1. Manuals
  2. Brands
  3. F5 Manuals
  4. Switch
  5. ARX-VE
  6. Planning manual

F5 ARX-VE Planning Manual

Adaptive resource switch
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
®
ARX
Site Planning Guide
810-0036-00

Advertisement

Table of Contents
loading

Related Manuals for F5 ARX-VE

Summary of Contents for F5 ARX-VE

  • Page 1 ® Site Planning Guide 810-0036-00...

  • Page 3: Publication Date

    Systems, Traffix Systems (DESIGN), Transparent Data Reduction, UNITY, VAULT, VIPRION, vCMP, virtual Clustered Multiprocessing, WA, WAN Optimization Manager, WebAccelerator, WOM, and ZoneRunner, are trademarks or service marks of F5 Networks, Inc., in the U.S. and other countries, and may not be used without F5's express written consent.

  • Page 4: Canadian Regulatory Compliance

    December 2007 - Rev J, clarification of Metadata-share best practices February 2008 - Rev K, clarification of Console-cable pinouts for Release 2.7.1 March 2008 - Rev L, conversion to F5 format for Release 3.1.0 June 2008 - Rev M, more namespace/volume limits for Release 3.2.0 ®...
  • Page 5 January 2011 - Rev V, add updates for Release 5.03.000 June 2011 - Rev W, add updates for Release 6.00.000 September 2011 - Rev X, add updates for Release 6.01.000 October 2011 – Rev Y, refer to licensed limits July 2012 - Rev Z, add updates for Release 6.02.000 October 2012 - Rev AA, add updates for Release 6.03.000 June 2013 - Rev AB, add updates for Release 6.04.000 ARX Site Planning Guide...

  • Page 7: Site Planning

    Site Planning This manual describes network and environmental considerations for ® installing an Adaptive Resource Switch (ARX ). Use this document to prepare for adding an ARX to your network.

  • Page 9: Concepts And Terminology

    ARX (proxy) clients Platforms and Modules You can purchase any of the following ARX platforms: • Single-port ARX-VE (a virtual appliance) • Single-port ARX-500 • 8-port ARX-1500 • 12-port ARX-2000 • 4-port ARX-2500, with 2 additional 10-Gigabit ports •...

  • Page 10: Selecting A Network Topology

    Chapter 1 Site Planning Namespaces You can configure one or more namespaces for your front-end clients. Each namespace is a collection of virtual file systems, called volumes, under a single authentication domain. A volume is a collection of shares (or exports) hosted on the back-end file servers.

  • Page 11: One-Armed Proxy: After Installing An Arx

    Selecting a Network Topology Figure 1.2 Clients and servers on the same VLAN before using the ARX. VLAN 25, IP subnet 192.168.25.x clients servers One-Armed Proxy: After Installing an ARX The ARX has a single physical connection to the client/server subnet. On the switch, you configure the same subnet and VLAN for both front-end clients and back-end servers.

  • Page 12: Multiple Subnet Topology

    Chapter 1 Site Planning Figure 1.3 Clients and servers on a VLAN after cutting in an ARX. VLAN 25, IP subnet 192.168.25.x clients servers Multiple Subnet Topology A multiple subnet deployment divides clients and servers into multiple IP subnets. You can define multiple subnets, static routes, and default routes on the ARX to reach any number of subnets at the front end or back end.

  • Page 13: Multiple Subnet: After Installing An Arx

    Selecting a Network Topology Figure 1.4 Clients and servers on separate VLANs and subnets servers 192.168.25.x 172.100.90.x clients Multiple Subnet: After Installing an ARX As shown in Figure 1.5, the ARX has a separate connection to the client subnet and the server subnet in a multiple subnet topology. The switch serves as a proxy for CIFS and/or NFS transactions between the clients and servers.

  • Page 14: Allocating Ip Addresses

    Chapter 1 Site Planning Figure 1.5 ARX as proxy for CIFS and/or NFS transactions servers 192.168.25.x back end front end ARX (proxy) 172.100.90.x clients Allocating IP Addresses As a resource proxy with distributed processors, the ARX requires several IP addresses to communicate with front-end clients and its back-end servers. Every network processor on the switch requires its own address to terminate and originate transactions with back-end servers.

  • Page 15: Adding Proxy Ip Addresses To Domain Name Servers

    ARX-4000 ARX-2500 ARX-2000 ARX-1500 ARX-500 or ARX-VE In any chassis type, the CLI issues a warning if insufficient proxy IP addresses have been defined. Adding Proxy IP Addresses to Domain Name Servers During an NFS mount, some back-end servers perform domain name server (DNS) reverse-lookups against remote NFS clients.

  • Page 16: Configuring Management Ip Addresses

    It must have an IP address outside of the server subnet or any of the client subnets. Note ARX-VE does not offer out-of-band management. Ports Required by the ARX The ARX is assumed to operate in a three-tiered network in a large data center.
  • Page 17 Allocating IP Addresses Figure 1.6 Sample Network WAN/campus core routers distribution switches L2 switch L2 switch access switches clients back-end filers and servers The sample network has redundant ARX devices connected at each of the distribution switches. Physically, this is a one-armed connection; conceptually, the ARX has clients in front and file servers in back.
  • Page 18 Chapter 1 Site Planning Table 1.2 Ports Required by the ARX Inbound Outbound Port Service/Protocol VIP | XIP | MGMT VIP | XIP | MGMT Comment ARX Management ✓ SNMP agent for Disabled by default. polling UDP ✓ ✓ SNMP traps TCP/UDP Disabled by default.
  • Page 19 Allocating IP Addresses Table 1.2 Ports Required by the ARX (Continued) Inbound Outbound Port Service/Protocol VIP | XIP | MGMT VIP | XIP | MGMT Comment ✓ ✓ nlockmgr TCPUDP ✓ ✓ status TCP/UDP CIFS Proxy/SMB ✓ ✓ CIFS (SMB) Server Preferred port.

  • Page 20: Using Ntp

    Automatically Discovering Your File Servers Prior to installing an ARX, best practices recommend using F5 Data Manager, a web-based application that can give you a detailed understanding of your unique file storage configuration, contents, structure, and usage. With this understanding, you can identify and apply data management policies to create an efficient and cost-effective storage environment.

  • Page 21: Manually Preparing The Back-End File Servers

    To prevent the rename on import, you can change its name or location on one of the filers before the import. F5 provides tools and services to assist with finding name collisions and other issues before the ARX is installed.

  • Page 22: Nfs Servers

    Chapter 1 Site Planning NFS Servers When a namespace imports an NFS export/share, the ARX takes inventory by reading the share’s directory tree as root. The shares cannot squash root access by the ARX devices’ proxy IPs, or this tree walk (and therefore the import) may fail.
  • Page 23 Manually Preparing the Back-End File Servers Figure 1.7 NetApp Manage Exports screen The NFS Export wizard is invoked. See the following figure. In the wizard, select the options to configure for the export. Figure 1.8 NFS Export wizard Use this wizard to add your proxy IP addresses to the following lists: •...

  • Page 24: Emc Celerra Server

    Chapter 1 Site Planning On the wizard Commit screen (the final screen), click Commit. See the following figure. Figure 1.9 NFS Export wizard Commit screen EMC Celerra Server On the EMC Celerra server, select NFS Exports. See the left-hand navigation column in the following figure. Click New or click an existing export name, as appropriate.

  • Page 25: Emc Data Domain Exports

    Manually Preparing the Back-End File Servers In the Root Hosts field, enter all your proxy IP addresses. Enter only proxy IP addresses (and, possibly, management IP addresses) in these fields. For an example showing these fields, see the following figure. Figure 1.11 EMC Celerra Read/Write Hosts or the Root Hosts fields.
  • Page 26 Chapter 1 Site Planning Linux The following instructions have been tested with Debian-Linux NFS servers. The same method should apply to other Linux distributions, such as RedHat. As root, edit the /etc/exports file to set the following for each NFS export: •...

  • Page 27: Cifs Servers And Client Authentication

    Manually Preparing the Back-End File Servers As root, edit the /etc/exports file to accomplish all of these goals. To allow -alldirs mounts below the root of the share, you must use the flag. For security reasons, BSD only allows this flag for shares that map to block devices.

  • Page 28: Windows Server Licensing

    Chapter 1 Site Planning the file servers’ Windows domain. The proxy user requires strong privileges on all CIFS-supporting servers, This user account must belong to the Backup Operators group or a group with equivalent privileges, and it must have full control (defined as both read and change control) over all files and directories in the share.

  • Page 29: Emc Data Domain

    EMC Data Domain The EMC Data Domain system has a particular CLI command designed to support the ARX proxy user: cifs option set F5. This command accepts the domain and username of any valid Windows account, defined externally on your Windows Domain Controllers (DCs): cifs option set F5 domain\username...

  • Page 30: Linux Samba

    ACLs. Without POSIX ACL and extended attribute support, the ARX namespace cannot support persistent ACLs. If you intend to deploy Samba, work with your F5 SE and consult the latest version of the F5 Data Solutions Compatibility Matrix for details on the level of support provided.

  • Page 31: Planning For A Namespace

    4 independent processors. The ARX-500 has a single processor that runs management software in addition to namespace processes. The ARX-VE is a virtual machine, and has a configurable amount of processor time and memory. The maximum namespaces, volumes, shares, and files per platform are controlled by these system resources and by the license that you purchase fromF5.

  • Page 32: Direct Volumes And Nfsv3

    For this reason, F5 Networks does not recommend backing up the metadata. F5 Networks provides utilities to fix most metadata inconsistencies, and a rebuild utility to create a new metadata database.
  • Page 33 F5 Networks recommends a dedicated file system on a file server that has adequate performance and redundancy characteristics, as well as adequate space.

  • Page 34: Sizing The Metadata Share

    Chapter 1 Site Planning Important Choosing a metadata share that is too small or unreliable can seriously jeopardize managed-volume performance. A poor configuration for the metadata can possibly lead to metadata corruption. Choose your metadata shares carefully, as instructed in this section. You must choose at least one metadata-storage location for each managed volume.
  • Page 35 Performance and Availability Requirements F5 recommends that all metadata-share candidates have good performance and high availability. Namespace performance suffers if its metadata is housed on a physical device that is overwhelmed, and a namespace cannot function at all if its metadata is unavailable.

  • Page 36: Nfs Metadata Shares Can Support Any Volume

    CIFS metadata share is limited to volumes that also support CIFS. F5 Networks’ web-based application, Data Manager, can help you inventory the shares/exports you plan to import and calculate the ARX metadata size required. If you have access to Data Manager, you can use it to...

  • Page 37: Choosing A Filer Share For The Volume Root

    For more information and to download a free trial version, see: http://www.f5.com/products/data-manager/ Choosing a Filer Share for the Volume Root When a client creates a new file in the root (/) of a managed volume, the namespace software cannot deterministically choose an intended back-end share for the new file.

  • Page 38: Planning For A Multi-Protocol Namespace

    Chapter 1 Site Planning Planning for a Multi-Protocol Namespace A multi-protocol namespace supports both NFS and CIFS. You can use it with a heterogeneous set of back-end filers with multi-protocol shares. Currently-supported filer vendors include NetApp and EMC. The ARX passes NFS and/or CIFS operations through to the back-end shares, which permit or deny the operations based on client identity and file/directory permissions.
  • Page 39 All NetApp shares behind a multi-protocol volume must be configured with the same permissions type (UNIX, or NTFS). F5 recommends that you use NTFS qtrees, which offer the richest set of file-access permissions. Timestamp Skew in a Unix Qtree...

  • Page 40: Emc Best Practices: Creating The Proxy-User Account

    Chapter 1 Site Planning If the proxy-username has spaces or a pound-sign (#) character in it, you must enclose it in quotation marks. Enclose only the username, not the entire DOMAIN\proxy-username string. For example: MYDOMAIN\”random user” == root # correct is correct, but “MYDOMAIN\random user” == root # incorrect is incorrect. As the final example, this line maps a Windows user, MEDARCH\jqpublic, to root: MEDARCH\jqpublic == root...

  • Page 41: Preparing For Use In An Active Directory Domain

    Preparing for Use in an Active Directory Domain         *** slot_0 primary control station *** [nasadmin@emc01‐mgt nasadmin]$ server_file server_2 ‐get passwd passwd.new server_2 : done [nasadmin@emc01‐mgt nasadmin]$ vi passwd.new Add the following line to the bottom of the “passwd.new” file: jqpublic::0:0:jqpublic:/:/bin/bash Then install the new passwd file and exit the EMC CLI: [nasadmin@emc01‐mgt nasadmin]$ server_file server_2 ‐put passwd.new passwd server_2 : done [nasadmin@emc01‐mgt nasadmin]$ exit Connection to 192.168.25.51 closed. rh1:/# ... Preparing for Use in an Active Directory Domain This section applies to Windows installations that support Active Directory (AD) domains.

  • Page 42: Required Administrative Privileges

    Special administrative privileges are required to join an F5 front-end CIFS server (F5 server) to an AD domain. The domain-join operation has two major steps: add the F5 server to the AD domain and raise the “Trusted for Delegation” flag for the server. Each of these steps requires a distinct administrative privilege: •...

  • Page 43: Front-End Service Limitations

    Front-End Service Limitations white paper on Kerberos authentication (http://www.microsoft.com/windows2000/techinfo/howitworks/security/kerb eros.asp). Front-End Service Limitations The ARX aggregates all of your back-end storage and offers it through front-end (CIFS and/or NFS) services to your clients. The ARX supports a maximum of 64 services, each with a distinct FQDN and virtual-IP (VIP) address.
  • Page 44 • Height:1U ® platforms, differing only in performance • Weight: 22.5 and scale. • Licensing and entitlement tracking using F5 Licensing • Weight: 35 pounds • Enables Fast Ethernet and Gigabit Ethernet 2000 The ARX-2000 is a cost-effective,...

  • Page 45: System Specifications And Requirements

    • NVRAM with SuperCap (No Battery required) differing only in performance and scale. • Height: 1U • Weight: 22.5 • Licensing and entitlement tracking using F5 Licensing • Weight: 35 pounds • Compact design (2U control plane, 2U data plane)

  • Page 46: Arx-500 System Specifications And Requirements

    Chapter 1 Site Planning • ARX-500 System Specifications and Requirements, on page 1-40 • ARX-1500 System Specifications and Requirements, on page 1-40 • ARX-2000 System Specifications and Requirements, on page 1-41 • ARX-2500 System Specifications and Requirements, on page 1-42 •...

  • Page 47: Arx-2000 System Specifications And Requirements

    Physical Site Preparation Table 1.6 ARX-1500 System Specifications (Continued) Component Specification Environmental Requirements Altitude: 60m (197ft) min. to 1800m (6000 ft) max. Humidity Operating: 10% min. to 95% max. (non condensing) Storage: 5% to 95% Temperature Operating: 32 deg. to 104 deg. F (0 deg. to 40 deg. C) Storage: -40 deg.
  • Page 48 Chapter 1 Site Planning ARX-2500 System Specifications and Requirements The following table describes the ARX-2500 system specifications. Table 1.8 ARX-2500 System Specifications Component Specification Chassis Dimensions Height: 44.5 mm (1.75 inches) (includes front bezel) Width: 443 mm (17.44 inches) Depth: 481 mm (18.93 inches) Weight Weight: 22.5 lb (10.2 kg) Power Load...

  • Page 49: System Power Requirements

    Physical Site Preparation Table 1.9 ARX-4000 System Specifications (Continued) Component Specification Environmental Requirements Altitude: –200 ft. (–60 m) min. to 8000 ft. (2500 m) max. Humidity: Operating: 5 % min. to 95% max. (non condensing) Storage: 5% to 95% Temperature: °...

  • Page 50: Arx-2500 System Power Requirements

    Chapter 1 Site Planning ARX-2500 System Power Requirements The ARX-2500 is powered by two power supplies (1+1 redundancy) consisting of two power modules and one power system frame. Two power modules are recommended for full redundancy and load-sharing. The power supplies require a 10A / 220VAC input cord, which is provided with the chassis.

  • Page 51: Arx-1500 Cable Requirement

    Physical Site Preparation Table 1.10 ARX-500 Required Power and Data Cables (Continued) Qty. Cable/Cord Used on... Specification Console cable with Serial console interface (labeled 100BASE-T Category 5 unshielded RJ-45-to-DB9 adapter “10101” on the rear panel) twisted pair (UTP); 24 AWG Ethernet cables for OOB management interface connection to 10/100 Mbps...

  • Page 52: Arx-2000 Cable Requirements

    Chapter 1 Site Planning ARX-2000 Cable Requirements The following table lists the required cables and power cords for the switch. All cables except the AC power cord and console cable are customer-supplied. Table 1.12 ARX-2000 Required Power and Data Cables Qty.

  • Page 53: Arx-4000 Cable Requirements

    Physical Site Preparation Table 1.13 ARX-2500 Required Power and Data Cables (Continued) Qty. Cable/Cord Used on... Specification Fiber-optic cables 10-gigabit Ethernet 10GBASE-SR (gigabit for connection to ports Ethernet) fiber cable: 10-Gbps Ethernet Short-reach multi-mode X2 MSA-compliant fiber (MMF) with duplex form factor LC-style connectors.

  • Page 54: Cable Connectors And Pinout Assignments

    Chapter 1 Site Planning Table 1.14 ARX-4000 Required Cables and Power Cords (Continued) Qty. Cord/Cable Used on... Specification Ethernet cables for Gigabit Ethernet ports 100/1000BASE-T Category 5/6, connection to 100/1000 unshielded twisted pair (UTP) cable; 24 Mbps Ethernet AWG. (RJ-45 connectors) Fiber-optic cables for 10-gigabit Ethernet ports 10GBASE-SR (gigabit Ethernet) fiber...

  • Page 55: Pinout Assignments

    Physical Site Preparation The serial console port requires a rollover cable (RJ-45 to RJ-45) that is included with the ARX-installation kit. This cable is sufficient for connecting to a Terminal Server. For a direct connection to the serial port on a management station (such as a laptop), an RJ-45 to DB9 adapter is also included in the kit.
  • Page 56 Chapter 1 Site Planning Pinout Assignments for ARX-500, ARX-2000, and ARX-4000 The following table lists the RJ-45 pinout assignments for the rollover cable and the adapter. The left column shows the transmit (TxD), ground (GND), and receive (RxD) signals. and the right column shows the signals reversed at the console device.

  • Page 57: Sfp Optical Connector For The Arx-2500

    Physical Site Preparation SFP Optical Connector for the ARX-2500 The Gigabit Ethernet optical ports on the ARX-2500 use small form-factor pluggable (SFP) optical transceivers that accept LC-style multi-mode fiber connectors. These are for connection to Ethernet over fiber-optic cable. Important Fiber-optic ports are shipped with SFP optics installed.

  • Page 58: Arx-1500 Connectors

    Chapter 1 Site Planning ARX-1500 Connectors The ARX-1500 is powered by two power supplies (1+1 redundancy) system) consisting of two power modules and one power system frame. Two power modules are recommended for full redundancy and load-sharing. The power supplies require a 10A / 220VAC input cord, which is provided with the chassis.

  • Page 59: Arx-2500 Connectors

    Physical Site Preparation ARX-2500 Connectors The ARX-2500 is powered by two power supplies (1+1 redundancy) consisting of two power modules and one power system frame. Two power modules are recommended for full redundancy and load-sharing. The power supplies require a 10A / 220VAC input cord, which is provided with the chassis.

  • Page 60: Bringing An Arx Inline

    Chapter 1 Site Planning Table 1.21 ARX-4000 Cable Connectors (Continued) Interface Connector Purpose 10-gigabit Ethernet X2 MSA form factor Optical ports (2) for 10-gigabit Ethernet connections over optical ports multi-mode fiber. Shipped with small form-factor pluggable (SFP) optical transceivers installed. Transceivers accept SC-style multi-mode fiber connectors for connection to Ethernet over fiber-optic cable.

  • Page 61: Accessing The Arx Using The Cli Or The Gui

    Bringing an ARX Inline existing and new configurations for naming collisions and hardware limitations. For further details on some of these issues, see Manually Preparing the Back-End File Servers, on page 1-15. Accessing the ARX Using the CLI or the GUI The process of configuring an ARX begins with the initial interview.

  • Page 62: Best Practice: Regularly Saving The Configuration

    Chapter 1 Site Planning This manual contains instructions to set up and maintain networking and administration on a new ARX. After installing the switch, setting up its management IP, and preparing the switch for CLI and/or GUI provisioning, you can follow the order of the chapters in this manual to: 1.

  • Page 63: Contacting Customer Service

    3. On the Configs page, click Save Config. 4. On the Save Configuration page, click the Help button in the upper right-hand corner and follow the instructions. Contacting Customer Service You can use the following methods to contact F5 Networks Customer Service: F5 Networks Online http://support.f5.com...
  • Page 64 Chapter 1 Site Planning 1 - 58...

This manual is also suitable for:

Arx-500Arx-4000Arx-1500Arx-2000Arx-2500

Table of Contents