Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Move configuration from Physical LTM(10.x) to Virtual LTM(12.x)

Folks, We are going to switch one of our environment from a physical device to a virtual device. The physical device is on 10.x version and the new virtual devices would be on 12.x version.

We need to move the entire configuration and then make the virtual box live in Production.

Does anyone have any suggestions on how to do this? We have VIP's running with SSL certificates already loaded for those. While we have ASM/APM/AFM licenses on the virtual box we are only using the LTM feature for now.

Thanks!! N.

0
Rate this Question
Comments on this Question
Comment made 04-Apr-2018 by youssef 3526

Hello,

First of I advise you to put them in the same version (can you Upgrade Hardware version to V12 before Migration to VE?)

Regards,

0
Comment made 04-Apr-2018 by N. 249

Unfortunately, that is not possible. We would have liked to take that route.

These are old devices which are no longer supported. Upgrading the physical device can land us in trouble and then we would be left without support.

0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Please perform following steps:

  1. Take UCS backup of your physical device
  2. Configure only management IP on your virtual machine.
  3. Copy UCS file from your physical device to virtual machine( use SCP or WISCP or other tools)
  4. Once UCS file is copied to virtual machine install UCS using below command tmsh load sys ucs /var/local/ucs/ verify
  5. See for any errors and if no errors are observed then install UCS as mentioned below. tmsh load sys ucs /var/local/ucs/ no-license
  6. Note down all your encrypted password rg: Tacacs, LDAP etc.. because some time ucs will not load with encrypted passwords.
  7. If you receive errors for encrypted password
  8. Go to Config folder and take bigip.conf file and then nullify all the passwords with empty
  9. Then load ucs file again Please let me know any more information is required
0
Comments on this Answer
Comment made 04-Apr-2018 by N. 249

How would we be able to take care about the SSL certificates with this? That is a challenge, right?

0
Comment made 06-Apr-2018 by N. 249

and also how to nullify the password?

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I have not seen any issues with SSL certificates during migration till now.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hello,

Another way to import your configuration: First of be sure that your UCS is don in version 10.1.0 or later (Check release notes).

before migration (small manual work): -> Activate license in F5 VE -> Create VLAN and selfIP in F5 VE (the vlans must have the same names as on the physical equipment)

-> Do the backup in Hardware equipement. -> Import the backup in VE -> With winscp retrieve file bigip_base.conf (from VE) and keeo it on the side.

-> Load Hardware backup in VE trough CLI(tmsh) load sys ucs sv02353.zadm.local_backup.ucs no-platform-check no-license

You will get an error (normal :-)

you will have to give back the file that you have backup bigip_base.conf.

Then load configuration (tmsh) load sys config

after that it should work without any problem. except for issues that are not related to migration but more to the upgrade...

Just warning about HTTP class if you use it you have to keep in mind the following article before upgrade: https://support.f5.com/csp/article/K14409

Regards

0