iControl Development with BIG-IP LTM VE – Part 1

Introduction

The LTM VE is a lifesaver when it comes to developing applications that use the iControl interface, or for development of iRules. My main (personal) use of it so far is the development of applications that use the iControl interface. Although a real LTM appliance has until now been the obvious choice of development target, the sheer cost of dedicated hardware is a big barrier to independent developers. In this respect the LTM VE comes into its own as an easy to use anywhere device.

As iControl is my focus, I'm not going to go much beyond setup and access via iControl. Certainly not into the realms of heavy duty load balancing and iRules at this time.

Platform

As a dedicated Linux user (Mac's are just a hobby), there is an obvious choice for hosting LTM VE. VMWare Server. The kind people at VMWare are kind enough to offer free licenses for use of VMWare Server, so that's the target.

To grab yourself a copy of the VMWare Server, just go to vmware.com and download. The kind people will send you a license key for free, and away you go. Magic!

What about the Mac?

VMWare also has a Mac option. VMWare Fusion. However beyond a 30 day license, you have to purchase the ability to run it. Why? Windows and Linux are free... Is there some reason Mac users are excluded from that club?

While I'm not beyond putting my hand in my pocket for more toys, I already have a Parallels Desktop license on my macbook, so purchasing a VMWare license seems a little wasteful. Unfortunately, LTM VE doesn't support Parallels (Mainly due to the fact that VMWare emulates a PCnet32 ethernet card for eth0. So the LTM VE has pcnet32 modules. The Parallels VM uses a Realtek RTL-8029 and there's no drivers included in the current LTM VE. Maybe some playing around later and I could create or force load a driver from another distribution, but that needs some spare time).

hamish@debian:~$ lspci
00:00.0 Host bridge: Intel Corporation 82P965/G965 Memory Controller Hub (rev 02)
00:01.0 PCI bridge: Intel Corporation 82G35 Express PCI Express Root Port (rev 02)
00:03.0 Class ff00: Device 1ab8:4000
00:05.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8029(AS)
00:0a.0 PCI bridge: Digital Equipment Corporation DECchip 21150
00:1d.0 USB Controller: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) USB UHCI #1 (rev 02)
00:1d.7 USB Controller: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) USB2 EHCI Controller (rev 02)
00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev f2)
00:1f.0 ISA bridge: Intel Corporation 82801HB/HR (ICH8/R) LPC Interface Controller (rev 02)
00:1f.1 IDE interface: Intel Corporation 82801BA IDE U100 Controller (rev 05)
00:1f.4 Multimedia audio controller: Intel Corporation 82801BA/BAM AC'97 Audio Controller (rev 02)
01:00.0 VGA compatible controller: Device 1ab8:4005
lspci output from Parallels 4

[root@localhost:Active] config # lspci
00:00.0 Host bridge: Intel Corporation 440BX/ZX/DX - 82443BX/ZX/DX Host bridge (rev 01)
00:01.0 PCI bridge: Intel Corporation 440BX/ZX/DX - 82443BX/ZX/DX AGP bridge (rev 01)
00:07.0 ISA bridge: Intel Corporation 82371AB/EB/MB PIIX4 ISA (rev 08)
00:07.1 IDE interface: Intel Corporation 82371AB/EB/MB PIIX4 IDE (rev 01)
00:07.3 Bridge: Intel Corporation 82371AB/EB/MB PIIX4 ACPI (rev 08)
00:0f.0 VGA compatible controller: VMware SVGA II Adapter
00:10.0 Ethernet controller: Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE] (rev 10)
00:11.0 Ethernet controller: Intel Corporation 82545EM Gigabit Ethernet Controller (Copper) (rev 01)
00:12.0 Ethernet controller: Intel Corporation 82545EM Gigabit Ethernet Controller (Copper) (rev 01)
[root@localhost:Active] config #
lspci output from VMWare Server

There is possibly another way to do this for free on a Mac... One I didn't try... Run LTM VE on VMWare Server, under Linux, on a Parallels hosted VM... Two levels of VM... Maybe next week...

What Now?

If we ignore the other necessary bits such as licensing (There's plenty of other descriptions on licensing a BigIP installation), we have a VMWare Server... Remote I know, until I buy a real copy of VMWare Fusion to run it locally again on my laptop. And what do we want to do? Well the reason I want a LTM VE is to develop software. In the past I've used exclusively perl to access the iControl interface on F5's, but now I want to practice a bit of iPhone programming. And a conversation on one of the devcentral forums led to a small challenge. Can we write an app to show F5 status from an iPhone? An iPhone network-map for the F5.

A Small Change to the iControl Server

As we're developing an app in C (OK, Objective-C) on a small platform, one thing we really want to be able to do is to tcpdump the packets between the client (iPhone app) and the server (F5) for debugging (Especially since objective-C doesn't include SOAP support as native). And be able to decode it.
Now because the traffic is SSL or TLS, you could use ssldump. But you need access to the key to decode the SSL traffic. And perform the dump on the F5 everytime, because Mac's don't come with ssldump by default. So it's easier (And more portable) to just enable HTTP traffic on the iControl server.
Luckily the iControl web server is Apache. Which makes the change as easy as editing the main apache config file /etc/httpd/conf/httpd.conf and altering the line that says

Listen localhost:80

to

Listen 0.0.0.0:80

and performing

bigstart restart httpd

which means that the apache server now listens for unencrypted (Port 80) HTTP traffic on the wildcard address of 0.0.0.0 (Or *) instead of localhost (127.0.0.1).

And it's up...

And that's all there is to it. Now we have a LTM VE available on the network with an insecure (clear text) iControl interface ready for easy debugging...

What's Left?

Console Access. Remember I'm using a Mac. And VMWare Server on a remote linux server. With VMWare Fusion, it's all built in to the Mac, but the interface for a remote VMWare server is via a web browser, and this requires a VMWare plugin for your browser to connect to the client console. Unfortunately this doesn't include a Mac client. What to do... The answer it appears is VNC. A hidden ability of VMWare server is to use a VNC client/server arrangement for the client console. Simply find the .vmx (VMWare Config) file for the VM and add the following lines

RemoteDisplay.vnc.enabled="TRUE"
RemoteDisplay.vnc.port="5900"
RemoteDisplay.vnc.password="somepassword"

and when the client VM is running you can connect to the console via your favourite VNC client (I currently use “Chicken of the VNC')

Published Mar 15, 2010
Version 1.0

Was this article helpful?