About the challenge of running a F5 BIG-IP-VM on Windows Server 2012 R2 with tagged VLAN trunk ports just the way you would expect a network appliance to work.

Recently I started to build a new lab environment on Windows Server 2012 R2 to run Lync, Exchange and other stuff that could possibly be tested with F5 BIG-IP. Since I needed a router/gateway anyways, important to note that it must support an authenticating parent proxy server, I decided to start with a more complex F5 right away instead of using Vyatta community edition as I did before. Vyatta has been aquired by Brocade a while ago and since then they released no free updates anymore. Unfortunaltely, also the VyOS fork did not really develop until now. Luckily I have access to a full supported lab license, need to run more and more services on it and therefore it seemd to be the best solution anyways.

But why do I write this here? Simple answer: I just want to share the issues I experience/d. Hyper-V in its Windows Server 2012 release is a quite brilliant piece of software and a solid platform and like with any new stuff you want to use all of it in a lab. :) So I took the lab VM I already had run on a Windows Server 2012 host, added a few more network interface (up to 8 are supported), cleaned up the objects, upgraded to BIG-IP release 11.5 and did the base configuration. To get it close to reality I wanted to use several subnets transported over a few VLAN-tagged interfaces which is nothing that will abandon the F5 to despair. It is only that Hyper-V knows trunk ports just starting with Windows Server 2012 (R1). Do not get it wrong, of course Hyper-V knows how to how to transport VLANs over the virtual switch to the ports of the VM, but only one VLAN per VM interface. VM Network ports in the Hyper-V virtual switch always have been access ports. Now we all know that Winows Server 2012 is out since some time but taking the market share into account here is once again a point where you can clearly see that Hyper-V is not that important for third parties, although nearly all of the major vendors support it nowadays, the least they could do.

So now I had a Hyper-V guest with trunk ports, had configured the VLANs on the F5 and what happend? Correct: Nothing. I tried this and that und at some point followed that warning in the event log that the integration services’ version was too old. At some point I realized that if I wanted to use newer functionalies from the Hypervisor I should have coompatible integration services running inside of the VM. So I configured all network ports in the VM to be access ports again and suddenly everything work like never had an issue.

I am not really sure why it does not fully work, the Linux integration services are the latest version LIS 3.5, but the Microsoft Technet adds a footnote to the compatibility list for LIS http://technet.microsoft.com/library/dn531030.aspx for RedHat/CentOS stating for all versions up to release 6.5: “For this specific RHEL/CentOS release, VLAN tagging may not work when used in conjunction with trunk mode.” which means: It depends if VLAN tagged trunk ports work with a RHEL/CentOS VM like the BIG-IP. This restriction is gone with RHEL/CentOS release 7.0

Since BIG-IP 11.6 is now running a RHEL 6.4 kernel (http://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-ltm-11-6-0.html#rn_new) I’ll give that a try.