Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
version 10.1
MAN-0300-00
Product Version
This manual applies to product version 10.1 of the BIG-IP® Local Traffic Manager, BIG-IP® Global
Traffic Manager, BIG-IP® Link Controller, BIG-IP® SSL Accelerator, BIG-IP® Application Security
Manager, and the BIG-IP® WebAccelerator™ System, BIG-IP® WAN Optimization Module, and
VIPRION® systems.
Publication Date
This manual was published on February 4, 2010.
Legal Notices
Copyright
Copyright 2008-2010, F5 Networks, Inc. All rights reserved.
F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5
assumes no responsibility for the use of this information, nor any infringement of patents or other rights of
third parties which may result from its use. No license is granted by implication or otherwise under any
patent, copyright, or other intellectual property right of F5 except as specifically described by applicable
user licenses. F5 reserves the right to change specifications at any time without notice.
Trademarks
F5, F5 Networks, the F5 logo, BIG-IP, 3-DNS, Access Policy Manager, APM, Acopia, Acopia Networks,
Application Accelerator, Ask F5, Application Security Manager, ASM, ARX, Data Guard, Enterprise
Manager, EM, FirePass, FreedomFabric, Global Traffic Manager, GTM, iControl, Intelligent Browser
Referencing, Internet Control Architecture, IP Application Switch, iRules, Link Controller, LC, Local
Traffic Manager, LTM, Message Security Module, MSM, NetCelera, OneConnect, Packet Velocity,
Protocol Security Module, PSM, SSL Accelerator, SYN Check, Traffic Management Operating System,
TMOS, TrafficShield, Transparent Data Reduction, uRoam, VIPRION, WANJet, WAN Optimization
Module, WOM, WebAccelerator, and ZoneRunner, are trademarks or service marks of F5 Networks, Inc.,
in the U.S. and other countries, and may not be used without F5's express written consent.
Patents
This product protected by U.S. Patents 6,327,242; 6,374,300; 6,473,802; 6,970,933; 7,051,126; 7,102,996;
7,146,354; 7,197,661; 7,206,282; 7,287,084. Other patents pending.
RF Interference Warning
This is a Class A product. In a domestic environment this product may cause radio interference, in which
case the user may be required to take adequate measures.
FCC Compliance
This equipment has been tested and found to comply with the limits for a Class A digital device pursuant
to Part 15 of FCC rules. These limits are designed to provide reasonable protection against harmful
interference when the equipment is operated in a commercial environment. This unit generates, uses, and
can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual,
may cause harmful interference to radio communications. Operation of this equipment in a residential area
is likely to cause harmful interference, in which case the user, at his own expense, will be required to take
whatever measures may be required to correct the interference.
Standards Compliance
This product conforms to the IEC, European Union, ANSI/UL and Canadian CSA standards applicable to
Information Technology products at the time of manufacture.
Acknowledgments
This product includes software developed by Bill Paul.
This product includes software developed by Jonathan Stone.
This product includes software developed by Manuel Bouyer.
This product includes software developed by Paul Richards.
This product includes software developed by the NetBSD Foundation, Inc. and its contributors.
This product includes software developed by the Politecnico di Torino, and its contributors.
This product includes software developed by the Swedish Institute of Computer Science and its
contributors.
This product includes software developed by the University of California, Berkeley and its contributors.
This product includes software developed by the Computer Systems Engineering Group at the Lawrence
Berkeley Laboratory.
This product includes software developed by Christopher G. Demetriou for the NetBSD Project.
This product includes software developed by Adam Glass.
This product includes software developed by Christian E. Hopps.
This product includes software developed by Dean Huxley.
This product includes software developed by John Kohl.
This product includes software developed by Paul Kranenburg.
This product includes software developed by Terrence R. Lambert.
This product includes software developed by Philip A. Nelson.
This product includes software developed by Herb Peyerl.
This product includes software developed by Jochen Pohl for the NetBSD Project.
This product includes software developed by Chris Provenzano.
This product includes software developed by Theo de Raadt.
This product includes software developed by David Muir Sharnoff.
This product includes software developed by SigmaSoft, Th. Lockert.
This product includes software developed for the NetBSD Project by Jason R. Thorpe.
This product includes software developed by Jason R. Thorpe for And Communications,
http://www.and.com.
This product includes software developed for the NetBSD Project by Frank Van der Linden.
This product includes software developed for the NetBSD Project by John M. Vinopal.
This product includes software developed by Christos Zoulas.
This product includes software developed by the University of Vermont and State Agricultural College and
Garrett A. Wollman.
This product includes software developed by Balazs Scheidler <bazsi@balabit.hu>, which is protected
under the GNU Public License.
This product includes software developed by Niels Mueller <nisse@lysator.liu.se>, which is protected
under the GNU Public License.
In the following statement, "This software" refers to the Mitsumi CD-ROM driver: This software was
developed by Holger Veit and Brian Moore for use with "386BSD" and similar operating systems.
"Similar operating systems" includes mainly non-profit oriented systems for research and education,
including but not restricted to "NetBSD," "FreeBSD," "Mach" (by CMU).
This product includes software developed by the Apache Group for use in the Apache HTTP server project
(http://www.apache.org/).
ii
This product includes software licensed from Richard H. Porter under the GNU Library General Public
License (© 1998, Red Hat Software), www.gnu.org/copyleft/lgpl.html.
This product includes the standard version of Perl software licensed under the Perl Artistic License (©
1997, 1998 Tom Christiansen and Nathan Torkington). All rights reserved. You may find the most current
standard version of Perl at http://www.perl.com.
This product includes software developed by Jared Minch.
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit
(http://www.openssl.org/).
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).
This product contains software based on oprofile, which is protected under the GNU Public License.
This product includes RRDtool software developed by Tobi Oetiker (http://www.rrdtool.com/index.html)
and licensed under the GNU General Public License.
This product contains software licensed from Dr. Brian Gladman under the GNU General Public License
(GPL).
This product includes software developed by the Apache Software Foundation <http://www.apache.org/>.
This product includes Hypersonic SQL.
This product contains software developed by the Regents of the University of California, Sun
Microsystems, Inc., Scriptics Corporation, and others.
This product includes software developed by the Internet Software Consortium.
This product includes software developed by Nominum, Inc. (http://www.nominum.com).
This product contains software developed by Broadcom Corporation, which is protected under the GNU
Public License.
This product contains software developed by MaxMind LLC, and is protected under the GNU Lesser
General Public License, as published by the Free Software Foundation.
This product includes software developed by the Computer Systems Engineering Group at Lawrence
Berkeley Laboratory. Copyright © 1990-1994 Regents of the University of California. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided
that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the
following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the
following disclaimer in the documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following
acknowledgement:
This product includes software developed by the Computer Systems Engineering Group at Lawrence
Berkeley Laboratory.
4. Neither the name of the University nor of the Laboratory may be used to endorse or promote products
derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS "AS IS" AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
This product includes software developed by Sony Computer Science Laboratories Inc. Copyright ©
1997-2003 Sony Computer Science Laboratories Inc. All rights reserved. Redistribution and use in source
and binary forms, with or without modification, are permitted provided that the following conditions are
met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the
following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the
following disclaimer in the documentation and/or other materials provided with the distribution.
iv
Table of Contents
Table of Contents
1
Introducing BIG-IP Systems
Getting started with BIG-IP systems ..........................................................................................1-1
Understanding this guide ...............................................................................................................1-2
Choosing a configuration tool ......................................................................................................1-2
Using the Configuration utility ............................................................................................1-2
Using command line utilities ................................................................................................1-4
Understanding stylistic conventions ...........................................................................................1-5
Identifying references to products .....................................................................................1-5
Identifying references to other documents .....................................................................1-5
Using the examples ................................................................................................................1-5
Identifying new terms ............................................................................................................1-5
Identifying references to objects, names, and commands ............................................1-5
Identifying command syntax ................................................................................................1-6
Finding help and technical support resources ..........................................................................1-7
2
Preparing the System for Installation
Summarizing 10.x installation and upgrade ...............................................................................2-1
Performing prerequisite tasks ......................................................................................................2-2
Configuring the management interface .............................................................................2-2
Establishing a connection to the system ...........................................................................2-4
Working with volumes .........................................................................................................2-6
Activating the software license ...........................................................................................2-8
Performing optional tasks .......................................................................................................... 2-10
Managing pre-existing configuration files ....................................................................... 2-10
Preparing units in a redundant system configuration ................................................. 2-13
3
Performing the Installation
Introducing the installation process ............................................................................................3-1
Upgrading from 9.6.x, or from earlier versions of 10.x ................................................3-1
Upgrading from version 9.3.x or 9.4.x ..............................................................................3-2
Upgrading from software versions earlier than 9.3.x ....................................................3-2
Downloading and importing the installation file ......................................................................3-3
Starting the installation ..................................................................................................................3-4
Rebooting the system ....................................................................................................................3-5
4
Completing Post-Installation Tasks
Understanding system configuration ..........................................................................................4-1
Running the Setup utility ...............................................................................................................4-2
Preventing the Setup utility from running automatically ...............................................4-2
Specifying settings in the Setup utility ...............................................................................4-3
Configuring basic management settings ............................................................................4-3
Configuring traffic management settings ..........................................................................4-6
Provisioning TMOS modules ........................................................................................................4-8
Understanding Resource Provisioning settings ...............................................................4-8
Specifying provisioning levels ..............................................................................................4-9
Understanding rolling forward and provisioning ......................................................... 4-10
Completing system configuration ............................................................................................. 4-11
A
Upgrading from Versions 9.3.x and 9.4.x
and Reformatting for 10.1.x
Introducing the upgrade process ................................................................................................A-1
Introducing the image2disk upgrade utility ..............................................................................A-2
Upgrading version 9.3.x or 9.4.x systems or reformatting for version 10.1.x ................A-3
Preparing for system upgrade ............................................................................................A-3
Performing system upgrade ................................................................................................A-3
Downloading the installation file .......................................................................................A-4
Installing the image2disk upgrade and disk formatting utility .....................................A-4
Formatting the drive with the image2disk utility ...........................................................A-5
Starting the installation ........................................................................................................A-6
Rebooting after installation .................................................................................................A-7
Completing post-installation tasks ....................................................................................A-8
B
Formatting and Recovering Disk Drives
Introducing the diskinit utility ..................................................................................................... B-1
Installing the diskinit utility ................................................................................................. B-1
Recovering blank or damaged hard drives ............................................................................... B-2
Preparing the system to run the diskinit utility ............................................................. B-2
Running the diskinit utility .................................................................................................. B-3
C
Creating a Bootable USB Thumb Drive
Introducing the mkdisk utility .....................................................................................................C-1
Creating the bootable thumb drive ...........................................................................................C-2
D
Monitoring the BIG-IP System
Introducing the dashboard ...........................................................................................................D-1
Viewing BIG-IP system information ...........................................................................................D-2
Viewing CPU statistics .........................................................................................................D-3
Viewing memory usage statistics .......................................................................................D-4
Viewing connection statistics .............................................................................................D-4
Viewing throughput statistics .............................................................................................D-5
Viewing statistics for other modules .........................................................................................D-6
Glossary
Index
ii
1
Introducing BIG-IP Systems
1-2
Introducing BIG-IP Systems
state of the system. This area is also where the system presents certain
system messages, for example Activation Successful, which appears
after a successful licensing process.
◆ The navigation pane
The navigation pane, on the left side of the screen, contains the Main tab,
the Help tab, and the About tab. The Main tab provides links to the major
configuration objects. The Help tab provides context-sensitive help for
each screen in the Configuration utility. The About tab presents the
content from the Welcome screen. When the Help or About tab is active,
you can open the content of the navigation pane in a new window using
the Launch button. You can also print the content of the Help or About
panes using the Print button.
◆ The menu bar
The menu bar, which is below the identification and messages area, and
above the body, provides links to the additional configuration objects
within each major object.
◆ The body
The body is the screen area where the configuration settings display.
Note
All users must use the browser-based Configuration utility to license the
system for the first time. For information about running Setup using the
Configuration utility, see Running the Setup utility, on page 4-2.
1-4
Introducing BIG-IP Systems
\
Indicates that the command continues on the following line, and that you should type the entire
command without entering a line break.
< >
Identifies a user-defined parameter. For example, if the command has <your name>, type in your
name, but do not include the brackets.
|
Separates parts of a command.
[ ]
Indicates that syntax inside the brackets is optional.
...
Indicates that you can type a series of items.
1-6
Introducing BIG-IP Systems
1-8
2
Preparing the System for Installation
When you finish the pre-installation tasks described in this chapter, you then
complete the installation tasks, which differ depending on your starting
point.
• If you are starting with version 9.6.x, or from earlier 10.x versions,
proceed to Chapter 3, Performing the Installation.
• If you are upgrading from version 9.3.x or 9.4.x, proceed to Appendix A,
Upgrading from Versions 9.3.x and 9.4.x and Reformatting for 10.1.x.
WARNING
If the system you plan to upgrade has WAN Optimization Module™,
WebAccelerator™, or Application Security Manager™ already provisioned
or if you have a number of volumes with software installed, you might
experience an upgrade failure due to insufficient space. Before you proceed,
set the module provisioning to Minimal, or remove unneeded volumes and
reboot the system. After installation is complete, you can set the
provisioning back to its original setting.
Important
You cannot upgrade and roll forward a configuration directly to this version
from versions 9.2.x or earlier. If you have a configuration from version 9.2.x
or earlier, you must upgrade to version 9.3.x or 9.4.x, and then upgrade to
version 10.x. If you do not need to roll forward a configuration, you can
follow the upgrade instructions in Appendix A, Upgrading from Versions
9.3.x and 9.4.x and Reformatting for 10.1.x.
Important
If the system on which you are installing is a member of a redundant system
configuration, you should review the information in Preparing units in a
redundant system configuration, on page 2-13.
Important
Do not add a self IP address that is on the same network as the management
interface. The management interface functions separately from other system
functions and cannot share the same network.
2-2
Preparing the System for Installation
Adding an IP address, netmask, and default route using the LCD panel
You can use the LCD panel on the front of the device to specify a
management IP address, a netmask for the IP address, and a default route.
Note
Note
If you cannot see or read output on the serial console, check the baud rate to
make sure it is set to 19200.
2-4
Preparing the System for Installation
Important
We recommend that you change these defaults to ensure system security.
Note
If you add this alias prior to booting up the BIG-IP system, the unit detects
the alias and uses the corresponding IP address.
The IP alias must be in the same network as the default IP address you want
the system to use. For example, on a UNIX® workstation, you might create
one of the following aliases.
• If you want the unit to use the default IP address 192.168.1.245, then add
an IP alias to the workstation you want to use to connect to the BIG-IP
system, using the following command:
ifconfig exp0 add 192.168.1.1
• If you want to use the alternate IP address 192.168.245.245, then add an
IP alias such as:
ifconfig exp0 add 192.168.245.1
WARNING
Important
The procedures described in this section assume that the system is using the
volumes disk-formatting scheme. If your system is using partitions (the
formatting scheme used in software prior to version 10.x), you cannot use
the procedures in this section. Instead, you must use 9.x procedures to
manage the partitions. Refer to the appropriate 9.x documentation for those
procedures. If the BIG-IP system is not already formatted for volumes, you
can use the image2disk utility to format the system drive as you install the
software. For information about formatting the system drives, see Starting
the installation, on page A-6.
2-6
Preparing the System for Installation
WARNING
Do not use the Software Management screens to create or delete partitions.
Doing so can result in an unstable condition. If you accidentally deleted
HD1.1 on a partitioned system and the system has become unusable, you
can reboot the system, or run the bigstart restart command on the command
line to return the system to an operational state. If you need to reformat a
system drive, you can use the image2disk utility. For more information, see
Formatting the drive with the image2disk utility, on page A-5.
Note
2-8
Preparing the System for Installation
3. At the password prompt, type the default user name, admin, and the
default password, admin, and click Log in.
The Configuration utility opens. If this is the first time you have run
the Configuration utility, the system presents the Licensing screen
of the Setup utility. If this is not the first time you have run the
Configuration utility, the system presents the Welcome screen.
4. To begin the licensing process, click Activate (or Re-activate, if
you are reactivating the license).
The Activate License screen opens.
5. Follow the on-screen prompts to license the system.
For additional information during the procedure, click the Help tab of the
navigation pane.
Note
You can update the license at any time by using the options that are
available using the License options of the System section of the Main tab of
the navigation pane.
Important
Make sure the license on the source installation location is valid before you
archive a configuration. This helps prevent accidental installation of an
invalid license over a valid one when you roll forward a UCS archive.
Note
The hostname in the UCS archive must match the host name of the system to
which you are installing for roll-forward to complete successfully.
Archiving a configuration
Before you archive the current configuration, you should make sure the
existing configuration contains no unnecessary elements, such as
nonworking virtual servers or users who should no longer have access to the
system. Once you remove all unnecessary elements, make sure to save your
configuration. The system does not roll forward unsaved configurations.
In the browser-based Configuration utility, each change of a page saves the
configuration. So to ensure that the system saves all of your configuration
settings, in the navigation pane, expand Overview, and click Welcome.
This takes you to the Welcome screen and saves the configuration.
Note
2 - 10
Preparing the System for Installation
To archive a configuration
1. On the Main tab of the navigation pane, expand System, and click
Archives.
The Archive List screen opens.
2. On the upper right portion of the screen, click the Create button.
The New Archive screen opens.
3. For the Name setting, type a name for the archive.
The system adds a .ucs extension.
4. If you want to encrypt the archive, enable encryption, and specify
whether you want to include private keys in the archive.
5. To start the archiving operation, click the Finished button.
6. Copy the UCS archive to a secure, remote location.
Now you can apply the upgraded SCF to other BIG-IP systems. F5
Networks also recommends that you archive the configuration to a UCS
archive, and copy the UCS archive to a secure, remote location. For
information on archiving the configuration, see Archiving a configuration,
on page 2-10.
2 - 12
Preparing the System for Installation
Note
2 - 14
3
Performing the Installation
Important
Beginning with version 10.1.0, you must reformat the system’s hard drive
partitions even if you plan to maintain 9.x alongside 10.x. The version
9.x-size partitions do not accommodate the 10.1.x software. You use the
image2disk utility to reformat the drive and install the 10.1.x software, and
then complete a separate operation using a version 9.x installation method
described in the version 9.x release notes. For information about using the
image2disk utility, see To format the drive for volumes and install the
software, on page A-7.
WARNING
Do not use the Software Management screens to add or delete partitions.
Doing so can result in an unstable condition. You should only use the
Software Management screens to add or delete volumes. If you accidentally
deleted HD1.1 on a partitioned system and the system has become unusable,
you can reboot the system, or run the bigstart restart command on the
command line to return the system to an operational state.
WARNING
Do not use the b software commands to add or delete partitions. Doing so
can result in an unstable condition. You should only use the b software
commands to add or delete volumes. If you accidentally deleted HD1.1 on a
partitioned system and the system has become unusable, you can reboot the
system, or run the bigstart restart command on the command line to return
the system to an operational state.
You can find information about the b software commands in the man page
for the command, available at the command line by typing man software.
3-2
Performing the Installation
Important
If you navigate away from this screen before the operation completes, the
system might not import the image successfully. Therefore, we recommend
that you wait for the operation to complete before continuing with any other
work on the BIG-IP system.
You can also create a bootable thumb drive or DVD to use as a source for
the installation. For instructions for creating a bootable thumb drive, see
Appendix C, Creating a Bootable USB Thumb Drive. The following
procedures assume that you are using the /shared/images directory on the
BIG-IP system.
WARNING
Important
You cannot install to the active volume or partition. The destination must
represent an inactive volume or partition on the disk.
Tip
If there is a problem during installation, you can use log messages to
troubleshoot a solution. The system stores the installation log file as
/var/log/liveinstall.log.
3-4
Performing the Installation
When the operation is complete, the system presents the logon screen. To
configure the system, log on using an account that has administrative
permissions.
When the system finishes rebooting, you can continue with the
post-installation tasks, as described in Chapter 4, Completing
Post-Installation Tasks.
Important
You will not have access to certain software features and functionality until
you complete the post-installation tasks.
3-6
4
Completing Post-Installation Tasks
3. At the logon prompt, type admin for the user name, and admin for
the password (or, if you changed these, use the values you
specified).
The Configuration utility opens.
Important
Even if you typically use the command line to configure, you must first run
the Setup utility from the browser-based Configuration utility before you
can begin.
4-2
Completing Post-Installation Tasks
Note
If you have not already activated the license, you must use the
browser-based Configuration utility to run the Setup utility to license the
system for the first time. In that case, the system starts the Setup utility when
you access the Configuration utility for the first time. For information about
activating the license, see Activating the software license, on page 2-8.
Note
As you proceed through the Setup utility, you can click the Help tab of the
navigation pane for information about the settings on each screen.
Note
Depending on the hardware you have and the settings you configure, you
may see only some of the screen elements described here.
Host name
This is the name of the system. You must enter a fully qualified domain
name (FQDN) for the system. This field allows only letters, numbers, and
the characters underscore ( _ ), dash ( - ) and period ( . ).
Host IP address
The host IP address is the IP address that you want to associate with the host
name. You can select Use Management Port IP Address to associate the
host name with the management port's IP address. This is the default setting.
Select Custom Host IP Address to type an IP address other than the
management port's IP address.
4-4
Completing Post-Installation Tasks
High availability
A high availability system, or redundant system configuration, consists of
two units or blades that share configuration information, and serve as
failover peers. If the unit you are configuring is a member of a redundant
system configuration, select Redundant Pair. If not, select Single Device.
Important
Beginning with version 10.0.0 of the software, a redundant system
configuration must contain failover peer management addresses for each
unit. If you roll forward a redundant system configuration from version
9.3.x or 9.4.x, the units start up in an offline state because each one needs a
failover peer management address. To configure the failover peer
management addresses, navigate to the Network Failover screen, available
under High Availability on the System menu in the navigation pane, and
specify the management IP address of the peer unit in the Peer
Management Address field. Then do the same on the other unit in the
redundant system. Once you specify both IP addresses, the system should
operate as expected.
Note
Unit ID
This setting identifies a member in a redundant system configuration. The
default number is 1. If this is the first member in the redundant system
configuration, use the default. When you configure the second member in
the redundant system configuration, select 2. The system uses these settings
to determine which member becomes active first, should both peers come
online simultaneously.
Time zone
The time zone you select typically represents the location of the system.
However, some networks specify a time zone to accommodate a more
international aspect of the organization, such as Greenwich Mean Time
(GMT), or the time zone representing the corporate headquarters. The
system uses the time zone for the date and time of events recorded in logs.
Note
If you change the time zone, we recommend that you reboot the system to
ensure that all of the services are in sync. If you do not reboot, it does not
affect traffic or management functionality, but there is a possibility that
some timestamps might be logged or displayed incorrectly, depending on
which service has been restarted and which has not.
Root account
The root account provides only console access to this system. Type the
password for the built-in account, root. In the Confirm box, retype the
password that you typed in the Password box. If you mistype the password
confirmation, the system prompts you to retype both entries.
Admin account
The admin account provides only browser access to the system. Type the
password for the built-in account, admin. In the Confirm box, retype the
password that you typed in the Password box. If you mistype the password
confirmation, the system asks you to retype both entries.
SSH access
You can use this setting to enable SSH access to the BIG-IP system.
4-6
Completing Post-Installation Tasks
Main tab of the navigation pane. The Network section provides access to
the objects you commonly configure for traffic management, such as
interfaces, routes, self IP addresses, VLANs, and so on.
Note
You can update the network configuration at any time by using the options
that are available under the Network section on the Main tab of the
navigation pane.
Important
Some modules require that you provision CPU, memory, and disk space
before they are visible in the Configuration utility. If you do not see a
module that you have licensed, first check to make sure you have
provisioned CPU, memory, and disk space for it.
4-8
Completing Post-Installation Tasks
You can provision modules for which you are not licensed. This enables you
to configure the system prior to obtaining a license. When you provision
modules you are not licensed for, the system posts an alert in the
identification and messages area of the Configuration utility: Provisioned
yet unlicensed: <modulename> to let you know that you do not have a
valid license for that module. Even though you can provision an unlicensed
module, the associated module’s features are not operable.
Important
If you provision CPU, memory, and disk space to a module whose license
later expires, the system does not automatically reallocate that CPU,
memory, and disk space. You should make sure to reprovision any CPU,
memory, and disk space from modules with expired licenses to other
modules whose licenses are currently active.
Important
If you are installing a license, but you are not rolling forward a
configuration, the system does not provision any CPU, memory, or disk
space. In order to see and access new modules you install, you must
provision them first.
4 - 10
Completing Post-Installation Tasks
Note
If you rolled forward a configuration, you should check to make sure that
the configuration contains all of the objects you expect. In general, the
upgrade process takes care of this for you, but you should always check to
make sure the configuration contains all objects and settings you expect.
For example, if you roll forward a configuration that contained the
WebAccelerator system, the system presents the following message after the
installation operation finishes: The WAM configuration being restored is
version 9.4.3 but the current installation is version 10.0.0. The restored
9.4.3 WAM config files may require manual merging if they had been
customised, and will NOT overwrite the 10.0.0 files. If your configuration
had not been customised no merge is required.
4 - 12
A
Upgrading from Versions 9.3.x and 9.4.x
and Reformatting for 10.1.x
WARNING
Do not use the image2disk utility to install version 9.x software .im files.
Depending on the operations you perform, doing so might render the system
unusable. If you need to downgrade from version 10.x to version 9.x, use the
image2disk utility to format the system for partitions, and then use a version
9.x installation method described in the version 9.x release notes to install
the version 9.x software.
A-2
Upgrading from Versions 9.3.x and 9.4.x and Reformatting for 10.1.x
Important
Beginning with version 10.1.0, you must reformat the system’s hard drive
partitions even if you plan to maintain 9.x alongside 10.x. Partitions created
using version 9.x or 10.0.x software do not accommodate the 10.1.x
software. To maintain both versions, you use the image2disk utility to
reformat the drive and install the 10.1.x software, and then complete a
separate operation using a version 9.x installation method described in the
version 9.x release notes. For more information, see To format the drive for
volumes and install the software, on page A-7.
Important
You cannot use the image2disk utility to install to BIG-IP systems running
version 9.2.x or earlier. You must first upgrade to version 9.3.x or 9.4.x. For
information on upgrading, see the release notes for the associated software.
Note
You can also run the installation operation from /mnt/thumb/ on a thumb
drive that contains the downloaded ISO image. For information on creating
a thumb drive, see Appendix C, Creating a Bootable USB Thumb Drive.
A-4
Upgrading from Versions 9.3.x and 9.4.x and Reformatting for 10.1.x
Important
Beginning with version 10.1, the software no longer fits in partitions created
using the 9.x or 10.0.x formatting options. Although you can still use
partitions to maintain version 9.x alongside 10.x, you must reformat the
drive for the larger partition size.
You use the --format option of the imge2disk utility to format for partitions
or volumes, and to convert from one type of disk management style to
another (that is, from partitions to volumes, or vice versa), as you install the
software. Also called logical volume management (LVM), volumes are
supported on all platforms and modules that version 10.x supports. If you
plan a configuration that consists solely of 10.x software, we recommend
that you use the volume disk-formatting scheme.
The image2disk utility cannot run if the system hard drive contains
low-level formatting errors. To recover a corrupted or damaged disk, you
can use the diskinit utility, and then use the image2disk utility to install the
software after formatting is complete. For information about the hard-drive
recovery process, see Recovering blank or damaged hard drives, on page
B-2.
Important
Some platforms, such as the BIG-IP 6900 and BIG-IP 8900, have multiple
drives. For these platforms, formatting creates drives with designators
MDn.n instead of HDn.n. The examples used throughout this chapter use
HDn.n when specifying installation locations. When applicable, you should
substitute MDn.n for installation.
Note
Once you have run the image2disk utility, the system prevents you from
running it again unless you are also formatting the drive using the --format
option. This is to prevent potential issues that might arise with a second
installation operation. To repeat an installation operation without
formatting, you can use the Software Management screens in the
browser-based Configuration utility, or the b software commands on the
command line. For information about using the Software Management
screens, see Using Software Management screens, on page 3-1. For
information about using the b software commands, review the man page,
available by typing the command man software at the system command line.
WARNING
The reformatting operation erases all data on the disk. Before starting the
reformatting operation, make sure to back up your configuration and store
it in a secure, remote location.
WARNING
Do not use the --nomoveconfig option described in the following procedure
on systems with existing, running installations of Application Security
Manager™. Doing so removes all content from the associated database.
Instead, ensure that the configuration on the source installation location
matches the one on the destination. To do so, save the UCS configuration on
the location you want to preserve, and apply that configuration to the
destination before or after the installation operation.
A-6
Upgrading from Versions 9.3.x and 9.4.x and Reformatting for 10.1.x
WARNING
If you are upgrading to BIG-IP version 10.1 or later and you plan to
maintain a mixed 9.x and 10.x environment, you must reformat the drive for
the larger, version 10.1.x partition size. You cannot simply upgrade to
version 10.1.x if you are using partitions. The 10.1.x versions of the software
do not fit in partitions created with version 9.x or 10.0.x disk formatting.
You can find procedures for each of these tasks, starting with Running the
Setup utility, on page 4-2.
A-8
B
Formatting and Recovering Disk Drives
For these types of low-level hard-drive formatting, you use the diskinit
utility to first format the system’s physical hard drives before you run the
image2disk utility to install the software.
WARNING
To run the diskinit utility, you must have console access to the system, either
through a console server or directly through the serial connection. Once
you boot into the MOS, you lose connection with the system.
Important
Rebooting to the MOS requires that the internal drives still have a
significant portion of their current software intact and operational. If this is
not the case, you must boot from removable media, such as a USB CD/DVD
drive or a USB thumb drive. You can find information about creating a
bootable USB thumb drive in Creating the bootable thumb drive, on page
C-2.
B-2
Formatting and Recovering Disk Drives
The system reboots to the MOS, which runs in RAM. You can then run the
diskinit utility to format the system drives.
WARNING
Running the diskinit utility removes all information on the system hard
drive. If that is not what you intended, do not proceed with the operation.
WARNING
If you omit the -style option in the following procedure, the disk
reformatting operation removes all file systems and volumes from all hard
drives and does not create any new ones, which can result in a
nonoperational system. This is not a typical or supported operation, and F5
Networks does not recommend it.
After formatting is complete, you can run the image2disk utility to install
the version 10.x software. In this case, the installation source must be a
bootable thumb drive, or another external source, since there is no directory
structure on the disk. You can then apply a previously archived
configuration file, or you can apply the default configuration.
Note
For a list of command options available for the diskinit utility, see the
command line help, available by running the command diskinit -h on the
command line.
• To format for volumes and install the version 10.x software, run a
command similar to the following:
image2disk --instslot=HD1.2 --nosaveconfig --format=partitions /mnt/thumb/
B-4
C
Creating a Bootable USB Thumb Drive
Note
You can find the mkdisk utility in the full release software ISO installation
image, but not in a hotfix ISO installation image.
• For BIG-IP platforms 1500, 3400, 3410, 6400, 6800, 8400, and 8800,
the workstation must have the following utilities:
• sfdisk: changes disk partitioning.
• mformat: creates a FAT32 file system.
• syslinux: represents a lightweight bootloader that starts up
computers with the Linux kernel.
• mkisofs: creates an ISO9660 file system image.
• implantisomd5: implants an MD5 checksum in an ISO9660
image.
C-2
Creating a Bootable USB Thumb Drive
Important
You cannot create a bootable thumb drive on a version 9.6.x VIPRION
system. You must use a version 10.x VIPRION system.
5. To start the mkdisk script from that directory, run the command:
./mkdisk
Once the process completes, you can use the thumb drive to boot to the
Maintenance OS (MOS) of the target device.
Important
Before you boot to the MOS, make sure you have console access to the
system, either through a console server or directly through the serial
connection. Once you boot into the MOS, you lose connection with the
system.
Note
C-4
D
Monitoring the BIG-IP System
Important
To run the dashboard, the computer on which you are working must have
Adobe® Flash Player (version 9 or later) installed on it.
This chapter describes how to display the dashboard screens. The dashboard
includes online help for information about how to interpret the statistics on
each of the panels that appear on the screens. Click the ? in the upper right
corner of any panel to display the online help.
D-2
Monitoring the BIG-IP System
By clicking the grid icon in the upper left corner, you can display more
details in a table format. Figure D.3 shows the CPU panel, table view.
In the table view, you can see that one of the CPUs, cpu1, is doing most of
the work.
The Breakdown chart in the figure shows that of the 4.1 GB of memory
allocated on this BIG-IP system, processes other than TMM are using most
of the memory. The Usage % chart shows that memory usage over the last
five minutes has been steady at about 77%.
D-4
Monitoring the BIG-IP System
D-6
Glossary
Glossary
active unit
In a redundant system, the active unit is the system that currently load
balances connections. If the active unit in the redundant system fails, the
standby unit assumes control and begins to load balance connections. See
also redundant system configuration.
administrative partition
An administrative partition is a logical container that you create, containing
a defined set of BIG-IP system objects. You use administrative partitions to
control user access to the BIG-IP system. See also user role.
archive
An archive is a backup copy of the BIG-IP system configuration data. This
archive is in the form of a user configuration set, or UCS. See also user
configuration set (UCS).
configuration synchronization
Configuration synchronization, or ConfigSync, is the task of duplicating a
BIG-IP system’s configuration data onto its peer unit in a redundant system.
Configuration utility
The Configuration utility is the browser-based application that you use to
configure the BIG-IP system.
connection mirroring
Connection mirroring is a feature that causes all connections coming
through the active unit of a redundant system to be replicated on the standby
unit. This prevents any interruption in service when failover occurs.
default route
A default route is the route that the system uses when no other route
specified in the routing table matches the destination address or network of
the packet to be routed.
default VLAN
The BIG-IP system is configured with two default VLANs, one for each
interface. One default VLAN is named internal and one is named external.
See also VLAN (virtual local area network).
disk partition
A disk partition is a portion of a hard drive that contains a version of the
software and a system configuration. A system drive may be formatted as a
partition or a volume. See also volume.
domain name
A domain name is a unique name that is associated with one or more IP
addresses. Domain names are used in URLs to identify particular Web
pages. For example, in the URL http://www.siterequest.com/index.html,
the domain name is siterequest.com.
external VLAN
The external VLAN is a default VLAN on the BIG-IP system. In a basic
configuration, this VLAN has the administration ports locked down. In a
normal configuration, this is typically a VLAN on which external clients
request connections to internal servers.
failover
Failover is the process whereby a standby unit in a redundant system takes
over when a software failure or a hardware failure is detected on the active
unit. See also redundant system configuration.
gateway
A gateway provides communication between two networks, through
software, hardware, or a combination of software and hardware.
interface
A physical port on a BIG-IP system is called an interface.
internal VLAN
The internal VLAN is a default VLAN on the BIG-IP system. In a basic
configuration, this VLAN has the administration ports open. In a normal
configuration, this is a network interface that handles connections from
internal servers.
Glossary - 2
Glossary
management interface
The management interface is a special port on the BIG-IP system, used for
managing administrative traffic. Named MGMT, the management interface
does not forward user application traffic, such as traffic slated for load
balancing.
management route
A management route is a route that forwards traffic through the special
management (MGMT) interface.
monitor
The BIG-IP system uses monitors to determine whether nodes are up or
down. There are several different types of monitors and they use various
methods to determine the status of a server or service. See also node
address, pool.
name resolution
Name resolution is the process by which a name server matches a domain
name request to an IP address, and sends the information to the client
requesting the resolution.
node address
A node address is the IP address associated with one or more nodes. This IP
address can be the real IP address of a network server, or it can be an alias IP
address on a network server. See also monitor.
partition
See administrative partition or disk partition.
pool
A pool is composed of a group of network devices (called members). The
BIG-IP system load balances requests to the nodes within a pool based on
the load balancing method and persistence method you choose when you
create the pool or edit its properties.
port
A port can be represented by a number that is associated with a specific
service supported by a host.
profile
A profile is a configuration tool containing settings for defining the behavior
of network traffic. The BIG-IP system contains profiles for managing
Fast L4, HTTP, FTP, UDP, and SSL traffic, as well as for implementing
session persistence, server-side connection pooling, and remote application
authentication.
provisioning
Provisioning is the process of assigning CPU, memory, and disk space to
licensed software modules. Provisioning and licensing work together to
make sure that software modules are accessible and appropriately provided
with CPU cycles, system memory, and disk space.
roll forward
Roll forward is a function of the installation process that preserves the
existing configuration. When you install the software or upgrade, the system
uses the previously archived user configuration set (UCS) file in the
/var/local/ucs directory on the source installation location to update the
configuration on the installation destination.
self IP address
Self IP addresses are the IP addresses owned by the BIG-IP system that you
use to access devices in VLANs. You assign self IP addresses to VLANs.
service
Service refers to services such as TCP and HTTP.
Setup utility
The Setup utility walks you through the initial system configuration process.
You can run the Setup utility from the Configuration utility start page. See
also Configuration utility.
SSH
SSH is a protocol for secure remote logon and other secure network services
over a non-secure network.
Glossary - 4
Glossary
standby unit
A standby unit in a redundant system is a unit that is always prepared to
become the active unit if the active unit fails. See also redundant system
configuration.
user role
A user role is a type and level of access that you assign to a BIG-IP system
user account. By assigning user roles, you can control the extent to which
BIG-IP system administrators can view or modify the BIG-IP system
configuration. See also administrative partition.
virtual address
A virtual address is an IP address associated with one or more virtual servers
managed by the BIG-IP system. See also virtual server.
virtual server
Virtual servers are a specific combination of virtual address and virtual port,
associated with a content site that is managed by a BIG-IP system or other
type of host server.
volume
A volume is a portion of a hard drive that contains a version of the software
and a system configuration. A system drive may be formatted as volumes or
partitions. See also disk partition and logical volume management (LVM).
Glossary - 6
Index
Index
described 1-3
10.x software installation 3-4 configuration upgrade 2-12
10.x volumes 2-6 Configuration utility
9.3.x or 9.4.x software accessing 2-8
installing with version 10.x A-2 described 1-3
9.6.x or earlier 10.x version upgrade 3-1 licensing at initial setup 1-4
9.x partitions 2-6 reviewing browser support 1-4
using 1-2
connections statistics D-4
A console configuration 2-4
About tab 1-4 conventions, stylistic 1-5
active volume, setting 2-8 cpcfg utility 2-12
additional information 1-7 CPU panel, Performance Overview screen D-3
add-on registration key 2-8 CPU statistics, viewing D-3
address range, setting for SSH access 4-6
admin account
configuring 4-6 D
described 4-3 dashboard
using default 2-5 described D-1
after installation reboot viewing system information D-2
upgrading from version 9.3.x or 9.4.x A-7 default admin password 2-5
upgrading in version 10.x 3-5 default network configuration 2-5
archive file 2-10 default root password 2-5
defined 2-11
difference in SCF and UCS 2-11
B disaster recovery A-2, B-1, C-1
b software commands 3-2 disk format types B-2
base registration key 2-8 disk formatting 2-6
basic configuration setup 4-2 disk space and memory allocation 4-8
basic installation, defined 2-2 diskinit commands B-3
basic management settings screen in Setup utility 4-3 diskinit utility
basic setup instructions 1-7 described B-1
BIG-IP system information, viewing in dashboard D-2 recovering the system B-1
bigpipe utility using B-2
described 1-4 documentation, finding additional 1-7
using to export configuration 2-11 downloads 3-3, A-4
using to import configuration 2-11
bootable thumb drive C-1, C-2
E
existing configuration 2-10
C
cable, null modem 2-4
check date in license 2-8 F
clients failover and installation 2-13
using for SSH access 1-4 fully qualified domain name 4-4
using for Telnet access 1-4
command line installation 3-2 G
command line utilities 1-4
gauge
command syntax, conventions 1-6
viewing BIG-IP system statistics D-2
commands to create SCF 2-11
viewing Busiest CPU D-3
compression throughput D-5
viewing Memory Usage D-4
configuration archive 2-10
gauges, in Dashboard D-1
configuration file 2-11
guides, finding additional 1-7
configuration options screen in Setup utility 4-6
configuration roll-forward 2-10
configuration tool H
choosing 1-2 hardware setup instructions 1-7
L P
LCD panel partitions
defined 2-2 deciding on A-5
using to add management IP address 2-2 recovering system B-2
using to set management IP address 2-3 password
license using default admin 2-5
activating 2-8 using default root 2-5
installing new 2-8 Performance Overview screen D-2
license check date 2-8 preliminary version 9.3.x or 9.4.x to 10.x tasks A-3
LVM disk format scheme 2-6 prerequisites for installation 2-2
printed setup instructions 1-7
process for installation 2-2
M product documentation, finding additional 1-7
Main tab 1-4 product modules 1-1
Maintenance Operating System B-2 provision tasks 4-8
management interface
defined 2-4
Index - 2
Index
upgrade process
using for one-time upgrade from 9.3.x or 9.4.x A-3
using for SCF or UCS 2-12
using for version 10.x 3-1
using from pre-9.3.x version upgrade 3-2
using from version 9.3.x or 9.4.x A-3, A-4, B-1
using from version 9.6.x or earlier 10.x 3-1
using from versions earlier than 9.3.x 3-2
USB thumb drive. See bootable thumb drive.
user configuration set. See UCS.
utilities
using command line configuration 1-4
using cpcfg 2-12
using diskinit B-2
using for advanced network configuration 4-6
using for basic network configuration 4-6
using image2disk A-4, B-1
using mkdisk C-3
using Setup 4-2
V
valid license 2-8
version upgrade
using from pre-9.3.x versions 3-2
using from version 9.3.x or 9.4.x A-3
using from version 9.6.x or earlier 10.x 3-1
volumes
creating and deleting 2-7
deciding on drive formatting A-5
defined 2-6
recovering system B-2
working with 2-6
W
Windows IP requirement 2-5
Index - 4