F5 BIG-IP VE – LTM/DNS   (BYOL, 1 Boot Location)
                        Jun 28, 2024
                    
                     admin@
 
• If you prefer, you can use PuTTy : 
a. In the Host Name (or IP address) field, enter the external IP address. 
b. In the Category pane on the left, click Connection > SSH > Auth. 
c. In the Private key file for authentication field, choose your .ppk file. 
d. Click Open. 
e. If a host key warning appears, click OK. 
f. The terminal screen displays: login as: 
g. Type admin and press Enter. 
h. You are now at the tmsh command prompt. 
 
© 2019 F5 Networks, Inc.         5 of 222. Modify the admin password: 
modify auth password admin 
The terminal screen displays the message: 
changing password for admin 
new password: 
3. Type the new password and press Enter. 
The terminal screen displays the message: 
confirm password 
4. Re-type the new password and press Enter. 
Ensure that the system retains the password change and press Enter. 
save sys config 
The terminal screen displays the message: 
Saving Ethernet mapping...done 
 
License BIG-IP VE 
You must enter license information before you can use BIG-IP VE. 
 
1. Open a web browser and log in to the BIG-IP Configuration utility by using https with the external IP 
address and port 8443, for example: https://:8443. The username is 
admin and the password is the one you set previously. 
2. On the Setup Utility Welcome page, click Next. 
3. On the General Properties page, click Activate. 
4. In the Base Registration key field, enter the case-sensitive registration key from F5. 
5. For Activation Method, if you have a production or Eval license, choose Automatic and click Next. 
6. If you chose Manual, complete these steps: 
a. In the Step 1: Dossier field, copy all of the text and then click Click here to access F5 Licensing 
Server. 
b. A separate web page opens. 
c. On the new page, click Activate License. 
d. In the Enter your dossier field, paste the text and click Next. 
e. Accept the agreement and click Next. 
f. On the Activate F5 Product page, copy the license text in the box. Now go back to the BIG-IP 
Configuration utility and paste the text into the Step 3: License field. 
g. Click Next. 
 
The BIG-IP VE system registers the license and logs you out. When the configuration change is successful, click 
Continue to provision BIG-IP VE. 
 
Provision BIG-IP VE 
You must confirm the modules you want to run before you can begin to work in the BIG-IP Configuration utility. 
 
1. Open a web browser and log in to the BIG-IP Configuration utility. 
2. On the Resource Provisioning screen, change settings if necessary and click Next. 
3. On the Device Certificates screen, click Next. 
4. On the Platform screen, in the Admin Account field, re-enter the password for the admin account and 
click Next. 
BIG-IP VE logs you out. 
 
© 2019 F5 Networks, Inc.         6 of 225. When you log back in, on the Setup Utility > Network screen, in the Advanced Network Configuration 
area, click Finished. 
 
Create a pool and add members to it 
Traffic goes through BIG-IP VE to a pool. Your application servers should be members of this pool. 
 
1. Open a web browser and go to the BIG-IP Configuration utility, for example: https://:8443. 
2. On the Main tab, click Local Traffic > Pools. 
3. Click Create. 
4. In the Name field, type web_pool. Names must begin with a letter, be fewer than 63 characters, and 
can contain only letters, numbers, and the underscore (_) character. 
5. For Health Monitors, move https from the Available to the Active list. 
6. Choose the load balancing method or retain the default setting. 
7. In the New Members section, in the Address field, type the IP address of the application server. 
8. In the Service Port field, type a service port, for example, 443. 
9. Click Add. 
The list now contains the member. 
10. Add additional pool members as needed and click Finished. 
 
Create a virtual server 
A virtual server listens for packets destined for the external IP address. You must create a virtual server that 
points to the pool you created. 
 
1. In the BIG-IP Configuration utility, on the Main tab, click Local Traffic > Virtual Servers. 
2. Click Create and populate the following fields. 
 
Field Value 
Name A unique name 
Destination Address/Mask BIG-IP VE''s private IP address 
Service Port 443 
HTTP Profile http 
SSL Profile (Client) clientssl 
SSL Profile (Server) serverssl 
Source Address Translation Auto Map 
Default Pool web_pool 
 
Note: These settings are for demonstration only. For details about securing a web application with SSL, 
see the product documentation at askf5.com. 
 
3. Click Finished. 
 
Traffic to the BIG-IP VE external IP address will now go to the pool members. To test in a browser, type: 
https://. 
 
© 2019 F5 Networks, Inc.         7 of 22Alibaba Cloud: Three-NIC BIG-IP VE 
 
The following diagram shows a basic three-NIC deployment of BIG-IP VE in an Alibaba Virtual Private Cloud 
(VPC). 
 
Complete the tasks in this guide to create this deployment. 
 
 
 
Note: Your IP addresses may not match the diagram exactly. 
 
This deployment shows three subnets: 
• An external, public subnet, where you''ll create a virtual server to accept Internet traffic. 
• An internal, private subnet, where your application servers live. 
• A management subnet, where you can access the BIG-IP Configuration utility; you use the Configuration 
utility to configure BIG-IP VE. 
 
© 2019 F5 Networks, Inc.         8 of 22Traffic flows from clients through BIG-IP VE to application servers. 
 
You create all IP addresses and network interfaces in Alibaba. Then in BIG-IP VE, you create corresponding 
objects for the same IP addresses, represented by the shaded boxes in the diagram. 
 
Prepare 
To create a multi-NIC configuration, you must first create an Alibaba virtual private cloud (VPC) and subnets 
(known as VSwitches). This is the network environment where your instances will reside.  
 
You must also edit security rules, which determine access to BIG-IP VE and related resources, and create or 
upload an SSH key pair, which you''ll use to connect to the BIG-IP VE instance. 
 
• Create a VPC and management subnet 
• Add an external and internal VSwitch to the VPC 
• Edit security rules for the VPC 
• Create or add an SSH key pair 
 
Create a VPC and management subnet 
A BIG-IP VE instance must be in an Alibaba virtual private cloud (VPC). In this example, BIG-IP VE will be in the 
VPC on the subnet (or VSwitch) intended for management traffic. 
 
1. In the Alibaba Console, from the left menu, click Virtual Private Cloud. 
2. On the top toolbar, select the region you want. 
3. Click Create VPC. 
4. Complete the fields.  
For more information, see: https://www.alibabacloud.com/help/doc-detail/65398.htm 
 
Field Value 
Name A descriptive name. 
IPv4 CIDR Block 10.0.0.0/8 
VSwitch Name Management 
Zone The same zone you chose when you created the VPC. 
 
5. Click OK. 
6. On the success screen, click Complete. 
 
The VPC is displayed in the list. 
 
  
 
© 2019 F5 Networks, Inc.         9 of 22Add an external and internal VSwitch to the VPC 
In Alibaba Cloud, subnets are called VSwitches. In this example, you create two additional VSwitches: external 
and internal. 
 
All subnets must be in the same zone, so before you proceed, ensure you know which zone you created the 
VPC''s first VSwitch in. 
 
To create the external subnet: 
 
1. In the list of VPCs, in the row for your VPC, in the Actions column, click Manage. 
2. In the Network Resources area, click the number next to VSwitch. 
3. Click Create VSwitch. 
4. Complete the fields. 
 
Field Value 
VPC The VPC you just created. 
Name External 
Zone The same zone you chose when you created the VPC. 
IPv4 CIDR Block 10.0.1.0/24 
 
5. Click OK. 
 
To create the internal subnet: 
 
1. Click Create VSwitch. 
2. Complete the fields. 
 
Field Value 
VPC The VPC you just created. 
Name Internal 
Zone The same zone you chose when you created the VPC. 
IPv4 CIDR Block 10.0.2.0/24 
 
3. Click OK. 
 
You should now have three VSwitches: management, external, and internal. 
 
Edit security rules for the VPC 
You must set rules that determine which traffic can access instances in the VPC. 
 
To create a security group for the management subnet: 
 
1. In the list of VPCs, in the row for your VPC, in the Actions column, click Manage. 
2. In the Network Resources section, next to Security Group, click the 0. 
 
© 2019 F5 Networks, Inc.         10 of 223. In the top right, click Create Security Group. 
4. Complete the fields. 
 
Field Value 
Template Customize 
Security Group Name A name you choose, for example, 
ManagementTraffic. 
Network Type VPC 
VPC The VPC you created earlier. 
 
5. Click OK. 
6. On the Notes dialog, click Create Rules Now. 
7. In the top right, click Add Security Group Rule. 
8. Complete the fields to allow SSH access to BIG-IP VE. 
 
Field Value 
Rule Direction Ingress 
Action Allow 
Protocol Type SSH (22) 
Port Range 22/22 
Priority 1 
Authorization Type IPv4 CIDR Block 
Authorization Objects IP address or range on your network; 
these IP addresses can access the VPC. 
 
9. Click OK. 
10. Repeat steps 7-9 and complete the fields to allow access to the BIG-IP Configuration utility web 
interface: 
 
Field Value 
Rule Direction Ingress 
Action Allow 
Protocol Type HTTPS (443) 
Port Range 443/443 
Priority 1 
Authorization Type IPv4 CIDR Block 
Authorization Objects IP address or range on your network; 
these IP addresses can access the VPC. 
 
11. Click OK. 
 
The rules are displayed in the list. 
 
© 2019 F5 Networks, Inc.         11 of 22To create a security group for the external (virtual server) subnet: 
 
1. In the left pane, click Virtual Private Cloud. 
2. In the list of VPCs, in the row for your VPC, in the Actions column, click Manage. 
3. In the Network Resources section, next to Security Group, click the 1. 
4. In the top right, click Create Security Group. 
5. Complete the fields. 
 
Field Value 
Template Customize 
Security Group Name A name you choose, for example, 
ExternalTraffic. 
Network Type VPC 
VPC The VPC you created earlier. 
 
6. Click OK. 
7. On the Notes dialog, click Create Rules Now. 
8. In the top right, click Add Security Group Rule. 
9. Complete the fields to allow internet access to the BIG-IP VE virtual server. 
 
Field Value 
Rule Direction Ingress 
Action Allow 
Protocol Type HTTPS (443) or HTTP (80), depending on your 
needs 
Port Range 443/443 or 80/80 
Priority 1 
Authorization Type IPv4 CIDR Block 
Authorization Objects IP address or range on your network; 
these IP addresses can access the VPC. 
 
10. Click OK. 
 
To create a security group for the internal subnet: 
 
1. In the left pane, click Virtual Private Cloud. 
2. In the list of VPCs, in the row for your VPC, in the Actions column, click Manage. 
3. In the Network Resources section, next to Security Group, click the 1. 
4. In the top right, click Create Security Group. 
5. Complete the fields. 
 
Field Value 
Template Customize 
 
© 2019 F5 Networks, Inc.         12 of 22Security Group Name A name you choose, for example, 
InternalTraffic. 
Network Type VPC 
VPC The VPC you created earlier. 
 
6. Click OK. 
7. On the Notes dialog, click Create Rules Now. 
8. In the top right, click Add Security Group Rule. 
9. Complete the fields to allow internet access to the BIG-IP VE virtual server. 
 
Field Value 
Rule Direction Ingress 
Action Allow 
Protocol Type Your choice, depending on access needed for 
your application servers. 
Port Range Your choice, depending on access needed for 
your application servers. 
Priority 1 
Authorization Type IPv4 CIDR Block 
Authorization Objects IP address or range on your network; 
these IP addresses can access the VPC. 
 
10. Click OK. 
 
Create or add an SSH key pair 
You need a key pair to connect to BIG-IP VE and set the admin password. 
 
1. In the Alibaba Console, from the left menu, click Elastic Compute Service. 
2. On the left menu, under Networks and Security, click SSH Key Pair. 
3. In the top right, click Create SSH Key Pair. 
4. Type and name and either create or import a key pair. 
5. Click OK. 
 
The key pair name is displayed in the list. You will use this key later, to connect to the BIG-IP VE instance. 
 
  
 
© 2019 F5 Networks, Inc.         13 of 22Deploy 
Now deploy a BIG-IP VE instance and configure basic networking for it. 
 
• Deploy a BIG-IP VE instance 
• Change the security group associated with the external ENI 
• Create an internal elastic network interface (ENI) 
• Create an Elastic IP address for the virtual server 
• Bind the EIP to the external ENI 
 
Deploy a BIG-IP VE instance 
To create an instance of BIG-IP VE in Alibaba, you deploy a BIG-IP VE image from the Alibaba Marketplace. 
 
1. In the Alibaba Console, from the left menu, click Elastic Compute Service. 
2. On the left menu, click Instances. 
3. In the top right, click Create Instance. 
4. Complete the fields. 
 
Field Value 
Billing Method Subscription – You pay monthly for the instance.    
Pay-As-You-Go – You pay based on time. If you are going to 
choose a BIG-IP VE PAYG image, you should choose this method. 
Preemptible Instance is not supported. 
 
For more information, see Billing method comparison. 
Region Select the zone where you created your VSwitches.  
Instance Type Choose at least 2 vCPU and 4 GB memory. For each vCPU, add at 
least 2 GB of memory. 
 
Also, ensure the instance type you choose has the number of 
available Elastic Network Interfaces (ENIs) you need. In this 
example, you need three. 
Image Click Marketplace Image and search for F5. 
 
If you choose BYOL, need an F5 license. You can get a trial license 
if you need one. 
 
If you expect to upgrade BIG-IP VE in the future, choose an image 
with 2 boot locations. If you do not need room to upgrade (if you 
intend to create a new instance when a new version of BIG-IP VE 
is released), choose an image with 1 boot location. 
Storage Accept the default or change it. 
 
For LTM, set the System Disk value to the minimum available 
size. 
 
 
© 2019 F5 Networks, Inc.         14 of 225. Click Next: Networking. 
6. Complete the fields. 
 
Field Value 
Network The VPC you created earlier and the Management VSwitch you 
created. 
Network Billing Method Select Assign public IP.  
 
This IP address is for initial management access to BIG-IP VE and 
you can remove it later. 
 
If you have a jump host on the same VSwitch then you do not 
need this IP address. 
Security Group Select the ManagementTraffic group. 
Elastic Network Interface Eth0 is displayed by default.  
 
Add an additional ENI for eth1 and associate it with the External 
VSwitch.  
 
Note: This ENI is associated with the same security group as eth0. 
You will change this in a later task. 
 
7. Click Next: System Configurations. 
8. Complete the fields. 
 
Field Value 
Key Pair The key pair you created or imported earlier. 
 
Important: A key pair is the only type of logon credentials you 
can use to connect to BIG-IP VE for the first time. The other 
settings (Inherit Password From Image, Password, and Set Later) 
do not work. 
Instance Name A name you choose. 
Host Important: This setting has no effect on BIG-IP VE.  
 
9. Click Next: Grouping. 
10. Click Add Tag. You may want to add a tag key named Name and a tag value with the name of your 
instance. 
11. Click Next: Preview. 
12. Optional. If you chose Pay-As-You-Go for the billing method, choose the duration you want. 
13. Select the check box to accept the terms of service and click Create Order. 
14. On the page that shows billing, click Pay. 
 
Return to the console and click Elastic Compute Service > Instances. The instance is displayed in the list.  
Wait approximately five minutes for the instance to be ready. 
 
© 2019 F5 Networks, Inc.         15 of 22Change the security group associated with the external ENI 
When you deployed BIG-IP VE and selected a second NIC for the external network, that NIC was associated with 
the same security group as the primary NIC, which is used for management. 
 
You must associate the second NIC with a security group meant for external traffic. 
 
1. In the Alibaba Console, from the left menu, click Elastic Compute Service. 
2. On the left menu, under Networks and Security, click ENI. 
3. For the secondary NIC meant for external traffic, in the Actions column, click Modify. 
4. For Security Group, select the ExternalTraffic group and remove the ManagementTraffic group. 
5. Click OK. 
 
The list refreshes. 
 
Create an internal elastic network interface (ENI) 
When you created the BIG-IP VE instance, you associated two network interfaces with it (one for management 
and one for external). To connect BIG-IP VE with your internal servers, create an internal network interface, and 
attach it to your BIG-IP VE instance. 
 
1. In the Alibaba Console, from the left menu, click Elastic Compute Service. 
2. On the left menu, under Networks and Security, click ENI. 
3. Click Create ENI. 
4. Complete the fields. 
 
Field Value 
Network Interface Name InternalENI 
VPC Your VPC 
VSwitch Internal 
Primary Private IP 10.0.2.200 
Security Group InternalTraffic  
 
The ENI is displayed in the list. Now attach it to the BIG-IP VE instance. 
 
1. In the list, for your ENI, in the Actions column, click Bind to Instance. 
2. Select the instance and click OK. 
 
Important: You must now reboot the BIG-IP VE so that it can register the new NIC. To do this, in the Instances 
list, in the Actions column, click More > Instance Status > Restart. For Restart Mode, click Restart and OK.  
 
Create an Elastic IP address for the virtual server 
You must create an Elastic IP (EIP) address for your virtual server to be available from the internet. 
 
In this task, you create the EIP. In the next task you will associate the EIP with the external elastic network 
interface (ENI). 
 
 
© 2019 F5 Networks, Inc.         16 of 221. In the Alibaba Console, from the left menu, click Virtual Private Cloud. 
2. In the left menu, click Elastic IP Addresses. 
3. Click Create EIP. 
4. Select your region and other details and click Buy Now. 
5. Agree to the terms of service and click Activate. 
 
Return to the console. 
 
Bind the EIP to the external ENI 
Before you begin this task, find the ID of the external ENI.  
 
Your virtual server address is the primary private IP address associated with the external ENI. The EIP is the 
public address of the virtual server. 
 
1. Return to the list of elastic IP addresses and find the IP address you just created.  
2. In the Actions column for the EIP, click Bind. 
3. Complete the fields. 
 
Field Value 
Instance Type Secondary ENI 
Mode Nat Mode 
Secondary ENI The ID of your external ENI. 
 
4. Click OK. 
 
The EIP is now associated with the external ENI. 
 
  
 
© 2019 F5 Networks, Inc.         17 of 22Configure 
Finally, configure BIG-IP VE so that traffic passes through it to your application servers. 
 
• Set the admin password 
• License BIG-IP VE 
• Provision BIG-IP VE 
• Create internal and external VLANs 
• Create internal and external self IP addresses 
• Create a pool and add members to it 
• Create a virtual server 
 
 
Set the admin password 
The first time you boot BIG-IP VE, you must connect to the instance and create a strong admin password. You 
will use the admin account and password to access the BIG-IP Configuration utility web page. 
 
This management interface may be accessible to the Internet, so ensure the password is secure. 
 
1. Connect to BIG-IP VE. 
• At the command prompt, navigate to the folder where you saved your ssh key and type: ssh -i 
 admin@ 
• If you prefer, you can use PuTTy : 
a. In the Host Name (or IP address) field, enter the external IP address. 
b. In the Category pane on the left, click Connection > SSH > Auth. 
c. In the Private key file for authentication field, choose your .ppk file. 
d. Click Open. 
e. If a host key warning appears, click OK. 
f. The terminal screen displays: login as: 
g. Type admin and press Enter. 
h. You are now at the tmsh command prompt. 
2. Modify the admin password: 
modify auth password admin 
The terminal screen displays the message: 
changing password for admin 
new password: 
3. Type the new password and press Enter. 
The terminal screen displays the message: 
confirm password 
4. Re-type the new password and press Enter. 
Ensure that the system retains the password change and press Enter. 
save sys config 
The terminal screen displays the message: 
Saving Ethernet mapping...done 
 
  
 
© 2019 F5 Networks, Inc.         18 of 22License BIG-IP VE 
You must enter license information before you can use BIG-IP VE. 
 
1. Open a web browser and log in to the BIG-IP Configuration utility by using https with the external IP 
address, for example: https://. 
The username is admin and the password is the one you set previously. 
On the Setup Utility Welcome page, click Next. 
2. On the General Properties page, click Activate. 
3. In the Base Registration key field, enter the case-sensitive registration key from F5. 
4. For Activation Method, if you have a production or Eval license, choose Automatic and click Next. 
5. If you chose Manual, complete these steps: 
h. In the Step 1: Dossier field, copy all of the text and then click Click here to access F5 Licensing 
Server. 
i. A separate web page opens. 
j. On the new page, click Activate License. 
k. In the Enter your dossier field, paste the text and click Next. 
l. Accept the agreement and click Next. 
m. On the Activate F5 Product page, copy the license text in the box. Now go back to the BIG-IP 
Configuration utility and paste the text into the Step 3: License field. 
n. Click Next. 
 
The BIG-IP VE system registers the license and logs you out. When the configuration change is successful, click 
Continue to provision BIG-IP VE. 
 
Provision BIG-IP VE 
You must confirm the modules you want to run before you can begin to work in the BIG-IP Configuration utility. 
 
1. Open a web browser and log in to the BIG-IP Configuration utility. 
2. On the Resource Provisioning screen, change settings if necessary and click Next. 
3. On the Device Certificates screen, click Next. 
4. On the Platform screen, in the Admin Account field, re-enter the password for the admin account and 
click Next. 
BIG-IP VE logs you out. 
5. When you log back in, on the Setup Utility > Network screen, in the Advanced Network Configuration 
area, click Finished. 
 
Create internal and external VLANs 
In BIG-IP VE, you must create an external and internal VLAN that correspond to the Alibaba subnets. 
 
1. In the BIG-IP VE Configuration utility, on the Setup Utility Network page, under Advanced Network 
Configuration, Finished. 
2. On the Main tab, click Network > VLANs. 
3. Click Create and populate the appropriate fields for the external VLAN. 
 
Field Value 
Name external 
 
© 2019 F5 Networks, Inc.         19 of 22Interface 1.1 
Tagging Untagged 
 
4. In the Resources section, click Add. 
5. Click Finished. 
6. Now click Create again and populate the appropriate fields for the internal VLAN. 
 
Field Value 
Name internal 
Interface 1.2 
Tagging Untagged 
 
7. In the Resources section, click Add. 
8. Click Finished. 
 
The screen refreshes, and the two new VLANs are in the list. 
 
Create internal and external self IP addresses 
Before starting these steps, note the primary private IP address for the internal VSwitch. 
 
Then in BIG-IP VE, create an internal self IP address. 
 
1. In the BIG-IP VE Configuration utility, on the Main tab, click Network > Self IPs. 
2. Click Create and populate the appropriate fields for the external self IP address. 
 
Field Value 
Name ExternalSelfIP 
IP Address 10.0.1.200 
Netmask 255.255.255.0 
VLAN/Tunnel external 
Port Lockdown Allow All 
 
3. Click Repeat and populate the appropriate fields for the internal self IP address. 
 
Field Value 
Name InternalSelfIP 
IP Address 10.0.2.200 
Netmask 255.255.255.0 
VLAN/Tunnel internal 
Port Lockdown Allow All 
 
4. Click Finished. 
 
© 2019 F5 Networks, Inc.         20 of 22The screen refreshes, and the two new self IP addresses are in the list. 
 
Create a pool and add members to it 
Traffic goes through BIG-IP VE to a pool. Your application servers should be members of this pool. In this 
example, the app server is a web server on port 443. 
 
1. Open a web browser and go to the BIG-IP Configuration utility. 
2. On the Main tab, click Local Traffic > Pools. 
3. Click Create. 
4. In the Name field, type web_pool. Names must begin with a letter, be fewer than 63 characters, and 
can contain only letters, numbers, and the underscore (_) character. 
5. For Health Monitors, move https from the Available to the Active list. 
6. Choose the load balancing method or retain the default setting. 
7. In the New Members section, in the Address field, type the IP address of the application server. 
8. In the Service Port field, type a service port, for example, 443. 
9. Click Add. 
The list now contains the member. 
10. Add additional pool members as needed and click Finished. 
 
Create a virtual server 
A virtual server listens for packets destined for the external IP address. You must create a virtual server that 
points to the pool you created. 
 
1. In the BIG-IP Configuration utility, on the Main tab, click Local Traffic > Virtual Servers. 
2. Click Create and populate the following fields. 
 
Field Value 
Name A unique name. 
Destination Address/Mask A wildcard (0.0.0.0) or the private IP 
address on the external network. 
Service Port 443 
HTTP Profile http 
SSL Profile (Client) clientssl 
SSL Profile (Server) serverssl 
Source Address Translation Auto Map 
Default Pool web_pool 
 
Note: These settings are for demonstration only. For details about securing a web application with SSL, 
see the product documentation at askf5.com. 
3. Click Finished. 
 
Traffic to the BIG-IP VE external IP address will now go to the pool members. To test in a browser, type: 
https://.  
 
© 2019 F5 Networks, Inc.         21 of 22Troubleshooting 
If you have any problems with your configuration, see the following information. 
 
Virtual servers 
Ensure that the external ENI is associated with the Elastic IP address, and that the security group associated with 
the external ENI allows traffic to the port you want. 
 
You cannot currently create more than one virtual server in Alibaba Cloud. You can use a wildcard virtual server 
(0.0.0.0) or the external private IP address. 
 
Elastic Network Interfaces and security groups 
Each Elastic Network Interface (ENI) has an associated security group.  
 
If you have trouble connecting to your application server, check the security groups associated with each ENI. 
 
Zones 
Ensure all of your VSwitches (your subnets) are within the same zone. 
 
Instance types 
When you deploy BIG-IP VE, the instance type you choose must allow the number of NICs you need. 
 
The instance type must also be I/O optimized. 
 
 
© 2019 F5 Networks, Inc.         22 of 22">