PSC HA 6.5: 2a-Prepare an F5 Load Balancer

 

The following section explains how to configure an F5 BIG-IP Load Balancer for use with PSC 6.5 HA.

Note: This guide was written using F5 BIG-IP 12.1. Some settings may vary in older or new versions.

This configuration guide uses the following Network Information as examples.

First PSC Node (psc-ha-a1.domain.com, 192.168.2.101)
Additional PSC Node (psc-ha-a2.domain.com, 192.168.2.102)
PSC Virtual IP (psc-ha-vip.domain.com, 192.168.2.99)
F5 BIG-IP Self IP (192.168.2.98)

Log into the F5 BIG-IP Web Interface at https://

Username: admin
Password: default

Obtaining a trial License for F5 BIG-IP

  1. Create an account on f5.com
  2. Navigate to https://secure.f5.com/partnervekeys/modules.jsp and log in
  3. Select Eval Key Duration 45 Days
  4. F5 Eval Key Generator SKU: F5-BIG-LTM-VE-1G-LIC
  5. Select Next
  6. Select Next
  7. An email will be sent with the Evaluation License Key

Licensing F5 BIG-IP

  1. Log into the Web Interface of the F5 BIG-IP
  2. Navigate to License > Activate
  3. In Base Registration Key enter in your License Key
  4. As Activation Method select Manual
  5. Click Next
  6. Copy the contents of Dossier to your clip-board
  7. Open the link Click here to access F5 Licensing Server in a new Browser Window/Tab
  8. Paste the copied contents into the text box
  9. Click Next
  10. Agree to the terms of license and Click Next
  11. Copy the contents of the text box to your clip-board
  12. Paste the contents into the License Text Box back on the F5 Licensing Setup
  13. Click Next
  14. Click Continue once the license is applied

1. Configure the F5 VLAN

1-configure-the-f5-vlan

Create a VLAN.

  1. Navigate to Network > VLAN > VLAN List > New VLAN (Create).
  2. Provide a Name
  3. Under Resource > Interfaces, move Interface 1.1 to Untagged using the Add button.
  4. Click Finished.

2. Configure the Interfaces

2-configure-the-interfaces

Configure the Interface List.

  1. Navigate to Network > Interfaces > Interface List.
  2. Select 1.2 and 1.3
  3. Click Disable.

Note: In this guide, we are only using one Interface. You may require more than one active Interface.

3. Configure a Self-IP

3-configure-a-self-ip

Configure the Self-IP.

  1. Navigate to Network > Self-IP > New Self-IP.
  2. Provide a Name
  3. Enter the IP Address and Netmask for the Self-IP
  4. Under VLAN/Tunnel, select the VLAN created earlier.
  5. Under Port Lockdown, select Allow Default.
  6. Click Finished.

Note: That the Self-IP cannot exist on the same subnet as the F5 Management IP.

4. Create PSC Service Monitors

4a. Create WebSSO Health Monitor

4a-create-websso-health-monitor

  1. Navigate to Local Traffic > Monitors > Create.
  2. Provide a Name
  3. Select Type HTTPS
  4. Set an interval of 30 Seconds
  5. In the Send String field enter GET /websso/HealthStatus HTTP/1.1\r\nHost:\r\nConnection: Close\r\n\r\n
  6. In the Receive String field enter 200
  7. In Alias Service Port enter 443
  8. Select Finished

4b. Create VMDir Health Monitor

4b-create-vmdir-health-monitor

  1. Navigate to Local Traffic > Monitors > Create.
  2. Provide a Name
  3. Select Type TCP
  4. Set an interval of 30 Seconds
  5. In the Send String field leave it blank
  6. In the Receive String field leave it black
  7. In Alias Service Port enter 389
  8. Select Finished

5. Create Load Balancer Pool Member Nodes

5-create-load-balancer-pool-member-nodes

Create Member Nodes.

  1. Navigate to Local Traffic > Nodes > Node List > Create.
  2. Provide a Name
  3. Provide the IP Address of the First PSC Node.
  4. Under Health Monitors select Node Specific
  5. Move icmp and psc-ha-websso-health and psc-ha-vmdir-health to the Active column using the << button
  6. Click Repeat.
  7. Provide a Name
  8. Provide the IP Address of the Additional PSC Node.
  9. Click Finished.

(Repeat the preceding steps for additional PSC Servers if you have more than two PSC)

5a. Create Load Balancer Pool Member Nodes

5a-create-load-balancer-pool-member-nodes

You should have two node members created

6. Create Load Balancer Pools

6-create-load-balancer-pools

Create PSC Pool for port 443.

  1. Navigate to Local Traffic > Pools > Pool List > Create.
  2. Provide a Name
  3. Under Health Monitors, move tcp to Active using the << button.
  4. Under Load Balancing Method, select Round Robin.
  5. Under New Members, select Node List.
  6. Under Address, select your First PSC Node
  7. Under Service Port, enter 443.
  8. Click Add.
  9. Under Address, select your additional PSC Node.
  10. Under Service Port, enter 443.
  11. Click Add.
  12. Click Finished.

Repeat preceding steps for ports 389, 636, 2012, 2014, 2020.

6a. Create Load Balancer Pools

6a-create-load-balancer-pools

You should have 6 unique pools created

7. Create a Persistence Profile

7-create-a-persistence-profile

  1. Navigate to Local Traffic > Profiles > Persistence > Create.
  2. Provide a Name
  3. Select Persistence Type, Source Address Affinity from the drop down menu
  4. Select the Custom checkbox.
  5. Enable Match across services.
  6. Specify the Timeout value to be at least 28800.
  7. Click Finish.

8. Creating the Virtual Server IP (VIP)

8-creating-the-virtual-server-ip-vip

Create Virtual Server IP (VIP) for the Ports: 443, 389, 636, 2012, 2014, 2020.

  1. Navigate to Local Traffic > Virtual Servers > Virtual Server List > Create.
  2. Provide a Name.
  3. Under Destination Address, input the Virtual IP to be used for the Load Balanced PSC FQDN.
  4. Under Service Port, enter a value of 443.
  5. Under Source Address Translation, select Auto Map.
  6. Under Default Pool, select the Pool for 443 created earlier.
  7. Under Default Persistence Profile, select the persistence profile created earlier.
  8. Click Finished

Create VIP for remaining ports 389, 636, 2012, 2014, 2020.

8a. Creating the Virtual Server IP (VIP)

8a-creating-the-virtual-server-ip-vip

You should have 6 unique VIP

9. Verify Node, Pool, VIP

9-verify-node-pool-vip

  1. Navigate to Local Traffic > Network Map
  2. Verify that Each VIP contains the correct Pool and that the correct Pool contains the correct Node:Port assignment.

Next: Preparing a certificate

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s