F5 BIGIP LTM on AWS

step-by-step LTM AWS

following doc http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-ve-setup-amazon-ec2-11-4-0/2.html

1. create VPC: 10.0.0.0/16

2. create subnets
  management 10.0.0.0/24
  external   10.0.1.0/24
  internal   10.0.2.0/24

3. security group - web instances
 for testing it will be quite open
 outbound - all TCP / all ICMP
 inbound - 22, 80, 443 / all ICMP

4. launch EC2  	ami-f5ffe281
 - in the VPC subnet 10.0.0.0/24
 - add additional interface in the 10.0.1.0/24 subnet
 - allow-all-traffic security group

5. adding 3rd network interface
 - create interface in the 10.0.2.0/24 subnet
 - use allow-all-traffic subnet
 - attach to the BIGIP interface

6. assign public IP address to the management VPC IP

7. assign admin password
 - login as root
 - tmsh modify auth password admin
 - tmsh save sys config

8. assign secondary ip address
 - assign 10.0.1.101 to NIC within 10.0.1.0/24
 - allocate IP address
 - assign the IP address to 10.0.1.101

Note: Before these IP addresses can be used with the BIG-IP VE system, they must be configured within TMOS.
Question: what does it mean in practice? Self IP?

9. log in into VPC console
- Setup / Next
- Activate licence
   - add key, outbound connection: mgmt
- provisioning: APM: Nominal, LTM: Nominal
- BIGIP VE reboots
- Setup Utility  ››  Platform: (management port: DHCP, host: f5.apogado.com, root/admin username)
- BIGIP reboots

At this point I see the BIGIP VE doesn't recognize the eth2 (internal) NIC, rebooting the instance.

10. setting up network:
- create VLANS (mac address represents
  - external, untagged 1.1
  - internal, untagged 1.2
  - created SelfIP for static (primary) IP addresses
  - disable src/dest check

11. update VPC routing
   - set routing from the internal (10.0.2.0/24) network through internal BIGIP interface (alternatively set  AutoMap for VS SNAT)

11. created node/pool/virtual server
  - pool: 10.0.2.102:80
  - create virtual server 10.0.1.101:80