From the blog.

Managing Digital Racket
The more I tune out, the less I miss it. But that has presented me with some complex choices for a nuanced approach to curb
Complexity – My Friend, My Enemy
Over my years of network engineering, I've learned that the fewer features you can implement while still achieving a business goal, the better. Why? Fewer

How To Obtain & Install F5 BIG-IP VE Lab Edition

981 Words. Plan about 6 minute(s) to read this.

Eric Flores, community blogger at Packet Pushers, posted this gem about F5 dropping the price of the F5 BIG-IP Virtual Edition for lab license down to $95. In my opinion, F5 is the market leader in load-balancing appliances – what they call “application delivery controllers”. I’ve used F5 gear for many years now, and have a visceral attachment to the platform. F5 has been in the middle of some of my most frustrating moments in networking, as well as some of my highest high points, like the time I solved an otherwise inscrutable application issue with a simple iRule.

F5’s long-term relevance in the coming SDN world remains to be seen, but certainly they’ve gone to a lot of trouble to make their codebase API-accessible. I believe as long as F5 moves with the market, their intellectual property will be with the networking industry for a long time to come. The only question is in what form. That said, if F5 can only manage to package what they do in the form of ADC’s…well…I doubt that will work out. Eventually, appliances will not be flexible enough of a delivery mechanism except in rare circumstances. But that’s the future, which isn’t exactly tomorrow.

Back to the lab edition of BIG-IP VE. $95 is not free, but that’s pricing I can handle – and so can most organizations. So, I bought a license, installed a VE, and applied the key. Done – working F5 BIG-IP right here on my Mac. Here’s some more details on how to get this done.

  1. Order a license. This is not a download or software. All you’re ordering is a license key. I used the link Eric provided to CDW to order F5-BIG-VE-LAB. The CDW process was as straightforward as most online store ordering is. CDW does not send you the license key. F5 will send you that via a separate e-mail sometime later, meaning you have to use a real e-mail address to obtain the license. You cannot pick up the license key from the CDW site from what I saw. I had my key from F5 in less than 24 hours.
  2. Register for an F5 account & login. You do not have to have purchased anything from F5 to register an account. Go to https://downloads.f5.com and follow the “register for an account” link.
  3. Download the BIG-IP VE. For this, login to https://downloads.f5.com, click “Find a Download”, and look for the BIG-IP product family links. If you’ve never downloaded from F5 before, be aware that there’s several families of F5 products and code versions, so be watchful as you click around. Note that some of the links are for building F5 physical appliances (like ISO images), and others are hotfixes used to patch existing installations. Read the descriptions and pay attention; don’t just click on the first thing in the list. I clicked through “BIG-IP v11.x / Virtual Edition”, and then the “Virtual Edition” link at the bottom of that list. Accept the agreement (assuming you are willing), and then choose your ZIP or OVA. I chose BIGIP-11.4.1.608.0-scsi.ova, as I’m using VMware.
  4. Fire up the OVA. If you’re on ESXi, there’s not much to think about here. I am not using ESXi, as I did this on my personal Mac. (And I’m not running ESXi in a VM, which I’ve been told you can do.) I’m am using VMware Fusion 5. (Oh, and no, I haven’t upgraded to Fusion 6 yet; too many of my friends have had problems with that upgrade, so I’m waiting before spending the money.) Fusion 5 opened the F5 OVA with no problems, and mapped the MGMT (eth0) interface to the bridged NIC. The F5 MGMT interface obtained a DHCP- assigned IP from my local network. Note – I tried to open this OVA with VirtualBox 4.3.4, but it failed quickly. I didn’t fiddle with the OVA or research to see if it was possible with VirtualBox, because I have Fusion. If you have some luck with VirtualBox, please comment. There’s an interesting thought of plumbing an BIG-IP VE Lab into a GNS3 topology.
  5. License the BIG-IP. I logged into the F5 CLI using username root and password default (which have been the F5 CLI defaults for as long as I can remember), and executed an ifconfig. That showed the IP address that eth0 had been assigned. I hopped over to a browser and opened up an HTTPS connection to that IP address, logging in with user admin and password admin (which have been the F5 GUI defaults for as long as I can remember). You’re prompted to activate the license. Using the license key F5 e-mailed you, go ahead and do this. It’s fairly self-explanatory; if you have Internet connectivity from the F5, it will take care of contacting the licensing server, obtaining the dossier, etc. All you have to do is feed in the key. But if you need more information about F5 licensing, read this.

That’s it. Once the BIG-IP license is installed, you’re ready to begin working with the platform. You’ll want to think about network plumbing perhaps, especially if you’ve loaded it onto a hypervisor where you’ve got a choice of NICs, etc. But those are the basics. Even with a single interface, there’s *plenty* you can do.

Update. Twitter asked what modules are available. You get a license for almost everything. By default, only the Local Traffic Manager (LTM) module is assigned resources. If you want to work with other modules too, you need to go into System > Resource Provisioning, and assign resources to them.

LICENSED

  • Advanced Firewall (AFM)
  • Application Acceleration Manager (AAM)
  • Application Security (ASM)
  • Application Visibility and Reporting (AVR)
  • Global Traffic (GTM)
  • Local Traffic (LTM)
  • Protocol Security (PSM)

LIMITED MODE AVAILABLE WITHOUT A LICENSE

  • Access Policy (APM)

UNLICENSED

  • Carrier Grade NAT (CGNAT)
  • Link Controller (LC)
  • Policy Enforcement (PEM)