Professional Documents
Culture Documents
Amazon Web Services - Single NIC BIG-IP VE
Amazon Web Services - Single NIC BIG-IP VE
Amazon Web Services - Single NIC BIG-IP VE
CloudDocs Home (/) > BIG-IP Virtual Edition (../index.html) > Amazon Web Services: Single NIC BIG-IP VE
Version notice:
This content applies to BIG-IP VE 11.5.1 and later
The following diagram shows a basic single NIC deployment of BIG-IP VE in an Amazon Virtual
Private Cloud (VPC). Traffic is flowing through BIG-IP VE to application servers. The BIG-IP virtual
server is listening for traffic destined for port 443 . Port 8443 is for management traffic.
Note: Alternately, you can use CloudFormation templates to create this deployment. For more
information about CloudFormation templates provided by F5, go to https://github.com/F5Networks
(https://github.com/F5Networks).
In this configuration, all access to the BIG-IP VE appliance is through the same IP address and
virtual network interface (vNIC). This single NIC deployment has the following benefits:
BIG-IP VE creates networking objects (vNIC 1.0, an internal VLAN, and an internal self IP
address).
In BIG-IP VE 13.0 and later, BIG-IP VE sets the Configuration utility port to 8443 (instead of 443 ).
If you do not need a separate management network, this configuration is less complex than
other configurations.
https://clouddocs.f5.com/cloud/public/v1/aws/AWS_singleNIC.html 1/12
18/11/2021 20:43 Amazon Web Services: Single NIC BIG-IP VE
Step summary¶
This is a specific example, which you can use to test a single NIC deployment. When done, you
should be able to send traffic to your application servers through BIG-IP VE.
Interface: eth0
https://clouddocs.f5.com/cloud/public/v1/aws/AWS_singleNIC.html 2/12
18/11/2021 20:43 Amazon Web Services: Single NIC BIG-IP VE
5 Set an admin Before you can license and provision BIG-IP VE, use SSH and your key
password for pair to connect to the instance and set a strong password.
BIG-IP VE
In tmsh, type modify auth password admin
6 License BIG- Use the admin account to log in to the BIG-IP Configuration utility
IP VE ( https://<ElasticIP:8443> ). If you have trouble accessing the
Configuration utility, check the AWS security groups to ensure that
they allow the appropriate traffic.
Step details¶
A BIG-IP VE instance must be in an Amazon virtual private cloud (VPC). You can use a wizard to
create a basic VPC.
1. In the AWS Management Console, at the top of the screen expand the Services menu, scroll
down to Networking & Content Delivery section, select VPC.
https://clouddocs.f5.com/cloud/public/v1/aws/AWS_singleNIC.html 3/12
18/11/2021 20:43 Amazon Web Services: Single NIC BIG-IP VE
2. Click Launch VPC Wizard -> VPC with a Single Public Subnet, and then click Select.
IPv4: 10.0.0.0/24
To create an EC2 instance of BIG-IP VE in AWS, you deploy a BIG-IP VE image from the Amazon
Web Services (AWS) Marketplace.
2. In the Search AWS Marketplace field, type F5 BIG-IP and then click GO.
3. Click the version you want to deploy and then click Continue.
If you expect to upgrade BIG-IP VE in the future, choose an image with 2 boot locations. If
you do not need room to upgrade (if you intend to create a new instance when a new
version of BIG-IP VE is released), choose an image with 1 boot location.
4. Select the region where you created your VPC, click Launch with EC2 Console.
7. From the Network list, select your VPC. The Subnet field is automatically populated.
10. In the Value field, type a name for the instance and click Next: Configure Security Group.
Three rules are in the list. 22 is for SSH access, 8443 for BIG-IP management access, and 443 for
application traffic.
https://clouddocs.f5.com/cloud/public/v1/aws/AWS_singleNIC.html 4/12
18/11/2021 20:43 Amazon Web Services: Single NIC BIG-IP VE
For Source, if you select My IP, you can access the BIG-IP VE instance from your computer only.
You can change the source as needed for your environment. For more information about
securing instances in AWS, see this topic
(https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf).
13. Select your key pair, accept the acknowledgment, and click Launch Instances.
When the status in the Status Checks column changes from Initializing to 2/2 checks passed, the
instance is ready.
Important: Prior to BIG-IP VE 13.1.0.1, if you chose an hourly instance, you must associate an AWS
Elastic IP address with the instance while it is launching, so that the instance can register the
license with F5. If the instance lacks internet access when it first boots, you must reboot the
instance so it can connect to F5 for licensing.
A BIG-IP VE instance must be in an Amazon virtual private cloud (VPC). You can use a wizard to
create a basic VPC.
You use the BIG-IP Configuration utility to configure the BIG-IP VE instance. To access the
Configuration utility from the Internet, you use an Elastic IP (EIP) address associated with the BIG-IP
VE instance. You will use this same EIP to access your application servers. Hourly instances of BIG-
IP VE prior to version 13.1.0.2 also use the EIP for internet access so they can get a license from F5.
Note: EIPs are accessible to the Internet. Because of this, later you will set a strong password for
the BIG-IP VE admin account, which you use to log in to the Configuration utility.
1. From the Services menu at the top of the AWS Management Console, select EC2.
2. In the Navigation pane, under NETWORK & SECURITY, select Elastic IPs.
5. Right-click the newly created EIP and select Associate address from the popup menu screen.
6. Select the BIG-IP VE instance and the management subnet’s private IP address, 10.0.0.200 .
https://clouddocs.f5.com/cloud/public/v1/aws/AWS_singleNIC.html 5/12
18/11/2021 20:43 Amazon Web Services: Single NIC BIG-IP VE
7. Click Associate.
The first time you boot BIG-IP VE, you must connect to the instance and create a strong admin
password. You will use the admin account and password to access the BIG-IP Configuration utility.
This management interface may be accessible to the Internet, so ensure the password is secure.
At the command prompt, navigate to the folder where you saved your ssh key and type:
ssh -i <private_key_file.pem> admin@<bigip_public_ip_address>
If you prefer, you can open PuTTy and in the Host Name (or IP address) field, enter the
external IP address, for example:
In the Category pane on the left, click Connection -> SSH -> Auth.
In the Private key file for authentication field, choose your .ppk file.
Click Open.
If a host key warning appears, click OK.
The terminal screen displays: login as: .
https://clouddocs.f5.com/cloud/public/v1/aws/AWS_singleNIC.html 6/12
18/11/2021 20:43 Amazon Web Services: Single NIC BIG-IP VE
tmsh
confirm password
6. Ensure that the system retains the password change and press Enter.
You must enter license information before you can use BIG-IP VE.
Version notice:
Prior to BIG-IP VE 13.0, the port is 443, not 8443
1. Open a web browser and log in to the BIG-IP Configuration utility by using https with the
external IP address and port 8443 , for example: https://<external-ip-address>:8443 . The
username is admin and the password is the one you set previously.
https://clouddocs.f5.com/cloud/public/v1/aws/AWS_singleNIC.html 7/12
18/11/2021 20:43 Amazon Web Services: Single NIC BIG-IP VE
4. In the Base Registration key field, enter the case-sensitive registration key from F5.
For Activation Method, if you have a production or Eval license, choose Automatic and click
Next.
1. In the Step 1: Dossier field, copy all of the text and then click Click here to access F5
Licensing Server.
3. In the Enter your dossier field, paste the text and click Next.
5. On the Activate F5 Product page, copy the license text in the box. Now go back to the BIG-
IP Configuration utility and paste the text into the Step 3: License field.
6. Click Next.
https://clouddocs.f5.com/cloud/public/v1/aws/AWS_singleNIC.html 8/12
18/11/2021 20:43 Amazon Web Services: Single NIC BIG-IP VE
The BIG-IP VE system registers the license and logs you out. When the configuration change is
successful, click Continue to provision BIG-IP VE.
You must confirm the modules you want to run before you can begin to work in the BIG-IP
Configuration utility.
2. On the Resource Provisioning screen, change settings if necessary and click Next.
4. On the Platform screen, in the Admin Account field, re-enter the password for the admin
account and click Next.
5. When you log back in, on the Setup Utility -> Network screen, in the Advanced Network
Configuration area, click Finished.
Version notice:
https://clouddocs.f5.com/cloud/public/v1/aws/AWS_singleNIC.html 9/12
18/11/2021 20:43 Amazon Web Services: Single NIC BIG-IP VE
The BIG-IP Configuration utility uses port 443 by default. Change the port to 8443 so you can use
443 for application traffic.
1. Use a secure shell terminal (SSH), like PuTTy, to access the instance; use the key pair you
specified when you deployed the instance.
7. Now that the Configuration utility is no longer using port 443, remove the reference to it.
tcp:pcsync-https is for 8443 and should be in the list. tcp:https is for 443 and should not be in
the list.
https://clouddocs.f5.com/cloud/public/v1/aws/AWS_singleNIC.html 10/12
18/11/2021 20:43 Amazon Web Services: Single NIC BIG-IP VE
11. Open a web browser and go to the BIG-IP Configuration utility by using port 8443 , for example:
https://<public-ip-address>:8443 .
Traffic goes through BIG-IP VE to a pool. Your application servers should be members of this pool.
1. Open a web browser and go to the BIG-IP Configuration utility, for example: https://<external-
ip-address>:8443 .
3. Click Create.
4. In the Name field, type web_pool . Names must begin with a letter, be fewer than 63 characters,
and can contain only letters, numbers, and the underscore (_) character.
5. For Health Monitors, move https from the Available to the Active list.
7. In the New Members section, in the Address field, type the IP address of the application server.
8. In the Service Port field, type a service port, for example, 443 .
9. Click Add.
A virtual server listens for packets destined for the external IP address. You must create a virtual
server that points to the pool you created.
1. In the BIG-IP Configuration utility, on the Main tab, click Local Traffic -> Virtual Servers.
Field Value
Name A unique name
Destination Address/Mask BIG-IP VE’s private IP
address
Service Port 443
Field Value
Source Address Translation Auto Map
Default Pool web_pool
Note: These settings are for demonstration only. For details about securing a web application
with SSL, see the product documentation at askf5.com (http://askf5.com).
3. Click Finished.
Traffic to the BIG-IP VE external IP address will now go to the pool members. To test in a browser,
type: https://<external-IP-address> .
You can implement failover in public clouds using the F5 Cloud Failover Extension
(https://clouddocs.f5.com/products/extensions/f5-cloud-failover/latest/userguide/overview.html) (for
example, Cloud Failover for AWS (https://clouddocs.f5.com/products/extensions/f5-cloud-
failover/latest/userguide/aws.html)). Failover (https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-
device-service-clustering-administration-14-1-0/managing-failover.html) is also supported for single
NIC VE instances at the BIG-IP network configuration level, using:
Other settings used for failover include, Traffic Groups, primarily used in multi-NIC
(../aws_index.html#aws-index-multinic) and HA configurations
(https://clouddocs.f5.com/cloud/public/v1/aws/AWS_ha.html#create-static-self-ip-addresses-for-the-
ha-vlans); therefore, for the virtual IPs, be sure set to Traffic Group to None (see CFE FAQs
(https://clouddocs.f5.com/products/extensions/f5-cloud-failover/latest/userguide/faq.html#is-active-
active-supported) for details).
Failover works in generic hypervisors, where L2 is supported (such as, VMware ESXi). For
information about other failover options, consult the F5 Cloud Failover Extension (CFE)
(https://clouddocs.f5.com/products/extensions/f5-cloud-failover/latest/) documentation. See also
the CFE FAQs (https://clouddocs.f5.com/products/extensions/f5-cloud-
failover/latest/userguide/faq.html#faq-tg-none).
https://clouddocs.f5.com/cloud/public/v1/aws/AWS_singleNIC.html 12/12