax conventions
1-6
Finding help and technical support resources

In addition to this guide, there are other sources of documentation for the BIG-IP system.
BIG-IP system setup instructions All hardware from F5 Networks contains printed system setup instructions that describe the basic configuration steps required to get the BIG-IP system up and running in the network. This guide assumes that you have already completed the steps in the setup instructions included in the printed document in the box shipped with the system. Configuration Worksheet This worksheet provides you with a place to plan the basic configuration for the BIG-IP system. You will need some of the information from this worksheet to complete tasks described in this guide. The worksheet is available in the Ask F5 Knowledge Base, at https://support.f5.com Product guides Before you begin, we recommend that you visit the Ask F5 Knowledge Base, at https://support.f5.com, to review the following guides. TMOS Management Guide for BIG-IP Systems This guide contains information you need to configure and maintain the network and system-related components of the BIG-IP system. Configuration Guide for BIG-IP Local Traffic Management This guide contains any information you need for configuring the BIG-IP system to manage local network traffic. Bigpipe Utility Reference Guide This guide contains information you need if you choose to configure the BIG-IP system using the bigpipe command line utility. Traffic Management Shell (tmsh) Reference Guide This guide contains information you need if you choose to configure the BIG-IP system using the tmsh command line utility.
Applicable module configuration guides Each module has an associated configuration guide. You should consult the configuration guide applicable to the modules you are running. For example, if you are running the WAN Optimization Module, you should review the Configuration Guide for the BIG-IP WAN Optimization Module. Online help for BIG-IP systems The Configuration utility has online help for each screen. The online help contains descriptions of each control and setting on the screen. Click the Help tab in the navigation pane to view the online help for a screen. Welcome screen in the Configuration utility The Welcome screen in the Configuration utility contains links to many useful web sites and resources, including: The Ask F5 Knowledge Base The F5 Solution Center and F5 DevCentral web site Plug-ins, SNMP MIBs, and SSH clients
1-7
Chapter 1
Ask F5 Knowledge Base The Ask F5 Knowledge Base provides current and comprehensive documentation for the product, including: Release notes for the BIG-IP system, current and past Updates for guides Technical notes Answers to frequently asked questions To access this site, you must register at https://support.f5.com.
1-8
2
Summarizing 10.x installation and upgrade Performing prerequisite tasks Performing optional tasks
Summarizing 10.x installation and upgrade

All BIG-IP systems include the local traffic management components. You can also obtain the following optional modules: Global Traffic Manager, Link Controller, Application Security Manager, Protocol Security Module, WebAccelerator system, and WAN Optimization Module. You can find additional information about each of these modules in the configuration guide associated with each module. You can install all of these products and modules using a single, unified installation process. There are two types of procedures to follow to prepare the system for installation: Prerequisite tasks, described in Performing prerequisite tasks, on page 2-2 Optional tasks, described in Performing optional tasks, on page 2-10 When you finish the pre-installation tasks described in this chapter, you then complete the installation tasks, which differ depending on your starting point. If you are starting with version 9.6.x or earlier 10.x versions, proceed to Chapter 3, Performing the Installation. If you are upgrading from version 9.3.x or 9.4.x, proceed to Appendix A, Using the image2disk and diskinit Utilities. Finally, you complete the post-installation tasks described in Chapter 4, Completing Post-Installation Tasks, which are the same regardless of your starting point.
2-1
Chapter 2
Performing prerequisite tasks

A basic installation consists of some prerequisite tasks that prepare you for installing the software. These prerequisite tasks are the same, regardless of whether you are installing the software on a system that is already running version 9.6.x or earlier versions of 10.x, or upgrading to version 10.x from version 9.3.x or 9.4.x. These tasks involve: Configuring the management interface, as described in Configuring the management interface, following. Establishing a connection to the system, as described in Establishing a connection to the system, on page 2-4. Setting the active volume, as described in Working with volumes, on page 2-6. Making sure the license is active and updated, as described in Activating the software license, on page 2-8.
Important
If the system on which you are installing is a member of a redundant system configuration, you should review the information in Preparing units in a redundant system configuration, on page 2-13. You might also want to roll forward an archived configuration. This optional task is described in Managing pre-existing configuration files, on page 2-10.
Configuring the management interface

To install software upgrades and perform management tasks on the BIG-IP system, you must use the management interface. When you initially set up the system hardware, you probably configured an IP address, netmask, and default route for the management interface. If you did not, you can use the default settings, or you can use the LCD panel controls to specify settings appropriate to your network. To allow remote connections, the traffic management software comes with a default root account and password and two pre-defined IP addresses. The preferred default IP address is 192.168.1.245. The alternate IP address is 192.168.245.245. The default netmask is 255.255.255.0.
Important
Do not add a self IP address that is on the same network as the management interface. The management interface functions separately from other system functions and cannot share the same network.
2-2
Adding an IP address, netmask, and default route using the LCD panel
You can use the LCD panel on the front of the device to specify a management IP address, a netmask for the IP address, and a default route.
To set the management interface using the LCD panel

1. On the front of the device, press the X button on the LCD panel to put the LCD panel into menu mode. 2. Using the arrow buttons, navigate to the System menu and press the check mark button. 3. Again using the arrow buttons, navigate to the IP Address menu and press the check mark button. 4. Specify the management IP address using the up and down arrow buttons to change each digit, and the left and right arrow buttons to navigate between numbers in the address, and then press the check mark button. 5. Using the arrow buttons, navigate to the Netmask menu and press the check mark button. 6. Enter the netmask for the management IP address, and press the check mark button. 7. If you plan to manage the unit from a different subnetwork, use the arrow buttons to navigate to the Default Route menu and press the check mark button. 8. Using the arrow buttons, navigate to the Commit menu and press the check mark button. 9. Enter your default route using the up and down arrow keys, and press the check mark button. If you do not have a default route, use 0.0.0.0. 10. Using the arrow buttons, navigate to the Commit menu, and press the check mark button. 11. When you see OK blinking, press the check mark button.
Note
If you can establish a connection from your workstation to the management port of the BIG-IP system, you can also run the config command on the command line to run the command line-based Configuration Utility shell to configure an IP address, netmask, and default route for the management interface. The utility shell guides you through the screens for configuring the settings. For more information on establishing management connections, see Establishing a connection to the system, following.
2-3
Chapter 2
Establishing a connection to the system

Before you can install, configure, or manage a BIG-IP system, you must connect the unit to a management workstation or network. There are three ways to attach a management workstation or network to the traffic management system.
Use a serial console You can connect a null modem cable to the port marked CONSOLE on the unit, and access the command line with a terminal emulator. Use the default network to connect to the management interface You can connect a cable to the Ethernet interface labeled Management (MGMT) to remotely access the command line or the browser-based Configuration utility. Use a network IP address that you specify to connect to the management interface You can configure an IP address on the Ethernet interface labeled Management (MGMT) to remotely access the command line or the browser-based Configuration utility.
Connecting with a null modem cable to the serial console

You can use a terminal emulator (through a null modem cable attached to the serial port labeled CONSOLE on the unit) during the installation process, and to configure the management port. To connect through the serial port, you must have a DB9 null modem cable, and a vt100-capable terminal emulator available on a computer in close proximity to the unit you want to configure.
To connect the unit to a terminal emulator

1. Connect the null modem cable to the DB9 port labeled CONSOLE on the unit. 2. Connect the null modem cable to a serial port on the system with the terminal emulator. 3. Start the terminal emulator. 4. Set the emulator to 19200 baud and choose the correct serial device. 5. Turn on the hardware. It may take a moment for the terminal emulator to connect. 6. At the logon prompt, type the default user name, root, and the default password, default.
2-4
Connecting to the management interface using the default network

All BIG-IP systems ship with a default IP address configured on the management interface. You can access the command line and the browser-based Configuration utility through the management port, and configure the unit directly using the default IP address and administrative accounts. You can use this method if you do not need to configure the management interface before you connect to the Configuration utility. The preferred default management IP address is 192.168.1.245. If this IP address is unsuitable for your network, the traffic management software uses an alternate IP address, 192.168.245.245. For command line and serial console access, the default root account name is root and the password is default. The default Configuration utility logon account name is admin, with a default password of admin.
Important
We recommend that you change these defaults to ensure system security.
Configuring a network IP alias for the remote workstation

The remote administrative workstation must be on the same IP network as the BIG-IP system. In the case of the default IP address, that means the administrative workstation must be on the 192.168.x.x IP network. If the workstation is not already on the same network, you must set up an IP alias on your network for your remote workstation.
Note
If you add this alias prior to booting up the BIG-IP system, the unit detects the alias and uses the corresponding IP address. The IP alias must be in the same network as the default IP address you want the system to use. For example, on a UNIX workstation, you might create one of the following aliases. If you want the unit to use the default IP address 192.168.1.245, then add an IP alias to the workstation you want to use to connect to the BIG-IP system, using the following command:
ifconfig exp0 add 192.168.1.1
If you want to use the alternate IP address 192.168.245.245, then add an IP alias such as:
ifconfig exp0 add 192.168.245.1
WARNING
On a system running Microsoft Windows or Windows NT operating system, you must use a static IP address, not DHCP. Within the network configuration, add an IP alias in the same network as the IP address in use on the unit. For information about adding a static IP address on a system running Microsoft Windows, please refer to the vendors documentation.
BIG-IP Systems: Getting Started Guide 2-5
Chapter 2
Determining which default IP address is in use

After you configure an IP alias on the administrative workstation in the same IP network as the BIG-IP system and you turn the system on, the BIG-IP software sends Address Resolution Protocol responses (ARPs) on the management interface to see if the preferred 192.168.1.245 IP address is in use. If the address is appropriate for the network and is currently available, the BIG-IP software assigns it to the management interface. You can immediately use it to connect to the unit and start the Configuration utility. If the alternate network is present on the LAN, 192.168.245.0/24, or if the node address 192.168.1.245 is in use, then the BIG-IP software assigns the alternate IP address 192.168.245.245 to the management interface instead.
Working with volumes

This version of the BIG-IP system software uses the volumes disk-formatting scheme. A specific section of a hard drive is called a volume. Also called logical volume management (LVM), this feature supports all platforms and modules available for the BIG-IP system. The volume holds a complete version of the BIG-IP software. You can create additional volumes to hold additional software versions, and you can delete existing volumes you no longer need. To install the software, you boot to a volume that you do not want to upgrade, to serve as the source. You cannot install to the active volume. LVM labels, disk names, partition and volume indexes, and file system labels are used internally by the disk management system. At any given time, only one volume may be the active partition. The active volume or partition contains the software that runs when you start up or reboot the system. For information on setting the active volume or partition, see Setting the active volume, on page 2-8.
Important
The procedures described in this section assume that the system is using the volumes disk-formatting scheme. If your system is using partitions (the formatting scheme used in previous versions), you cannot use the procedures in this section. Instead, you must use 9.x procedures to manage the partitions. Refer to the appropriate 9.x documentation for those procedures. If the BIG-IP system is not already formatted for volumes, you can use the image2disk utility to format the system drive as you install the software. For information about formatting the system drives, see Formatting for volumes, on page A-4.
2-6
Creating and deleting volumes

You might need to create a new volume to hold a software installation. Or you might have a software installation that you no longer need. You can use the Software Management screens to create and delete volumes.
WARNING
Do not use the Software Management screens to create or delete partitions. Doing so can result in an unstable condition. If you accidentally deleted HD1.1 on a partitioned system and the system has become unusable, you can reboot the system, or run the bigstart restart command on the command line to return the system to an operational state. If you need to reformat a system drive, you can use the image2disk utility. For more information, see Formatting for volumes, on page A-4.
To create a new volume

1. On the Main tab of the navigation pane, expand System, and click Software Management. The Software Management screen opens. 2. On the menu bar, click Volume Management. The Volume Management screen opens. 3. Click the Create button The Create Volume screen opens. 4. In the Volume Set box, type the name of the volume. 5. Click Finished. The progress alert displays, letting you know that the operation might take several minutes. 6. Click OK to create the new volume.
To delete an existing volume

1. On the Main tab of the navigation pane, expand System, and click Software Management. The Software Management screen opens. 2. On the menu bar, click Volume Management. The Volume Management screen opens. 3. Check the box next to the volume to delete. 4. Click Delete. The Confirm Delete screen opens. 5. Click Delete to delete the volume.
2-7
Chapter 2
Setting the active volume

One volume always serves as the active volume. The active volume contains the software that runs when you start up or reboot the system. You can use the Software Management screens to specify the active volume. When you install, you boot into the volume to serve as the installation source.
To set the active volume

1. On the Main tab of the navigation pane, expand System, and click Software Management. The Software Management screen opens. 2. On the menu bar, click Boot Locations. The Boot Locations screen opens. 3. Click the link representing the volume to make active. The properties screen opens for that volume. 4. Click Activate. The system presents a confirmation dialog box, letting you know that the action will boot into that location. 5. Click OK to boot into the location you specified.
Note
If there is an active installation occurring on the volume, the system waits until the installation operation completes before rebooting.
Activating the software license

After you configure the management interface, as described in Configuring the management interface, on page 2-2, you can access the browser-based Configuration utility through the management port, and activate the license. To install new versions of BIG-IP system software, you must have an active and updated license. An active and updated license contains a valid service check date for the system software release you plan to install and run. During installation and initialization, the system verifies the software release check date in the software against the service check date in the license file on your system.
Important
Always make sure you have activated or reactivated your software license before beginning any upgrade. Otherwise, installation may not complete as you expect. To activate the license for the system, you must have a base registration key. The base registration key is a 27-character string that lets the license server know which F5 products you are entitled to license. The base registration key is preinstalled on your system.
2-8
If the system is not yet licensed, the Configuration utility prompts you to enter the base registration key. You enter keys for additional modules using settings in the Add-On Registration Key List area of the License screen. If you do not already have a base registration key, you can obtain one from the sales group (http://www.f5.com).
To activate or update a license

1. Open a web browser on a work station attached to the network on which you configured the management port. 2. Type the following URL in the browser, where <IP address> is the address you configured for the management port (MGMT):
https://<IP address>/
3. At the password prompt, type the default user name, admin, and the default password, admin, and click Log in. The Configuration utility opens. If this is the first time you have run the Configuration utility, the system presents the Licensing screen of the Setup utility. If this is not the first time you have run the Configuration utility, the system presents the Welcome screen. 4. To begin the licensing process, click Activate (or Re-activate, if you are reactivating the license). The Activate License screen opens. 5. Follow the on-screen prompts to license the system.
For additional information during the procedure, click the Help tab of the navigation pane.
Note
You can update the license at any time by using the options that are available using the License options of the System section of the Main tab of the navigation pane. Although the license you receive from F5 Networks determines what additional software modules the BIG-IP system can support, you must allocate CPU, memory, and disk space to make any modules visible and to ensure that they can function as they should in your configuration. This process of assigning CPU, memory, and disk space is called provisioning. For information on how to provision the software modules after you finish installing the software, see Provisioning TMOS modules, on page 4-8.
2-9
Chapter 2
Performing optional tasks

This section describes the optional tasks that you may perform to prepare the system for software installation. You need to perform these tasks if they are applicable to your configuration. The optional tasks are: Managing pre-existing configuration files, following Preparing units in a redundant system configuration, on page 2-13
Managing pre-existing configuration files

If you have a BIG-IP system that is already configured with elements such as profiles and monitors, self IP addresses, VLANs, and so on, you can preserve that configuration when you install or upgrade. This is called rolling forward a configuration. When you install, the system uses the previously archived user configuration set (UCS) file in the /var/local/ucs directory on the source installation location to update the configuration on the installation destination. You should copy the UCS archive to a secure, remote location as a recovery strategy in case the upgrade does not perform as you expect.
Important
Make sure the license on the source installation location is valid before you archive a configuration. This helps prevent accidental installation of an invalid license over a valid one when you roll forward a UCS archive.
Note
The hostname in the UCS archive must match the host name of the system to which you are installing for roll-forward to complete successfully.
Archiving a configuration
Before you archive the current configuration, you should make sure the existing configuration contains no unnecessary elements, such as nonworking virtual servers or users who should no longer have access to the system. Once you remove all unnecessary elements, make sure to save your configuration. The system does not roll forward unsaved portions of configurations. In the browser-based Configuration utility, each change of a page saves the configuration. So to ensure that the system saves all of your configuration settings, in the navigation pane, expand Overview, and click Welcome. This takes you to the Welcome screen and saves the configuration.
Note
In order to roll-forward a pre-9.4.3 configuration, you must manually create the config.ucs archive before starting the installation. To save the configuration, run the command b config save /config.ucs at the command line, and then remember to copy the archive to a secure, remote location.
2 - 10
To archive a configuration
1. On the Main tab of the navigation pane, expand System, and click Archives. The Archive List screen opens. 2. On the upper right portion of the screen, click the Create button. The New Archive screen opens. 3. For the Name setting, type a name for the archive. The system adds a .ucs extension. 4. If you want to encrypt the archive, enable encryption, and specify whether you want to include private keys in the archive. 5. To start the archiving operation, click the Finished button. 6. Copy the UCS archive to a secure, remote location.
You should always maintain the UCS archive remotely as a recovery strategy in case the upgrade does not perform as you expect.
Understanding configuration file differences

BIG-IP system software has a feature called the single configuration file (SCF). A single configuration file (SCF) is a flat, text file that contains a series of bigpipe commands, and the attributes and values of those commands, that reflect the entire configuration of one BIG-IP system. Specifically, the SCF contains the local traffic management and operating system configuration of the BIG-IP system. An SCF is useful when you want to configure a new BIG-IP system. Typically, this involves using the bigpipe export command to create an SCF of one systems configuration, and then using the bigpipe import command to install the configuration on another system. In this way, you can propagate the exact configuration of one BIG-IP system to other BIG-IP systems. For details on creating and using a single configuration file, see the import and export command descriptions in the Bigpipe Utility Reference Guide. The SCF file is not the same as the user configuration set (UCS) archive. A UCS archive is a compressed file that contains all the configuration files (*.conf) that make up a systems configuration. You use the SCF strictly to manually transfer configuration information to a new BIG-IP system. You create a UCS for archival purposes, and to preserve a configuration for upgrade. The system uses the archived UCS on the active volume or partition to roll forward configurations during software installation operations. You can find more information on the UCS archive in the TMOS Management Guide for BIG-IP Systems.
2 - 11
Chapter 2
Upgrading the SCF

There have been many changes to configuration formats since the version 9.3.x and 9.4.x releases, and the configuration roll-forward process handles most of those format changes to the UCS for you. However, because the installation process rolls forward the archived UCS, not the SCF, the process does not apply the formatting changes to the SCF. If you have an SCF that contains older formatting (that is, from version 9.3.x or 9.4.x), loading one of your existing SCF files might raise a syntax error. In that case, you can upgrade and then create a new SCF, or you can modify the old SCF directly before you manually transfer the configuration to a 10.x system. Creating an upgraded SCF is the recommended upgrade path. For more information, search for "SCF file" in the Ask F5SM Knowledge Base, at https://support.f5.com.
To upgrade the SCF

1. Log on to the command line using an account with administrative permissions. 2. At the command line, type the following command:
b import <saved_filename.scf>
3. Install the new software by completing the tasks described in Chapter 3, Performing the Installation. 4. Once the installation is finished, at the command line, type the following command:
b export <upgraded_filename.scf>
Now you can apply the upgraded SCF to other BIG-IP systems. F5 Networks also recommends that you archive the configuration to a UCS archive, and copy the UCS archive to a secure, remote location. For information on archiving the configuration, see Archiving a configuration, on page 2-10.
Copying the configuration

You can use the cpcfg utility to copy the running configuration from one installation location to another. This is a quick way to update an offline location to the latest configuration, and is useful when applying hotfixes, where the configuration and license are not applied to the target. The operation replaces the configuration on the target. The destination for the copy operation must represent an installation location that is not currently active, and that contains a configuration older than the source.
2 - 12
To copy the running configuration

1. On the source, log on to the command line using an account with administrative permissions. 2. Type the following command:
cpcfg source=<source> <destination>
If you do not specify a source, the operation uses the configuration from the active installation location. For example, to copy the active configuration from HD1.3 to HD1.1, if you are logged on to HD1.3, you run the following command:
cpcfg HD1.1
Preparing units in a redundant system configuration

If you are working with a redundant system configuration, you should be aware of these requirements. For the failover process to complete successfully, each unit in the redundant system must be the same type of hardware, and must be running the same software version. For a redundant system configuration, you must log on and install the software first on the standby unit. Once the installation on the standby unit is satisfactory, complete the upgrade on the active unit. Also on a redundant system, you might want to turn off connection mirroring. During the reboot after installation finishes, the system necessarily drops mirrored connections.
Note
For information about working with redundant system configurations, synchronizing configurations, and mirroring connections, see the TMOS Management Guide for BIG-IP Systems.
2 - 13
Chapter 2
2 - 14
3
Introducing the installation process Downloading and importing the installation file Starting the installation Rebooting the system
Introducing the installation process

Once you have completed the pre-installation tasks outlined in Chapter 2, Preparing the System for Installation, you are ready to download the installation image, install the software, and reboot the system. The installation tasks required depend on what software version you are starting with on your BIG-IP system. For systems running software version 10.x, you accomplish tasks using the Software Management screens. To access the Software Management screens, in the navigation pane of the Configuration utility, expand System, and click Software Management. Then you can complete the tasks described beginning in the section Downloading and importing the installation file, on page 3-3.
Upgrading from 9.6.x or earlier versions of 10.x

If the BIG-IP system is already running version 9.6.x or earlier versions of 10.x that use the logical volume management (LVM) hard-disk formatting scheme, you can use the Software Management screens in the Configuration utility for installation and upgrading, or you can install and upgrade the software using the command line.
Using Software Management screens

The Software Management screens provide a broser-based method for installing the version 10.x software. To open the Software Management screens, in the navigation pane of the Configuration utility, expand System, and click Software Management. Then you can complete the tasks described beginning in the section Downloading and importing the installation file, on page 3-3.
WARNING
Do not use the Software Management screens to add or delete partitions. Doing so can result in an unstable condition. You should only use the Software Management screens to add or delete volumes. If you accidentally deleted HD1.1 on a partitioned system and the system has become unusable, you can reboot the system, or run the bigstart restart command on the command line to return the system to an operational state.
3-1
Chapter 3
Using b software commands

The b software commands provide a command line method for installing the version 10.x software.
WARNING
Do not use the b software commands to add or delete partitions. Doing so can result in an unstable condition. You should only use the b software commands to add or delete volumes. If you accidentally deleted HD1.1 on a partitioned system and the system has become unusable, you can reboot the system, or run the bigstart restart command on the command line to return the system to an operational state. You can find information about the b software commands in the man page for the command, available at the command line by typing man software.
Upgrading from version 9.3.x or 9.4.x

To upgrade from software version 9.3.x or 9.4.x, you must use the command line to download and copy over the installation image, run the im command to copy over the image2disk upgrade installation utility, and run the image2disk command to install the software. For information about using this process, see Appendix A, Using the image2disk and diskinit Utilities.
Important
F5 Networks recommends using the image2disk utility for all installation operations on systems formatted using the hard-drive partition scheme.
Upgrading from software versions earlier than 9.3.x

You cannot upgrade directly to version 10.x from BIG-IP version 4.x or from BIG-IP versions 9.0.x through 9.2.x. You must perform an indirect upgrade, by first installing software version 9.3.x or 9.4.x, and then following the process for upgrading to version 10.x from version 9.3.x or 9.4.x. For details about upgrading to version 9.3.x or 9.4.x, see the release notes for the associated release.
3-2
Downloading and importing the installation file

Before you can install the software, you must download the installation file. You can download the ISO installation image file from the F5 Networks Downloads site, https://downloads.f5.com. Once you have downloaded the installation file, you must import it to the BIG-IP system. Initiating an installation operation requires that the installation file is available to the BIG-IP system in a specific location: the /shared/images directory. The Software Management screens take care of importing the file to the correct location.
To import the downloaded installation file

1. On the Main tab of the navigation pane, expand System, and click Software Management. The Software Management screen opens. 2. In the middle-right area of the screen, click Import. The Import Software Image screen opens. 3. Click Browse to navigate to the downloaded installation file. 4. Once the image name appears in the Software Image box, click Import to begin the operation. The system presents a progress indicator during the operation. 5. Wait while the system imports the software installation image. The system presents a message when the operation is complete.
Important
If you navigate away from this screen before the operation completes, the system might not import the image successfully. Therefore, we recommend that you wait for the operation to complete before continuing with any other work on the BIG-IP system.
3-3
Chapter 3
Starting the installation

Once you download the software installation image and import the software image to the /shared/images directory on the BIG-IP system, you can initiate an installation operation. The destination you specify for installation must represent a hard drive volume or partition on the BIG-IP system.
WARNING
You cannot install to a CompactFlash media drive. Attempting to do so halts the installation operation.
Important
In order to install the software successfully, there must be at least minimal disk formatting on the system drives. If the BIG-IP system does not meet this requirement, you can use the diskinit utility to format the drive. For more information, see Recovering blank or damaged hard drives, on page A-7.
To install the software

1. On the Main tab of the navigation pane, expand System, and click Software Management. The Software Management screen opens. 2. From the Available Images column, click the link representing the software image you want to install. The image properties screen opens. 3. In the Installation Targets column, check the box associated with the location where you want to install. 4. Click Install. The installation confirmation screen opens. 5. To begin the installation operation, click Install. The installation status screen opens. 6. To watch the progress of the installation operation, click the Refresh button, or specify a value for the Auto Refresh setting.
The upgrade process installs the software on the inactive installation location that you specify. This process usually takes between three minutes and seven minutes.
Tip
If there is a problem during installation, you can use log messages to troubleshoot a solution. The system stores the installation log file as /var/log/liveinstall.log.
3-4
Rebooting the system

When the installation operation is complete, the system removes the refresh options. When that occurs, you can safely reboot into the newly installed volume or partition.
To reboot the system

1. On the Main tab of the navigation pane, expand System, and click Software Management. The Software Management screen opens. 2. On the menu bar, click Boot Locations. The Boot Locations screen opens. 3. In the Boot Partition column, click the link representing the boot location you want to activate. The Boot Location properties screen opens. 4. Click Activate. A confirmation screen opens. 5. Click OK to initiate the reboot operation. The system presents progress messages during the restart operation.
When the operation is complete, the system presents the logon screen. To configure the system, log on using an account that has administrative permissions. When the system finishes rebooting, you can continue with the post-installation tasks, as described in Chapter 4, Completing Post-Installation Tasks.
Important
You will not have access to certain software features and functionality until you complete the post-installation tasks.
3-5
Chapter 3
3-6
4
Understanding system configuration Running the Setup utility Provisioning TMOS modules Completing system configuration
Understanding system configuration

Now that you have installed the software on the BIG-IP system, you are ready to configure the system. If you rolled forward a configuration from a previous software version, you can modify settings and properties of existing objects using the command line or the Configuration utility. If you are starting with a blank configuration, the first step after installation is running the Setup utility, which you must run initially from the Configuration utility. When you access the Configuration utility, you specify the management IP address as the application URL. If you have not yet configured your workstation for access to the BIG-IP system through the management interface, see Configuring the management interface, on page 2-2.
To access the Configuration utility

1. Open a web browser on a workstation connected to either: The same IP network as the management interface IP address The management interface IP address you configured in Adding an IP address, netmask, and default route using the LCD panel, on page 2-3 2. In the browsers address bar, type the following URL, where <default/alternate IP> is the IP address in use on the management interface IP address (as discovered in Determining which default IP address is in use, on page 2-6).
https://<default/alternate IP>
3. At the logon prompt, type admin for the user name, and admin for the password (or, if you changed these, use the values you specified). The Configuration utility opens.
4-1
Chapter 4
Running the Setup utility

Once you open a browser session to the Configuration utility, you can log on and run the Setup utility to begin the initial configuration of the BIG-IP system. The Setup utility covers basic networking configuration options such as system host name and IP address, static and floating self IP addresses, interfaces, and VLANs, time zone setting, administration accounts for root access to the command line and admin access to the Configuration utility, and other basic options for managing the device. The Setup utility guides you through initial system set up, including specifying a root password, administrative password, and the IP addresses to be assigned to the management port. You can run the Setup utility from the Configuration utility Welcome screen by clicking Run the Setup Utility. The Configuration utility opens to one of several locations, depending on where you are in the process of installation and licensing: If the license on the system is updated, the system opens to the Setup utility choices screen. For information on configuring the system using the Setup utility, see Specifying settings in the Setup utility, on page 4-3. If you need to update the license on the system, the system opens to the Licensing screen. For more information, see Activating the software license, on page 2-8. If you have completed installation, and you previously ran the Setup utility, the system opens to the Welcome screen. From here, you can provision the modules you have licensed (see Provisioning TMOS modules, on page 4-8), or, if you have already completed provisioning, you can continue with additional system configuration (see Completing system configuration, on page 4-11).
Important
Even if you typically use the command line to configure, you must first run the Setup utility from the browser-based Configuration utility before you can begin.
Preventing the Setup utility from running automatically

When you install the software or upgrade a version, you might already have an active license. If so, you can proceed to configure everything from the command line without ever accessing the Configuration utility. The first time you access the Configuration utility, however, the system starts the Setup utility, even if you have already configured all of the network settings the Setup utility needs. You can prevent the system from starting the Setup utility by setting a db key.
4-2
To prevent the system from running the Setup utility

1. Log on to the command line of the system using the root account. 2. Run the following command:
b db setup.run false
Note
If you have not already activated the license, you must use the browser-based Configuration utility to run the Setup utility to license the system for the first time. In that case, the system starts the Setup utility when you access the Configuration utility for the first time. For information about activating the license, see Activating the software license, on page 2-8.
Specifying settings in the Setup utility

When you run the Setup utility, you set up some administrative accounts. Specifically, you set up the root, admin, and support accounts. The root and admin accounts are for use by BIG-IP system administrators, while the support account is for F5 Networks support personnel who require access to customer systems for troubleshooting purposes. For more information about these administrative accounts, see the TMOS Management Guide for BIG-IP Systems. In addition to administrative accounts, the Setup utility guides you through the process of specifying other basic networking settings, such as the management IP address and port, the host name for the system, and settings for redundant system configurations. You can also elect to provide default VLAN information, or you can skip that step and configure those options on your own.
Note
As you proceed through the Setup utility, you can click the Help tab of the navigation pane for information about the settings on each screen.
Configuring basic management settings

After you have activated the license on the system, the Configuration utility prompts you for the basic configuration information for managing the system. This required information includes the following settings. Management interface settings such as the IP address, netmask, and default gateway Host IP address Host name High availability settings Time zone
BIG-IP Systems: Getting Started Guide 4-3
Chapter 4
User administration settings, such as the Root and Admin account passwords Support access and password settings SSH access and IP address range settings A basic description for each setting follows, to assist you in specifying settings on the Setup platform settings screen. You can also view the online help for setting definitions.
Note
Depending on the hardware you have and the settings you configure, you may see only some of the screen elements described here.
Management Port/Cluster IP Address

The management IP address, netmask, and management route that you assign to the unit (or cluster, on a multi-bladed chassis) provide access to the Configuration utility, and function as an identifier for the peer unit in a redundant system configuration. The preferred default IP address is 192.168.1.245. The alternate IP address is 192.168.245.245. The default netmask is 255.255.255.0. If you already specified the management interface IP address (for example, by using the procedure described in Adding an IP address, netmask, and default route using the LCD panel, on page 2-3, or by using the config command on the command line), you do not need to do so again.
Host name
This is the name of the system. You must enter a fully qualified domain name (FQDN) for the system. This field allows only letters, numbers, and the characters underscore ( _ ), dash ( - ) and period ( . ).
Host IP address
The host IP address is the IP address that you want to associate with the host name. You can select Use Management Port IP Address to associate the host name with the management port's IP address. This is the default setting. Select Custom Host IP Address to type an IP address other than the management port's IP address.
4-4
High availability
A high availability system, or redundant system, consists of two units or blades that share configuration information, and serve as failover peers. If the system you are configuring is not a member of a redundant system, select Single Device. If the system is a member of a redundant system, select Redundant Pair.
Important
Beginning with version 10.0.0 of the software, a redundant system configuration must contain failover peer management addresses for each unit. If you roll forward a redundant system configuration from version 9.3.x or 9.4.x, the units start up in an offline state because each one needs a failover peer management address. To configure the failover peer management addresses, navigate to the Network Failover screen, available under High Availability on the System menu in the navigation pane, and specify the management IP address of the peer unit in the Peer Management Address field. Then do the same on the other unit in the redundant system. Once you specify both IP addresses, the system should operate as expected.
Note
In a redundant system that consists of two units, both units must be the same hardware platform. We do not support redundant systems consisting of differing hardware. For information about using VIPRION systems, see the Configuration Guide for the VIPRION System.
Unit ID
This setting identifies a member in a redundant system. The default number is 1. If this is the first member in the redundant system, use the default. When you configure the second member in the redundant system, select 2. The system uses these settings to determine which member becomes active first, should both peers come online simultaneously.
Time zone
The time zone you select typically represents the location of the system. However, some networks specify a time zone to accommodate a more international aspect of the organization, such as Greenwich Mean Time (GMT), or the time zone representing the corporate headquarters. The system uses the time zone for the date and time of events recorded in logs.
Note
If you change the time zone, we recommend that you reboot the system to ensure that all of the services are in sync. If you do not reboot, it does not affect traffic or management functionality, but there is a possibility that some timestamps might be logged or displayed incorrectly, depending on which service has been restarted and which has not.
4-5
Chapter 4
Root account
The root account provides only console access to this system. Type the password for the built-in account, root. In the Confirm box, retype the password that you typed in the Password box. If you mistype the password confirmation, the system prompts you to retype both entries.
Admin account
The admin account provides only browser access to the system. Type the password for the built-in account, admin. In the Confirm box, retype the password that you typed in the Password box. If you mistype the password confirmation, the system asks you to retype both entries.
Support account
This setting enables the built-in account, support, for access to the system's command line and browser interface. If you activate the account, you must also supply a password and password confirmation. The technical support staff uses the support account to analyze the system if you need assistance with troubleshooting issues.
SSH access
You can use this setting to enable SSH access to the BIG-IP system.
SSH IP allow range

If you have enabled SSH access, you can specify the IP address or address range for other systems that can use SSH to communicate with the system. To grant unrestricted SSH access to all IP addresses, select *All Addresses. To specify a range, select Specify Range, and then type an address or address range in the box, to restrict SSH access to a block of IP addresses. For example, to restrict access to only systems on the 192.168.0.0 network, type 192.168.*.*.
Configuring traffic management settings

Once you have licensed the system, and configured the basic management settings, the configuration options screen opens in the Configuration utility. The configuration options screen contains two options for creating the traffic management configuration.
Basic Network Configuration This configuration method starts the basic network configuration wizard. When you click the Next button, the wizard guides you through a basic network configuration that includes an internal and external VLAN, and interface configuration.
4-6
Advanced Network Configuration If you already know the types of configurations you want to create, you can click the Finished button to exit the Setup utility. Use this configuration method when you want to create a custom VLAN configuration. If you use this method, after you click the Finished button, open the Network section on the Main tab of the navigation pane. The Network section provides access to the objects you commonly configure for traffic management, such as interfaces, routes, self IP addresses, VLANs, and so on.
Note
You can update the network configuration at any time by using the options that are available under the Network section on the Main tab of the navigation pane.
4-7
Chapter 4
Provisioning TMOS modules

The license you receive from F5 Networks determines what software modules the BIG-IP system can support. The license ensures that you can activate all software modules you have purchased. An F5 license is applicable for the life of the system, or until you reactivate it, for example, by purchasing additional modules. The modules available for this version of the software include Local Traffic (LTM), Global Traffic (GTM), Link Controller (LC), Application Security (ASM), Protocol Security (PSM), WebAccelerator (WAM), and WAN Optimization (WOM). When you have multiple modules on a BIG-IP system, you must portion CPU, memory, and disk space among the modules to make the modules functional. This process of assigning CPU, memory, and disk space to licensed software modules is called provisioning. Provisioning and licensing work together to make sure that software modules are accessible and appropriately provided with system memory and disk space. You can determine which modules your license supports by checking the License screen, available in the System section on the Main tab of the navigation pane. If you have a license for a module that you have not provisioned, the system posts an alert in the identification and messages area of the Configuration utility: Licensed yet unprovisioned: <modulename>, to let you know that you do not have provisioning specified for that module.
Important
Some modules require that you provision CPU, memory, and disk space before they are visible in the Configuration utility. If you do not see a module that you have licensed, first check to make sure you have provisioned CPU, memory, and disk space for it.
Understanding Resource Provisioning settings

The system provides provisioning settings on the Resource Provisioning screen, available in the System section on the Main tab of the navigation pane. When you click Resource Provisioning, the system presents a screen containing a color graph representing the current allocations for CPU cycles, system memory, and disk space (if the system uses Logical Volume Management (LVM) formatting), along with a section representing each module installed on the system. Each module has associated with it a unique color, which the allocation graph uses to visually represent the modules CPU, memory, and disk provisioning. The system designates unlicensed modules with an (Unlicensed) label. The system also uses the (Unlicensed) label to represent modules whose licenses have expired.
4-8
Figure 4.1, following, shows a sample screen representing a system provisioned for Local Traffic Manager, Application Security Manager, and the WebAccelerator system.
Figure 4.1 Resource Provisioning screen
Specifying provisioning levels

For each module, you can specify one of the following provision levels: Dedicated, Nominal, Minimum, None (Disabled). The Dedicated setting specifies that this is the only active module. If you select the Dedicated setting for one module, the system resets other modules to the None (Disabled) setting. The Dedicated provisioning setting is primarily applicable for Application Security Manager and WebAccelerator systems installed in standalone configurations, that is, when a system contains no other installed modules, including Local Traffic Manager.
4-9
Chapter 4
The Nominal setting allocates CPU, memory, and disk space in a way that is applicable for most typical configurations. The Minimum setting allocates the smallest amount of CPU, memory, and disk space to the corresponding module. The None (Disabled) setting indicates that there is no allocated CPU, memory, or disk space. When you select the None (Disabled) setting, the system allocates no CPU, memory, or disk space to the module. This is a typical setting for unlicensed modules. Depending on what you select or change, the system might require a reboot after provisioning or deprovisioning a module. You can provision modules for which you are not licensed. This enables you to configure the system prior to obtaining a license. When you provision modules you are not licensed for, the system posts an alert in the identification and messages area of the Configuration utility: Provisioned yet unlicensed: <modulename> to let you know that you do not have a valid license for that module.
Important
If you provision CPU, memory, and disk space to a module whose license later expires, the system does not automatically reallocate that CPU, memory, and disk space. You should make sure to reprovision any CPU, memory, and disk space from modules with expired licenses to other modules whose licenses are currently active.
WARNING
When provisioning multiple modules, you must provision the WAN Optimization Module last. WAN Optimization Module uses all of the free disk space remaining on the system, so provision all other modules first.
Understanding rolling forward and provisioning

If you roll forward a configuration containing a licensed module, the system provisions the module at level Nominal. If you have more than one module licensed, the system provisions them all at level Nominal. If you are rolling forward a standalone configuration of Application Security Manager (available only on a BIG-IP 4100) or the WebAccelerator system (available only on a BIG-IP 4500), the system uses the Dedicated provisioning level for the standalone module, and removes provisioning from all other modules, including Local Traffic Manager.
Important
If you are installing a license, but you are not rolling forward a configuration, the system does not provision any CPU, memory, or disk space. In order to see and access new modules you install, you must provision them first.
4 - 10
Completing system configuration

Once you finish running the Setup utility for the first time, and you provision any modules, you can continue configuring the system. For information about how to configure the BIG-IP system, you can reference the online help, available on the Help tab for each screen, and the associated guides, available in the Ask F5SM Knowledge Base, at https://support.f5.com. We recommend that you start with the TMOS Management Guide for BIG-IP Systems. Each module has an associated configuration guide, which we recommend that you review. For example, if you are running the WAN Optimization Module, you should review the Configuration Guide for the BIG-IP WAN Optimization Module.
Note
If you rolled forward a configuration, you should check to make sure that the configuration contains all of the objects you expect. In general, the upgrade process takes care of this for you, but you should always check to make sure the configuration contains all objects and settings you expect. For example, if you roll forward a configuration that contained the WebAccelerator system, the system presents the following message after the installation operation finishes: The WAM configuration being restored is version 9.4.3 but the current installation is version 10.0.0. The restored 9.4.3 WAM config files may require manual merging if they had been customised, and will NOT overwrite the 10.0.0 files. If your configuration had not been customised no merge is required.
4 - 11
Chapter 4
4 - 12
A
Introducing the image2disk and diskinit utilities Upgrading version 9.3.x or 9.4.x systems Recovering the system using image2disk Recovering blank or damaged hard drives
Introducing the image2disk and diskinit utilities

The image2disk utility performs software installation operations for installing this version of the software. You use the image2disk utility in the following situations: For installation on a system where you want to preserve a 9.3.x or 9.4.x version alongside version 10.x To convert version 9.3.x and 9.4.x systems to version 10.x systems For disaster-recovery operations in the event that the BIG-IP system configuration becomes corrupted To convert from one type of disk management style to another (that is, from partitions to volumes, or vice versa) The diskinit utility performs low-level hard-drive formatting. You can use the diskinit utility to first format the systems physical hard drives before you run the image2disk utility to install the software. You use the diskinit utility in the following situations: To repair low-level hard-drive formatting errors To convert from version 9.3.x and 9.4.x partitioning to version 10.x volumes hard-drive formatting, without also installing the software
Note
The image2disk utility also formats the hard drive unless there are formatting errors on the disk, in which case you must first run the diskinit utility.
A-1
Appendix A
Upgrading version 9.3.x or 9.4.x systems

If you plan to install this version of the software onto a BIG-IP system that is currently running version 9.3.x or 9.4.x, you must perform a one-time upgrade procedure to make your system ready for the 10.x installation process. During the upgrade process, you can choose to preserve the version 9.3.x or 9.4.x software alongside version 10.x, or completely replace the version 9.3.x or 9.4.x software with version 10.x.
Preparing for system upgrade

All of the preparatory installation tasks for upgrading from version 9.3.x or 9.4.x are the same as those for using the Software Management screens to upgrade from version 9.6.x or earlier versions of 10.x. Before you start the system installation, ensure that the system meets the requirements listed in the information in Performing prerequisite tasks, on page 2-2, and then continue with Performing system upgrade, following.
Performing system upgrade

Once you complete the prerequisite tasks described in Performing prerequisite tasks, on page 2-2, you can continue with the process that preserves version 9.3.x and 9.4.x alongside version 10.x. This set of tasks is unique to 9.3.x or 9.4.x upgrade. Downloading the installation file, following. Installing the image2disk upgrade utility, on page A-3. Starting the installation, on page A-3. Formatting for volumes, on page A-4. Rebooting after installation, on page A-5.
Important
You cannot use the image2disk utility to install verion 10.x to BIG-IP systems running version 9.2.x or earlier. You must first upgrade to version 9.3.x or 9.4.x. For information on upgrading, see the release notes for the associated software.
Downloading the installation file

Before you can install the software, you must download the installation file. You can download the ISO installation image file from the F5 Networks Downloads site, at https://downloads.f5.com.
A-2
Once you have downloaded the file, use a copy utility applicable to your operating system to copy the ISO image to the /shared/images directory on the BIG-IP system.
Important
If your system does not already have this directory, you must create it. If you create the directory, make sure to use the exact name /shared/images.
Installing the image2disk upgrade utility

To complete an upgrade from version 9.3.x or 9.4.x, you must have the upgrade utility on your system. The ISO installation file that you downloaded in the previous task, Downloading the installation file, contains the upgrade utility. You can copy the upgrade utility to your system from the command line by typing the following command:
im <downloaded_filename.iso>
The process copies over the image2disk installation utility, and then presents a status message, which lets you know that the im command is no longer supported, and tells you how to proceed.
Starting the installation

To complete an upgrade from version 9.3.x or 9.4.x, you specify the number representing the installation location to upgrade and the name of the downloaded .iso file. The following example shows the command to run.
To start the installation

image2disk --instslot=HD<slot_number> <downloaded_filename.iso>
The upgrade process installs the software on the inactive installation location (--instslot) that you specify. This process usually takes between three minutes and seven minutes. You can find more information about image2disk commands in the man page for the utility, available at the command line by typing man image2disk. You can also run the command image2disk -h on the system command line to get command line help for the image2disk utility.
A-3
Appendix A
Formatting for volumes

When you prepare to install the 10.x software, you must decide whether you want to format the systems hard drive as volumes, or leave the drive formatted as partitions. If you plan a configuration that consists solely of 10.x software, we recommend that you use the volume disk-formatting scheme. If you plan to retain a 9.x version of the software on the BIG-IP system, however, you must use the existing formatting scheme. One advantage of using volumes is that you can create multiple volumes to maintain several versions of 10.x software. The other advantage to having multiple volumes is that module products might utilize a specific volume for caching or for another purpose. You can use the image2disk utility to convert from one type of disk management style to another (that is, from partitions to volumes, or vice versa), as you install the software. Also called logical volume management (LVM), volumes are supported on all platforms and modules supported version 10.x. If you plan a configuration that consists solely of 10.x software, we recommend that you use the volume disk-formatting scheme.
WARNING
When you run the image2disk utility with the --format command to convert partitions to volumes, the operation removes all partitions or volumes, along with all data on the system.
Important
If you plan to retain a 9.x version of the software on the BIG-IP system you must use the existing partitions formatting scheme.
To format the disk for volumes

1. Log on to the command line of the system using the root account. 2. Type the command that represents the operation you want. To format for volumes and migrate the active configuration to the destination location, run the following command:
image2disk --instslot=HD1.2 --format=volumes BIGIP-10.0.0.123.0.iso
To format for volumes and preserve the configuration of the installation destination, run the following command:
image2disk --instslot=HD1.2 --nomoveconfig --format=volumes BIGIP-10.0.0.123.0.iso
A-4
Rebooting after installation

Once the installation process completes, you can reboot the system to check that the upgrade completed successfully. To do so, run the switchboot utility, boot to the installation location you upgraded, and check that your configuration appears as you expect. The following example shows the command to run.
switchboot -b <installation_location> reboot
The system reboots to the installation location you specify.
Completing post-installation tasks

Once the reboot operation is complete, you can continue with post-installation tasks. You might also want to review information in the section Understanding system configuration, on page 4-1, for instructions on how to access the Configuration utility so you can complete these post-installation tasks. Here are the post-installation tasks you should complete: Run the Setup utility Provision TMOS modules Complete the system configuration You can find procedures for each of these tasks, starting with Running the Setup utility, on page 4-2.
A-5
Appendix A
Recovering the system using image2disk

If the configuration becomes corrupted or unusable, and you can no longer access the Configuration utility or run the b software commands for installation purposes, you can run the image2disk utility to perform an installation. The steps are the same as those you use for upgrading from version 9.3.x or 9.4.x to version 10.x. For information, see the sections in Performing system upgrade, on page A-2.
Important
The image2disk utility cannot run if the system hard drive contains low-level formatting errors. For information about the hard-drive recovery process, see Recovering blank or damaged hard drives, following.
A-6
Recovering blank or damaged hard drives

For the image2disk utility to function properly, there must be at least minimal partitioning on the system hard drives. The image2disk utility is not designed to repair low-level hard drive formatting issues, which might occur for one of the following reasons: The hard drive might be completely blank, as occurs when a system is returned from F5 Networks after RMA. The hard drive might be unreadable and need formatting. A rare, failed re-partitioning action might have left the hard drive in an unreadable state. For low-level hard-drive formatting. You can use the diskinit utility to first format the systems physical hard drives before you run the image2disk utility to install the software.
Preparing the system to run the diskinit utility

In order to run the diskinit utility, the system drives cannot be active. That means that you must boot the system into the Maintenance Operating System (MOS). When you initially run the image2disk utility to install the 10.x software, the installation process places an updated MOS on the system.
Note
If you have not yet installed the version 10.x software, you can boot from a bootable thumb drive. For information about creating a bootable thumb drive, see Appendix B, Creating a Bootable USB Thumb Drive. You can also boot from a bootable CD-ROM that you have created.
To boot into the MOS using mosreboot

mosreboot
The system reboots to the MOS, which runs in RAM. You can then run the diskinit utility to format the system drives.
A-7
Appendix A
Running the diskinit utility

Once you are booted into the MOS, you are ready to run the diskinit utility to completely erase the contents of the system hard drive and reformat using the disk formatting method you specify. If you plan to use exclusively 10.x versions of the software, F5 Networks recommends that you use the volumes style of disk formatting. If you plan to maintain version 9.x software, you must use the partitions style of disk formatting. For more information about which disk formatting style to specify for the diskinit command, review information in Formatting for volumes, on page A-4.
WARNING
Running the diskinit command removes all information on the system hard drive. If that is not what you intended, do not proceed with the operation.
WARNING
If you omit the -style option in the following procedure, the disk reformatting operation removes all file systems and volumes from all hard drives and does not create any new ones, This is not a typical operation, and F5 Networks does not recommend it.
To run the diskinit utility

1. Log on to the command line using an account with administrative permissions. 2. Run the following command:
diskinit -style [partitions|volumes]
3. The system posts the following warning:

*** *** WARNING: *** All software and data on this system is about to be destroyed! *** Ready to reformat. Continue? (y|n) [n] -->
4. To continue, type y and press Enter. Otherwise, type n and press enter. If you answer y, the system repartitions and reformats all system hard drives in the style you specify.
After formatting is finished, you can run image2disk to install the 10.x software. For information about the image2disk utility, see Introducing the image2disk and diskinit utilities, on page A-1. For more information about the diskinit utility, see the command line help, available by running the command diskinit -h on the command line.
A-8
B
Introducing the mkdisk utility Creating the bootable thumb drive
Introducing the mkdisk utility

You can use the mkdisk utility to create a bootable USB thumb drive containing a software installation image. You can then use that thumb drive as the installation source to install the software and recover the system. You use the mkdisk utility in the following situations: You want to upgrade to version 10.x from version 9.3.x or 9.4.x, and you do not have the installation image on the system hard drive. You already have a version 10.x installation, but you cannot access the system hard drives.
Note
You can find the mkdisk utility in the full release software ISO installation image, but not in a hotfix ISO installation image.
B-1
Appendix B
Creating the bootable thumb drive

When you create a bootable thumb drive, you can use a BIG-IP system, or you can use a Linux workstation. The system you use to create a bootable thumb drive must contain a number of non-TMOS system software components and third-party utilities. For information about non-TMOS system software and third-party utilities, refer to the appropriate documentation. The system you use to create the bootable thumb drive must contain these software components and third-party utilities:

A system running Linux running the 2.6.x kernel Perl version 5.8 or later The Library for WWW in Perl (LWP) package For downloading and other information about the LWP Perl module collection, search the Comprehensive Perl Archive Network (CPAN) programming library, available at http://www.cpan.org/, or use another source, such as a Red Hat Package Manager (RPM) file (http://rpm.org/), the Advanced Packaging Tool apt-get program (http://linux.die.net/man/8/apt-get), or another reliable source. Utilities for disk and image manipulation The required utilities depend on the BIG-IP platform you plan to use to create the bootable thumb drive. For BIG-IP platforms 1600, 3600, 6900, and 8900, the workstation must have the following utilities: sfdisk: changes disk partitioning. mformat: creates a FAT32 file system. syslinux: represents a lightweight bootloader that starts up computers with the Linux kernel. mkisofs: creates an ISO9660 file system image. implantisomd5: implants an MD5 checksum in an ISO9660 image. For BIG-IP platforms 1500, 3400, 3410, 6400, 6800, 8400, and 8800, the workstation must have the following utilities: sfdisk: changes disk partitioning. mke2fs: creates a Linux (ext2) file system. extlinux: represents a lightweight bootloader that starts up computers with the Linux kernel.
B-2
For VIPRION platforms, the workstation must have the following utilities: sfdisk: changes disk partitioning. mke2fs: creates a Linux (ext2) file system. mkelfImage: makes an Executable and Linkable Format (ELF) boot image for Linux kernel images.
To create the bootable thumb drive

1. Log on to the Linux workstation or BIG-IP system as root, since you need block-level access to the thumb drive. 2. Mount the BIG-IP .iso file as a loopback device, or insert a BIG-IP CD-ROM into the CD-ROM drive. Either way, this process assumes that the .iso file or CD-ROM drive is mounted at /mnt/cd. (If you do not have this directory, you must create it. If you create it, use the exact name /mnt/cd.) To mount the .iso file, run the command:
mount -o loop BIGIP-10.0.0.5399.0.iso /mnt/cd
3. Insert a 1 GB or larger thumb drive in a USB port on the Linux workstation or BIG-IP system. 4. To change to the root directory of the mounted device, run the command:
cd /mnt/cd
5. To start the mkdisk script from that directory, run the command:
./mkdisk
6. Answer the questions the operation asks: a) Specify the BIG-IP system you plan to use as the target for thumb-drive installation operations. b) Specify the device to be used in the mkdisk operation (that is, the thumb drive you are creating). c) To confirm that you want to continue, type y. d) Specify the product (for example, BIG-IP 10.0.0) that you want to transfer, or if there is only one product, type y to transfer the BIG-IP 10.0.0 version of the software. The operation checks for the required tools, and creates the thumb drive, which takes approximately two or three minutes on a BIG-IP 1600 system. The interval on other systems varies. 7. To unmount the loopback device, run the command:
umount /mnt/cd
You can use the thumb drive to boot the target device. Place the thumb drive in the USB port of the target device, and reboot the target device. For all systems except VIPRION systems, the device automatically boots to the Maintenance OS on the thumb drive. For VIPRION systems, when the boot process begins, choose boot device sda1 from the kboot grub menu to boot to the Maintenance OS on the thumb drive.
B-3
Appendix B
B-4
C
Introducing the dashboard Viewing BIG-IP system information Viewing statistics for other modules
Introducing the dashboard

The BIG-IP system provides a dashboard that you can use to monitor overall system performance and performance of specific modules. The dashboard displays system statistics graphically, showing gauges and graphs, and you can view the same statistics in a table view. Information is updated every three seconds. You can display the dashboard from the menu bar of the Performance screen.
Important
To run the dashboard, the computer on which you are working must have Adobe Flash Player (version 9 or later) installed on it. This chapter describes how to display the dashboard screens. The dashboard includes online help for information about how to interpret the statistics on each of the panels that appear on the screens. Click the ? in the upper right corner of any panel to display the online help.
C-1
Appendix C
Viewing BIG-IP system information

You can view CPU usage, memory usage, connection types, and throughput statistics for the BIG-IP system on the dashboard.
To view BIG-IP system statistics on the dashboard

1. On the Main tab of the navigation pane, expand Overview and click Performance. The Performance screen opens. 2. On the menu bar, click Dashboard. The Performance Overview screen of the dashboard opens in a separate window. It may take a few seconds for the system to transfer data to the dashboard.
Figure C.1 shows a typical Performance overview screen in the dashboard.
Figure C.1 BIG-IP Dashboard, Performance Overview screen
C-2
Viewing CPU statistics

The CPU panel of the Performance Overview screen displays CPU statistics in a gauge, showing the busiest CPU; a chart, showing the busiest CPU, average CPU usage, and the least busiest CPU; and a table view that shows details for each CPU including fan speed, temperature, and usage. Figure C.2 shows the graphic view of the CPU panel. The busiest CPU is using 89.1% of its CPU capacity on all system management and application tasks.
Figure C.2 CPU panel of the Dashboard, Performance Overview screen
By clicking the grid icon in the upper left corner, you can display more details in a table format. Figure C.3 shows the CPU panel, table view.
Figure C.3 CPU panel, table view
In the table view, you can see that one of the CPUs, cpu1, is doing most of the work.
C-3
Appendix C
Viewing memory usage statistics

The Memory panel of the Performance Overview screen displays the amount of total system memory is currently in use. A chart breaks down memory usage into how much the Traffic Management Microkernel (TMM) is using for traffic management, and how much is being used for all other processes, such as those for system configuration and monitoring. Figure C.4 shows the graphic view of the Memory panel. In this example, the Memory Usage gauge shows that 77.5% of the total system memory is currently in use.
Figure C.4 Memory panel of the Dashboard, Performance Overview screen
The Breakdown chart in the figure shows that of the 4.1 GB of memory allocated on this BIG-IP system, processes other than TMM are using most of the memory. The Usage % chart shows that memory usage over the last five minutes has been steady at about 77%.
Viewing connection statistics

The Statistics panel of the Performance Overview screen displays the total open TCP connections on the system, and separately lists new connections, SSL connections, and all active connections for the time specified. Figure C.5, on page C-5, shows the graphic view of the Statistics panel with the Open tab selected. It shows that during the last 5 minutes the system has had up to 32,000 open connections, and now it has 16,702 connections.
C-4
Figure C.5 Statistics panel of the Dashboard, Performance Overview screen
Viewing throughput statistics

The Throughput panel of the Performance Overview screen summarizes the amount of traffic in bits per second that the system has handled during the time specified in the timeframe menu. It also separately shows SSL throughput, compression throughput, and all throughput. Figure C.6 shows the graphic view of the Throughout panel with the Total tab selected. The total throughput on the system for the last 5 minutes ranges between about 510 Mbps and 900 Mbps.
Figure C.6 Throughput panel of the Dashboard, Performance Overview screen
C-5
Appendix C
Viewing statistics for other modules

If you have licensed and provisioned other modules on the BIG-IP system that support the dashboard, you can view statistics specific to the module (for example, the WAN Optimization Module).
To view statistics for other modules on the dashboard

1. On the Main tab of the navigation pane, expand Overview and click Performance. The Performance screen opens. 2. On the menu bar, click Dashboard. The Performance Overview screen of the dashboard opens. 3. In the upper right corner, click Overview and choose the module for which you want to view statistics. The module screen of the dashboard opens.
C-6
Glossary
Glossary
active unit In a redundant system, the active unit is the system that currently load balances connections. If the active unit in the redundant system fails, the standby unit assumes control and begins to load balance connections. See also redundant system configuration. administrative partition An administrative partition is a logical container that you create, containing a defined set of BIG-IP system objects. You use administrative partitions to control user access to the BIG-IP system. See also user role. archive An archive is a backup copy of the BIG-IP system configuration data. This archive is in the form of a user configuration set, or UCS. See also user configuration set (UCS). configuration synchronization Configuration synchronization, or ConfigSync, is the task of duplicating a BIG-IP systems configuration data onto its peer unit in a redundant system. Configuration utility The Configuration utility is the browser-based application that you use to configure the BIG-IP system. connection mirroring Connection mirroring is a feature that causes all connections coming through the active unit of a redundant system to be replicated on the standby unit. This prevents any interruption in service when failover occurs. default route A default route is the route that the system uses when no other route specified in the routing table matches the destination address or network of the packet to be routed. default VLAN The BIG-IP system is configured with two default VLANs, one for each interface. One default VLAN is named internal and one is named external. See also VLAN (virtual local area network). default wildcard virtual server A default wildcard virtual server has an IP address and port number of 0.0.0.0:0. or *:* or "any":"any". This virtual server accepts all traffic that does not match any other virtual server defined in the configuration.
Glossary - 1
Glossary
disk partition A disk partition is a portion of a hard drive that contains a version of the software and a system configuration. A system drive may be formatted as a partition or a volume. See also volume. domain name A domain name is a unique name that is associated with one or more IP addresses. Domain names are used in URLs to identify particular Web pages. For example, in the URL http://www.siterequest.com/index.html, the domain name is siterequest.com. external VLAN The external VLAN is a default VLAN on the BIG-IP system. In a basic configuration, this VLAN has the administration ports locked down. In a normal configuration, this is typically a VLAN on which external clients request connections to internal servers. failover Failover is the process whereby a standby unit in a redundant system takes over when a software failure or a hardware failure is detected on the active unit. See also redundant system configuration. floating self IP address A floating self IP address is an additional self IP address for a VLAN that serves as a shared address by both units of a BIG-IP redundant system. gateway A gateway provides communication between two networks, through software, hardware, or a combination of software and hardware. interface A physical port on a BIG-IP system is called an interface. internal VLAN The internal VLAN is a default VLAN on the BIG-IP system. In a basic configuration, this VLAN has the administration ports open. In a normal configuration, this is a network interface that handles connections from internal servers. local traffic management Local traffic management is the process of managing network traffic that comes into or goes out of a local area network (LAN), including an intranet. logical volume management (LVM) Logical volume management is the version 10.x scheme used for formatting the system disk drive into volumes. See also volume.
Glossary - 2
Glossary
management interface The management interface is a special port on the BIG-IP system, used for managing administrative traffic. Named MGMT, the management interface does not forward user application traffic, such as traffic slated for load balancing. management route A management route is a route that forwards traffic through the special management (MGMT) interface. monitor The BIG-IP system uses monitors to determine whether nodes are up or down. There are several different types of monitors and they use various methods to determine the status of a server or service. See also node address, pool. name resolution Name resolution is the process by which a name server matches a domain name request to an IP address, and sends the information to the client requesting the resolution. node address A node address is the IP address associated with one or more nodes. This IP address can be the real IP address of a network server, or it can be an alias IP address on a network server. See also monitor. partition See administrative partition or disk partition. pool A pool is composed of a group of network devices (called members). The BIG-IP system load balances requests to the nodes within a pool based on the load balancing method and persistence method you choose when you create the pool or edit its properties. port A port can be represented by a number that is associated with a specific service supported by a host. profile A profile is a configuration tool containing settings for defining the behavior of network traffic. The BIG-IP system contains profiles for managing Fast L4, HTTP, FTP, UDP, and SSL traffic, as well as for implementing session persistence, server-side connection pooling, and remote application authentication.
Glossary - 3
Glossary
provisioning Provisioning is the process of assigning CPU, memory, and disk space to licensed software modules. Provisioning and licensing work together to make sure that software modules are accessible and appropriately provided with CPU cycles, system memory, and disk space. redundant system configuration Redundant system configuration refers to a pair of units that are configured for failover. In a redundant system configuration, there are two units, one running as the active unit and one running as the standby unit. If the active unit fails, the standby unit takes over and manages connection requests. remote administrative workstation A remote administrative workstation is a system that uses as Telnet or SSH to connect though an IP address to a BIG-IP system allows shell connections. roll forward Roll forward is a function of the installation process that preserves the existing configuration. When you install the software or upgrade, the system uses the previously archived user configuration set (UCS) file in the /var/local/ucs directory on the source installation location to update the configuration on the installation destination. self IP address Self IP addresses are the IP addresses owned by the BIG-IP system that you use to access devices in VLANs. You assign self IP addresses to VLANs. service Service refers to services such as TCP and HTTP. Setup utility The Setup utility walks you through the initial system configuration process. You can run the Setup utility from the Configuration utility start page. See also Configuration utility. single configuration file (SCF) A single configuration file, or SCF, is a file that you create using the bigpipe utility. The purpose of this file is to store an entire BIG-IP system configuration that you can then easily replicate on another BIG-IP system. See also user configuration set (UCS). SSH SSH is a protocol for secure remote logon and other secure network services over a non-secure network.
Glossary - 4
Glossary
SSL (Secure Sockets Layer) SSL is a network communications protocol that uses public-key technology as a way to transmit data in a secure manner. standby unit A standby unit in a redundant system is a unit that is always prepared to become the active unit if the active unit fails. See also redundant system configuration. static self IP address A static self IP address is a self IP address that is not shared between two units of a redundant system. TMM (Traffic Management Microkernel) service The TMM service is the process running on the BIG-IP system that performs most traffic management for the product. TMOS (Traffic Management Operation System) The Traffic Management Operating System is the internal mechanism within the BIG-IP system that is responsible for all traffic-management functions. user configuration set (UCS) A user configuration set is a backup file that you create for the BIG-IP system configuration data. When you create a UCS, the BIG-IP system assigns a .ucs extension to the file name. See also archive, single configuration file (SCF), and roll forward. user role A user role is a type and level of access that you assign to a BIG-IP system user account. By assigning user roles, you can control the extent to which BIG-IP system administrators can view or modify the BIG-IP system configuration. See also administrative partition. virtual address A virtual address is an IP address associated with one or more virtual servers managed by the BIG-IP system. See also virtual server. virtual server Virtual servers are a specific combination of virtual address and virtual port, associated with a content site that is managed by a BIG-IP system or other type of host server.
Glossary - 5
Glossary
VLAN (virtual local area network) A VLAN is a logical grouping of interfaces connected to network devices. You can use a VLAN to logically group devices that are on different network segments. Devices within a VLAN use Layer 2 networking to communicate and define a broadcast domain. volume A volume is a portion of a hard drive that contains a version of the software and a system configuration. A system drive may be formatted as volumes or partitions. See also disk partition and logical volume management (LVM).
Glossary - 6
Index
Index
10.x software installation 3-4 10.x volumes 2-6 9.3.x or 9.4.x software installing with version 10.x A-1 upgrading from A-2 9.6.x or earlier 10.x version upgrade 3-1 9.x partitions 2-6
A
About tab 1-4 active volume, setting 2-8 additional information 1-7 add-on registration key 2-8 address range, setting for SSH access 4-6 admin account configuring 4-6 described 4-3 using default 2-5 after installation reboot upgrading from version 9.3.x or 9.4.x A-5 upgrading in version 10.x 3-5 archive file 2-10
configuration tool choosing 1-2 described 1-3 configuration upgrade 2-12 Configuration utility accessing 2-8 described 1-3 licensing at initial setup 1-4 reviewing browser support 1-4 using 1-2 connections statistics C-4 console configuration 2-4 conventions, stylistic 1-5 cpcfg utility 2-12 CPU panel, Performance Overview screen C-3 CPU statistics, viewing C-3
D
dashboard described C-1 viewing system information C-2 default admin password 2-5 default network configuration 2-5 default root password 2-5 defined 2-11 difference in SCF and UCS 2-11 disaster recovery A-1, B-1 disk format types A-7 disk formatting 2-6 disk space and memory allocation 4-8 diskinit commands A-8 diskinit utility described A-1 recovering the system A-1 using A-7 documentation, finding additional 1-7 downloads 3-3, A-2
B
b software commands 3-2 base registration key 2-8 basic configuration setup 4-2 basic installation, defined 2-2 basic management settings screen in Setup utility 4-3 basic setup instructions 1-7 BIG-IP system information, viewing in dashboard C-2 bigpipe utility described 1-4 using to export configuration 2-11 using to import configuration 2-11 bootable thumb drive B-1, B-2
E C
cable, null modem 2-4 check date in license 2-8 clients using for SSH access 1-4 using for Telnet access 1-4 command line installation 3-2 command line utilities 1-4 command syntax, conventions 1-6 commands to create SCF 2-11 compression throughput C-5 configuration archive 2-10 configuration file 2-11 configuration options screen in Setup utility 4-6 configuration roll-forward 2-10 existing configuration 2-10
F
failover and installation 2-13 fully qualified domain name 4-4
G
gauge viewing BIG-IP system statistics C-2 viewing Busiest CPU C-3 viewing Memory Usage C-4 gauges, in Dashboard C-1 guides, finding additional 1-7
Index - 1
Index
H
hardware setup instructions 1-7 Help tab 1-4 help, online 1-7 high availability system 4-5 Host IP address setting 4-4 Host name setting 4-4
M
Main tab 1-4 Maintenance Operating System A-7 management interface defined 2-4 using previously specified 2-2 management interface configuration 2-2 management IP address adding 2-2 setting from LCD 2-3 Management Operating System A-7 management port 2-4 management workstation 2-4 manuals, finding additional 1-7 member, redundant system 4-5 memory and disk allocation 4-8 Memory panel, Performance Overview screen C-4 memory statistics C-4 memory usage statistics C-4 menu bar in Configuration utility 1-4 messages area in Configuration utility 1-3 mkdisk commands B-3 mkdisk utility described B-1 preparing system for B-2 using B-3 modules described 1-1 licensing 2-8 provisioning 4-8 MOS A-7 mosreboot command A-7
I
identification area in Configuration utility 1-3 im utility A-3 image2disk commands A-3, A-4 image2disk utility described A-1 preparing to use A-7 recovering the system A-1 using for installation A-2 installation archiving configuration 2-10 defined 2-2 downloading image file 3-3, A-2 prerequisites 2-2 rebooting after 3-5, A-5 summarizing tasks 2-2 upgrading from version 9.2.x or earlier A-2 upgrading from version 9.3.x or 9.4.x A-2 using from version 9.3.x or 9.4.x A-3 using in version 10.x 3-4 using on redundant systems 2-13 using the command line 3-2 using the image2disk utility A-3 installation image, creating B-2 installation task summary 2-2 instructions for hardware setup, printed 1-7 interface for management connection 2-2 IP addresses, defining 4-2 IP alias adding to UNIX system 2-5 creating 2-5 IP usage on Windows 2-5
N
navigation pane in Configuration utility 1-4 new license activation 2-9 null modem cable 2-4
O
online help 1-7 optional installation tasks 2-10
L
LCD panel defined 2-2 using to add management IP address 2-2 using to set management IP address 2-3 license activating 2-8 installing new 2-8 license check date 2-8 LVM disk format scheme 2-6
P
partitions deciding on A-4 recovering system A-7 password using default admin 2-5 using default root 2-5 Performance Overview screen C-2
Index - 2
Index
preliminary version 9.3.x or 9.4.x to 10.x tasks A-2 prerequisites for installation 2-2 printed setup instructions 1-7 process for installation 2-2 product documentation, finding additional 1-7 product modules 1-1 provision tasks 4-8
R
reboot after installation 3-5, A-5 recovery of hard drives A-7 redundant system configuring unit ID 4-5 defined 4-5 installing on 2-13 redundant system member 4-5 remote shell 1-4 retaining configuration 2-10 roll-forward process 2-10 root account configuring 4-6 described 4-3 root default account 2-5 root password described 4-2 finding default 2-5
S
SCF archiving 2-10 defined 2-11 understanding differences from UCS 2-12 upgrading 2-12 serial console 2-2, 2-4 service check date 2-8 setup instructions for hardware, printed 1-7 Setup utility preventing from running 4-2 running and rerunning 4-2 using configuration options screen 4-6 using management settings screen 4-3 setup.run db key 4-2 single configuration file. See SCF. software installation specifying source installation directory 3-4 using b software commands 3-2 using for version 10.x 3-1 using for version 9.3.x or 9.4.x upgrade A-3 using image2disk commands A-3 using Software Management screens 3-1 software license 2-8
Software Management screen creating volumes 2-7 deleting volumes 2-7 downloading software 3-3 importing software 3-3 rebooting from 3-5 using for installation 3-4 software provisioning 4-8 software utilities using bigpipe 1-4 using cpcfg 2-12 using diskinit A-7 using image2disk A-3 using tmsh 1-4 using to configure system 4-6 SSH access 4-6 SSH client 1-4 SSL connection statistics C-4 static IP requirement 2-5 Statistics panel, Performance Overview screen C-4 statistics, viewing C-1 stylistic conventions 1-5 summary of installation tasks 2-2 support account configuring 4-6 described 4-3 system licensing 2-9 setting unit ID 4-5 system configuration copying 2-12 exporting 2-11 importing 2-11 retaining 2-10 system connection 2-2 system hardware setup instructions 1-7 system messages, viewing 1-4 system performance, monitoring C-1 system recovery A-1, B-1 system statistics, viewing C-1
T
tasks for installation 2-2 technical support 1-7 Telnet client 1-4 terminal emulator 2-4 Throughput panel, Performance Overview screen C-5 throughput statistics C-5 thumb drive, using for installation B-1 Time zone setting 4-5 TMOS module provision tasks 4-8
Index - 3
Index
tmsh utility 1-4 Traffic Management Operating System (TMOS) 1-1 traffic management software activating 2-8 configuring network settings 4-6 licensing 2-8
U
UCS archiving 2-11 defined 2-11 introducing 2-10 understanding differences from SCF 2-12 upgrading 2-12 unit ID setting 4-5 unlicensed systems 2-8 upgrade configuration 2-10 upgrade process using for one-time upgrade from 9.3.x or 9.4.x A-2 using for SCF or UCS 2-12 using for version 10.x 3-1 using from pre-9.3.x version upgrade 3-2 using from version 9.3.x or 9.4.x A-2, A-3 using from version 9.6.x or earlier 10.x 3-1 using from versions earlier than 9.3.x 3-2 USB thumb drive. See bootable thumb drive.
user configuration set. See UCS. utilities using command line configuration 1-4 using cpcfg 2-12 using diskinit A-7 using for advanced network configuration 4-6 using for basic network configuration 4-6 using image2disk A-3 using mkdisk B-3 using Setup 4-2
V
valid license 2-8 version upgrade using from pre-9.3.x versions 3-2 using from version 9.3.x or 9.4.x A-2 using from version 9.6.x or earlier 10.x 3-1 volumes creating and deleting 2-7 deciding on drive formatting A-4 defined 2-6 recovering system A-7 working with 2-6
W
Windows IP requirement 2-5
Index - 4

Big-Ip Systems: Getting Started Guide

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Big-Ip Systems: Getting Started Guide

Uploaded by

Copyright:

Available Formats

BIG-IP Systems: Getting Started Guide

Export Regulation Notice