Jump to: navigation, search

Configuring the BIG-IP LTM

The following table provides an overview of the main steps that are required in order to configure the BIG-IP LTM. Complete all steps in the order in which they are listed.

Integrating with BIG-IP LTM

Verify that BIG-IP LTM is working

The procedures in this topic assume that the BIG-IP LTM is properly licensed and fully functional, with login and password access configured. For more information, see BIG-IP LTM specific documentation.

Configuring VLANs

Purpose

To configure two VLANs (Virtual Local Area Networks): one VLAN for the external interface (physical interface 1.3) and one VLAN for the internal (SIP Server side) interface (physical interface 1.1). VLANs are used to logically associate Self IP interfaces with physical interfaces on the BIG-IP LTM.

Prerequisites

  • You are logged in to the BIG-IP LTM web interface.

Start

  1. Go to Network > VLANs > VLAN List.
  2. Click Create.
  3. In the dialog box that appears, specify the following properties (see the following figure):
    1. Name: Enter the VLAN name for the external interface--for example, vlanSipExternal.
    2. Tag: 503 (it is set automatically).
    3. Resources > Interfaces > Untagged: Select 1.3 in the Available section and click the left-pointing arrow button to move it into the Untagged section.
    4. Configuring a VLAN for the External Interface

  4. Click Finished.
  5. Click Create.
  6. In the dialog box that appears, specify the following properties (see the following figure):
    1. Name: Enter the VLAN name for the internal interface--for example, vlanSipInternal.
    2. Tag: 103 (it is set automatically).
    3. Resources > Interfaces > Untagged: Select 1.1 in the Available section and click the left-pointing arrow button to move it into the Untagged section.
    4. Configuring a VLAN for the Internal Interface

  7. Click Finished.

End

Next Steps


Configuring Self IP addresses

Purpose

To configure two Self IP addresses--one for the external interface and one for the internal interface--and associate them with the VLANs, to access hosts in those VLANs.

Prerequisites

Start

  1. Go to Network > Self IPs.
  2. Click Create.
  3. In the dialog box that appears, specify the following properties (see the following figure):
    1. IP Address: Enter the IP address for the internal interface--for example, 192.168.63.1.
    2. Netmask: Enter the netmask--for example, 255.255.255.240.
    3. VLAN: Select the name of the VLAN to which you want to assign the self IP address--for example, vlanSipInternal.
    4. Configuring a Self IP Address for the Internal Interface

  4. Click Finished.
  5. Click Create.
  6. In the dialog box that appears, specify the following properties (see the following figure):
    1. IP Address: Enter the IP address for the external interface--for example, 192.168.203.67.
    2. Netmask: Enter the netmask--for example, 255.255.255.0.
    3. VLAN: Select the name of the VLAN to which you want to assign the self IP address--for example, vlanSipExternal.
    4. Click Finished (see the following figure).
    5. Configuring a Self IP Address for the External Interface

End

Next Steps


Configuring the Default IP route

Purpose

To configure the default IP route.

Prerequisites

Start

  1. Go to Network > Routes.
  2. Click Add.
  3. In the dialog box that appears, specify the following properties (see the following figure):
    1. Type: Select Default Gateway.
    2. Resource > Use Gateway: Enter the IP address for this default IP route--for example, 192.168.203.1.
    3. Click Finished.
    4. Configuring Default IP Route

End

Next Steps


Configuring SIP Server nodes

Purpose

To configure two SIP Server nodes, primary and backup.

Prerequisites

Start

  1. Go to Local Traffic > Nodes.
  2. Click Create.
  3. In the dialog box that appears, specify the following properties (see the following figure):
    1. Address: Enter the IP address for the primary SIP Server node--for example, 192.168.63.201.
    2. Name: Enter the node name--for example, nodeHa01Primary.
    3. Health Monitors: Select Node Specific.
    4. Select Monitors > Active: Select icmp.
    5. Configuring a Primary SIP Server Node

  4. Click Finished.
  5. Click Create.
  6. In the dialog box that appears, specify the following properties (see the following figure):
    1. Address: Enter the IP address for the backup SIP Server node--for example, 192.168.63.203.
    2. Name: Enter the node name--for example, nodeHa01Backup.
    3. Health Monitors: Select Node Specific.
    4. Select Monitors > Active: Select icmp.
    5. Configuring a Backup SIP Server Node

  7. Click Finished.

End


Configuring a health monitor

Overview

In general, the BIG-IP LTM uses health monitors to determine whether a server to which messages can be routed is operational (active). Servers that are flagged as not operational (inactive) will cause the BIG-IP LTM to route messages to another server if one is present in the same server pool. However, primary and backup SIP Servers must be configured as the only members of the same server pool--one member active (primary) and one member inactive (backup).

In this procedure, the BIG-IP LTM is configured to use the health monitor of SIP type in UDP mode. This means that the OPTIONS request method will be sent to both primary and backup SIP Servers. Any response to OPTIONS is configured as Accepted Status Code.

SIP Server always starts in backup mode, establishes a permanent connection with the Genesys Management Layer, and changes its role to primary only if a trigger from the Management Layer is received. Such trigger is only generated if no other primary SIP Server is currently running. After switching to primary mode, SIP Server responds to UDP packets received on the SIP port specified by the sip-port configuration option. Therefore, after receiving the OPTIONS request from the BIG-IP LTM, SIP Server responds to the health check, and the BIG-IP LTM marks SIP Server as active.

When running in backup mode, SIP Server ignores UDP messages. Since the BIG-IP LTM does not receive any response to the OPTIONS request, it marks the backup SIP Server as inactive. If SIP Server does not respond because of network latency or other reasons, the BIG-IP LTM will mark SIP Server as inactive, and continue sending ping messages periodically.

The Interval setting defines how often pool members (primary and backup) are checked for presence. The Timeout setting defines the waiting time before an unresponsive member of the pool is marked as inactive. Regardless of the member's status (or SIP Server status), the BIG-IP LTM will always check servers for presence. When an inactive member responds to the health check, it is marked as active. In this configuration, the Interval parameter is set to one second and Timeout to four seconds in order to minimize a possible delay that might result from a switchover.

Start

  1. Go to Local Traffic > Monitors.
  2. Click Create.
  3. In the dialog box that appears, specify the following properties (see the following figure):
    1. Name: Enter the name for this health monitor--for example, monSipUdp.
    2. Type: Select SIP.
    3. Configuration: Select Basic.
    4. Interval: Enter 1.
    5. Timeout: Enter 4.
    6. Mode: Select UDP.
    7. Additional Accepted Status Codes: Select Any.
    8. Configuring a Health Monitor

  4. Click Finished.

End

Next Steps



Configuring a server pool

Purpose

To configure a server pool with which the BIG-IP LTM will communicate.

Start

  1. Go to Local Traffic > Pools.
  2. Click Create.
  3. In the dialog box that appears, specify the following properties (see the following figure):
    1. Name: Enter the name for this server pool--for example, the poolHa01.
    2. Health Monitors > Active: Select monSipUdp.
    3. Action On Service Down: Select Reselect.
    4. Load Balancing Method: Select Round Robin.
    5. Priority Group Activation: Select Disabled.
    6. Configuring a Server Pool

  4. Click Finished.
  5. End


Adding server pool members

Purpose

To add primary and backup SIP Servers to the server pool. Note that they must be the only members of this server pool.

Start

  1. Go to Local Traffic > Pools > poolHa01 > Members.
  2. Click Add.
  3. In the dialog box that appears, specify the following properties (see the following figure):
    1. Address > Node List: Select the primary server node you created in Configuring SIP Server nodes. In our example, it would be 192.168.63.201 (nodeHa01Primary).
    2. Service Port: Enter 5060.
    3. Adding the Primary SIP Server to the Server Pool

  4. Click Finished.
  5. Click Add.
  6. In the dialog box that appears, specify the following properties (see the following figure):
    1. Address > Node List: Select the backup server node you created in the Configuring SIP Server nodes. In our example, it would be 192.168.63.203 (nodeHa01Backup).
    2. Service Port: Enter 5060.
    3. Adding the Backup SIP Server to the Server Pool

  7. Click Finished.
  8. Go to Local Traffic > Pools. The status of the poolHa01 server pool displays as available (green) (see the following figure).
    The Server Pool of Two Members

End


Configuring data groups

Purpose

To configure data groups that will be used by the iRule. One data group (dataGroupHa) contains physical IP addresses of primary and backup SIP Server nodes. The second data group (dataGroupSnatExcluded) contains IP addresses of the groups that will be excluded from applying SNAT, such as the Genesys Configuration Server group and Genesys T-Library Clients group (see the Device Communication Groups figure).


Start

  1. Go to Local Traffic > iRules > Data Group List.
  2. Click Create.
  3. In the dialog box that appears, specify the following properties (see the following figure):
    1. Name: Enter the name for this data group--for example, dataGroupSnatHa.
    2. Type: Select Address.
    3. Address Records > Type Host > Address: Enter the host IP address of the primary server node--for example, 192.168.63.201.
    4. Click Add.
    5. Address Records > Type Host > Address: Enter the host IP address of the backup server node--for example, 192.168.63.203.
    6. Click Add.
    7. Configuring a Data Group for SNAT

  4. Click Finished.
  5. Click Create.
  6. In the dialog box that appears, specify the following properties (see the following figure):
    1. Name: Enter the name for this data group--for example, dataGroupSnatExcluded.
    2. Type: Select Address.
    3. Address Records > Type Host > Address: Enter the host IP address of Genesys Configuration Server--for example, 172.21.226.73.
    4. Click Add.
    5. Address Records > Type Network > Address: Enter the IP address and net mask--for example, 192.168.89.0/255.255.255.0.
    6. Click Add.
    7. Configuring a Data Group for SNAT Exclusions

  7. Click Finished.

End


Configuring a SNAT pool

Purpose

To configure a SNAT pool that specifies the Virtual IP address to be used as a source IP address for any packet that originates from the primary or backup SIP Server to which SNAT is applied (with the exception of the devices specified in the dataGroupSnatExcluded data group). SNAT is the mapping of one or more original IP addresses to a translation address.

Start

  1. Go to Local Traffic > SNAT Pools.
  2. Click Create.
  3. In the dialog box that appears, specify the following properties (see the following figure):
    1. Name: Enter the name for this SNAT pool--for example, snatPoolVip.
    2. Configuration > Members List > IP Address: Enter the IP address to be used as a source IP address--for example, 192.168.203.164.
    3. Configuring a SNAT Pool

  4. Click Finished.

End


Configuring an iRule

Purpose

To configure an iRule that is used to perform SNAT to the Virtual IP address to any packets that originate from the primary or backup SIP Server (with the exception of the packets addressed to Configuration Server and the Genesys T-Library Clients group). This iRule will then be associated with a Virtual Server for the outbound traffic, vsWildCardOutbound. In this deployment architecture, the HA synchronization traffic between primary and backup SIP Servers does not pass through the BIG-IP LTM, that is why it is excluded from applying SNAT.


Start

  1. Go to Local Traffic > iRules.
  2. Click Create.
  3. In the dialog box that appears, specify the following properties (see the following figure):
    Configuring an iRule

    1. Name: Enter the name for this iRule--for example, iRuleSnatOutbound.
    2. Definition: Enter the following text:
      #======================================================#
      # Apply SNAT as specified in snatPoolVip for all 
      # packets originated from dataGroupSnatHa members.
      # Exclude packets addressed to members of 
      # dataGroupSnatExcluded.
      #======================================================#
      when CLIENT_ACCEPTED {
        if { [matchclass [IP::remote_addr] equals $::dataGroupSnatHa] }
        {
          if { [matchclass [IP::local_addr] equals $::dataGroupSnatExcluded] }
          {
          }
          else
          {
            snatpool snatPoolVip
          }
        }
      }
      
  4. Click Finished.

End


Configuring a Virtual Server

Complete the following steps:

[+] Configuring a Virtual Server for outbound traffic

[+] Configuring a Virtual Server for inbound traffic

[+] Configuring Virtual Servers for UDP and TCP SIP communications

<verttabber>

This page was last edited on July 16, 2013, at 17:48.
Comments or questions about this documentation? Contact us for support!