F5 LTM Config Merge Procedure

Config Merge

Peter Baumann

Description

To Merge an LTM config from a F5 to another F5 you need to split the bigip.conf file into seperate config files which you need then to import on the destination F5.

Import the config parts with copy-paste into the terminal and with the following tmsh command:

load sys config from-terminal merge

It is recommended to check the config first with verify then check for any resulting errors:

load sys config from-terminal merge verify

Order of import

Importing the F5 config needs a specific order which is recommended. I did this many times and never had a problem migrating a config from one F5 to another.

  • Import Certificate archive of the source F5
  • ltm monitor

Check for monitor passwords if used

For external monitors check if run scripts need to be converted. Copy the files from external monitors first if needed.

  • ltm node
  • ltm data-group
  • ltm pool
  • ltm rule

Check if iRules already exists on the destination F5

  • ltm persistence

If ASM Policies are used, they need to be exported and imported on the new system. ASM Policies are configured in LTM Policies.

  • ltm policy

Check for invalid url! Since v12 for a location string you need to prepend it with "tcl:"

  • ltm auth_ssl-cc-ldap

Check for passwords in the config

  • ltm auth profile

If 'ltm profile client-ssl' need to be migrated, clientssl files need to export/import first

  • ltm profile
  • sys ifiles

Check if ifiles already exists on the destination F5.
! Maybe you don't need to migrate this since it is already migrated with the ssl archive above !

  • sys file external monitor
  • ltm ifile

Check if ifile already exists on the destination F5

  • ltm snat
  • ltm snat-translation
  • ltm snatpool

If you also migrating APM config you need to export-import now the APM access policies from the source to the destination F5

  • ltm virtual

For migration you can set the new config to "dummy" ip-addresses. So is would be possible to "migrate" one VS by the other.
Only change the real ip-address on the source to a "dummy" ip-address and set the real ip-address on the destination F5.

Migration done...