Forum Discussion

Damion's avatar
Damion
Icon for Cirrus rankCirrus
May 02, 2019

How to best Create Big-IP lab on VE from Physical production configuration to test upgrade?

I'm in the process of upgrading our physical Big-IP LTMs and would like to import as much of the configuration as possible (while maintaining VE management configuration) into a virtual edition lab to perform a mock upgrade.

 

I exported the SCF from the source physical and the VE for comparison.

 

I found K81271448: Merging BIG-IP configuration objects into the running configuration using tmsh https://support.f5.com/csp/article/K81271448

 

So it looks like I could remove portions from physical source configuration file and massage the rest, and merge. I converted the vlans to use the last interface on the VE (and disconnected from the VM).

 

But which parts of the config should I keep, and which should I remove prior to merging?

 

I also read that a UCS configuration might be more appropriate to export and import.

 

What is the best recommendation to migrate production Big-IP configuration to a VE lab to test an upgrade prior to actual upgrade?

 

  • Even though I used the verify option, it appears that ASM security policies are still loaded with tmsh load sys config merge file verify

     

    That is a little disconcerting.

     

  • I had done the migration from HW to VE for release upgrade tests too and the option "tmsh load sys ucs <filename> platform-migrate" alone isn't sufficient.

    At the end I done a mix.

     

    1. Export UCS "tmsh load sys ucs <filename> platform-migrate" from HW
    2. config base options like mgmt ip-address etc. manual at the VE
    3. Extact exported UCS file
    4. Import SCF config files from the extracted UCS file with "load /sys config merge file <filename> verify"
    5. Delete verify errors manual from the SCF files

     

    This was a lot manual work.

     

    I would be also interested in a more effective way of migration.