Link to Online Topic Content
Creating a vCMP guest
To create a vCMP guest, you need a VIPRION chassis system configured with a floating cluster management IP address, some base network objects such as trunks and VLANs, and you must license and provision the system to run the vCMP feature.
A guest can run on one available slot or all available slots of a chassis.
This illustration shows three guests running on a BIG-IP system. Guest 1 runs on a single slot only. Guest 2 and Guest 3 each run on all available slots.
You create a vCMP guest when you want to configure and run one or more BIG-IP modules as though the modules were running together on their own BIG-IP device. For example, you can create a guest that runs BIG-IP Local Traffic Manager and BIG-IP Global Traffic Manager.
Note: This procedure creates a guest in Bridged mode.
Note: When creating a guest, if you see an error message such as “Insufficient disk space on /shared/vmdisks. Need 24354M additional space.”, you must delete existing unattached virtual disks until you have freed up that amount of disk space.
1. Use a browser to log in to the VIPRION chassis's management IP address. This logs you in to the floating IP address for the cluster.
2. On the Main tab, click vCMP > Guest List.
3. Click Create.
4. From the Properties list, select Advanced.
5. In the Name field, type a name for the guest.
6. In the Host Name field, type the host name of the BIG-IP system. Assign a fully-qualified domain name (FQDN). If you assign a name that is not an FQDN, the system might display an error message. If you leave this field blank, the system assigns the name localhost.localdomain.
7. From the Number of Slots list, select either Single Slot or All Slots. This causes the guest to reside on one slot or to span all slots. Note that once you configure a guest to span all slots, you cannot change this value later to Single Slot, unless you first change the state of the guest to Configured. Also note that if you decide to reconfigure an all slot guest to a single slot guest, you cannot specify on which available single slot the guest will reside.
8. From the Management Network list, select Bridged.
9. For the Cluster IP Address setting, fill in the required information:
10. In the IP Address field, type a unique management IP address that you want to assign to the guest. You use this IP address to access the guest when you want to manage a module running within the guest.
11. In the Network Mask field, type the network mask for the cluster IP address.
12. In the Management Route field, type a gateway address for the cluster IP address.
13. From the Initial Image list, select an ISO image file for installing TMOS software and the BIG-IP license onto the guest's virtual disk. The license associated with the selected image provides access to the correct BIG-IP modules.
14. In the Virtual Disk list, retain the default value of None. The BIG-IP system creates a virtual disk with a default name (the guest name plus the string .img, such as guestA.img). Note that if an unattached virtual disk file with that default name already exists, the system displays a message, and you must manually attach the virtual disk. You can do this using the tmsh command line interface, or use the Configuration utility to view and select from a list of available
unattached virtual disks.
15. For the VLAN List setting, select both an internal and an external VLAN name from the Available list, and use the Move button to move the VLAN names to the Selected list.
16. From the Requested State list, select Provisioned. This allocates all necessary resources to the guest, such as CPU cores, virtual disk, and so on.
17. Click Finish.
After clicking Finished, wait while the system installs the selected ISO image onto the guest's virtual disk. When this process is complete, you can deploy the guest.
Note: You can also skip the Provisioned state and instead go straight to the Deployed state if you are confident of your guest configuration. Provisioning first and then deploying makes it more straightforward to make changes to the slots to which your guests are allocated if you find you need to make changes.
Setting a vCMP guest to the Deployed state
Until you deploy a vCMP guest, your vCMP VIPRION has no medium for provisioning and running the BIG-IP modules that you can use to process traffic.
1. Ensure that you are still logged in to the vCMP host using the BIG-IP system's cluster IP address.
2. On the Main tab, click vCMP > Guest List.
3. In the Name column, click the name of the vCMP guest that you want to deploy.
4. From the Requested State list, select either Provisioned or Deployed.
5. Click Update.
After moving a vCMP guest to the Deployed state, wait while the guest boots and becomes accessible. Then, you can log into the vCMP guest to provision specific BIG-IP modules.
Provisioning a BIG-IP module within a guest
Before you can access a guest to provision BIG-IP modules, the vCMP guest must be in the Deployed state.
You determine which BIG-IP modules run within a guest by provisioning the modules.
For example, if you want guestA to run LTM and GTM, log into guestA and provision it with LTM and GTM. If you want guestB to run LTM and ASM, log into guestB and
licenses of the vCMP host on which they were created, so any BIG-IP modules that you want to provision on a guest must be included in the license you installed with the vCMP host.
Note: This procedure applies to guests in Bridged mode only. Guests in isolated mode can be accessed only using vconsole and tmsh.
1. Use a browser and the management IP address that you configured for the guest to log in to the guest. If the system prompts you to run the Setup Utility, do not.
Instead, complete this task to produce an initial configuration better suited for a vCMP guest. The BIG-IP Configuration utility opens so that you can configure the guest.
2. On the Main tab, click System > Resource Provisioning.
3. In the Resource Provisioning (Licensed Modules) area, from the Local Traffic (LTM) list, select Minimal, Nominal, or Dedicated, depending on your needs.
4. Click Update.
After provisioning the module from within the guest, create self IP addresses and assign a vCMP host VLAN to each one. The vCMP host VLANs that you assign to these self IP addresses are the VLANs you created before creating the guest.
Creating self IP addresses for VLANs
You need at least one VLAN or VLAN group configured before you create a self IP address.
Self IP addresses enable the BIG-IP system, and other devices on the network, to route application traffic through the associated VLAN or VLAN group. Repeat the steps in this task for each VLAN.
1. On the Main tab, click Network > Self IPs. The Self IPs screen opens.
2. Click Create. The New Self IP screen opens.
3. In the Name field, type a unique name that readily identifies the VLAN to which it will associate for the self IP. Name the self IP for the internal VLAN Internal, name the external VLAN External, and name the HA VLAN HA.
4. In the IP Address field, type an IP address. This IP address must be within the address space that corresponds to the VLAN for which it is created (Internal, External or HA). The system accepts IP addresses in both the IPv4 and IPv6 formats.
5. In the Netmask field, type the network mask for the specified IP address.
6. From the VLAN/Tunnel list, select the VLAN to associate with this self IP address:
For the internal network, select the VLAN that is associated with an internal interface or trunk.
For the external network, select the VLAN that is associated with an external interface or trunk.
For the HA network, select the VLAN that is associated with an internal interface or trunk.
7. From the Port Lockdown list, select Allow Default.
8. Repeat the last 4 steps, but this time specify an address from your external network in step 4 and select the VLAN named external in step 6.
9. Repeat steps 3 through 7 one more time, but this time specify an address on your internal network in step 4 and select the VLAN named HA in step 6.
10. Click Finished. The screen refreshes, and displays the new self IP address in the list.
The BIG-IP system can send and receive traffic through the specified VLAN or VLAN group.
Overview: Verifying initial vCMP configuration
Verifying your vCMP configuration confirms that the setup performed up to this point is functioning properly. Once you establish that the vCMP configuration is correct, you will likely need to create a profile, pools, and virtual server that are tailored to your network topology before your guest can begin processing LTM traffic.
2.11 - Explain how resources are assigned to vCMP guests (e.g., SSL, memory, CPU, disk)
Link to Online Topic Content
The vCMP host (hypervisor) allocates hardware resources to each BIG-IP vCMP guest instance.
As you create the vCMP Guest you define the number of slots, which inherently defines the CPU and memory of the guest. You also define the size of the virtual disk. On systems that include SSL and compression hardware processors, the vCMP feature shares these hardware resources among all guests on the system.
About CPU allocation
The following table lists the possible combinations of vCPU and memory allocation for a vCMP guest on various platforms:
Platfor
For single-slot guests, when the system allocates CPU cores to a guest, the system determines the best slot for the guest to run on. The system selects the slot with the most unallocated CPU cores. For all-slot guests, the system allocates CPU cores from every available slot.
GUEST
TYPE CPU CORE ALLOCATION
Single slot The system allocates one or more CPU cores to the guest.
All slot The system allocates two CPU cores from each available slot. For example, if three slots are available, the system allocates two CPU cores
from each slot, totaling six CPU cores for that guest. The maximum number of CPU cores that the system can allocate to a guest is eight.
The number of CPU cores that the BIG-IP system assigns to each guest depends on whether you configure the guest to run on a single slot or on all available slots of the system:
The BIG-IP system uses a sequential pattern to determine the chassis slot and CPU cores to which single-slot guests deploy. You control to which slot your guest migrates by knowing this pattern and making sure that the slot to which you want the guest to deploy is the next open resource. You open a slot by disabling its guests; you fill a slot by deploying a temporary guest as placeholder. The table lists the order in which cores and slots are allocated to deploying guests.
SLOT
Slot 1 Fills first Fills fifth Fills ninth Fills thirteenth Slot 2 Fills second Fills sixth Fills tenth Fills fourteenth Slot 3 Fills third Fills seventh Fills eleventh Fills fifteenth Slot 4 Fills fourth Fills eighth Fills twelfth Fills sixteenth
About physical memory allocation
The BIG-IP system allocates a portion of the total system memory to each guest.
About virtual disks allocation
A virtual disk is a portion of the total disk space on the BIG-IP system that the system allocates to a vCMP guest. The system allocates one virtual disk to each slot on which the guest resides. Although each virtual disk for a guest has a fixed, maximum size limit, the actual size of a virtual disk is the amount of space that the guest actually uses on that slot.
The maximum size limit for a guest is 100GB, and the typical footprint of a new guest (when viewed from the host) is around 5GB.
You cannot explicitly create virtual disks; instead, the BIG-IP system creates virtual disks whenever you set the state of a guest to Provisioned and the guest does not already have an attached virtual disk.
About hardware processors allocation
On systems that include SSL and compression hardware processors, the vCMP feature shares these hardware resources among all guests on the system.