INSTALLATION GUIDE
vThunder for VMware ESXi
April 6, 2017
© 2017 A10 Networks, Inc. Confidential and Proprietary - All Rights Reserved
Information in this document is subject to change without notice.
Patent Protection
A10 Networks products are protected by patents in the U.S. and elsewhere. The following website is provided to satisfy the virtual patent marking provisions of various jurisdictions including the virtual patent marking provisions of the America Invents Act. A10 Networks' products, including all Thunder Series products, are protected by one or more of U.S. patents and patents pending listed at:
https://www.a10networks.com/company/legal-notices/a10-virtual-patent-marking
Trademarks
A10 Networks trademarks are listed at:
https://www.a10networks.com/company/legal-notices/a10-trademarks
Confidentiality
This document contains confidential materials proprietary to A10 Networks, Inc. This document and information and ideas herein may
not be disclosed, copied, reproduced or distributed to anyone outside A10 Networks, Inc. without prior written consent of
A10 Networks, Inc.
A10 Networks Inc. Software License and End User Agreement
Software for all A10 Networks products contains trade secrets of A10 Networks and its subsidiaries and Customer agrees to treat Software as confidential information.
Anyone who uses the Software does so only in compliance with the terms of the End User License Agreement (EULA), provided later in
this document or available separately. Customer shall not:
1. reverse engineer, reverse compile, reverse de-assemble or otherwise translate the Software by any means
2. sublicense, rent or lease the Software.
Disclaimer
This document does not create any express or implied warranty about A10 Networks or about its products or services, including but not
limited to fitness for a particular use and non-infringement. A10 Networks has made reasonable efforts to verify that the information
contained herein is accurate, but A10 Networks assumes no responsibility for its use. All information is provided "as-is." The product
specifications and features described in this publication are based on the latest information available; however, specifications are subject to change without notice, and certain features may not be available upon initial product release. Contact A10 Networks for current
information regarding its products or services. A10 Networks’ products and services are subject to A10 Networks’ standard terms and
conditions.
Environmental Considerations
Some electronic components may possibly contain dangerous substances. For information on specific component types, please contact the manufacturer of that component. Always consult local authorities for regulations regarding proper disposal of electronic components in your area.
Further Information
For additional information about A10 products, terms and conditions of delivery, and pricing, contact your nearest A10 Networks location, which can be found by visiting www.a10networks.com.
Table of Contents
Overview ........................................................................................................................................................................ 5
System Requirements ........................................................................................................................................ 6
Downloading the vThunder Software ......................................................................................................... 7
Licensing ................................................................................................................................................................ 8
Interfaces ................................................................................................................................................................ 8
Feature Support ................................................................................................................................................... 9
Limitations ...........................................................................................................................................................10
Promiscuous Mode ....................................................................................................................................10
High Availability Limitations ..................................................................................................................10
Provisioned Size Limitations ..................................................................................................................10
Installing vThunder on vSphere Client ..............................................................................................................11
Installing the vThunder Instance .................................................................................................................11
Modifying vSwitch Settings ...........................................................................................................................14
Powering On the vThunder Instance .........................................................................................................15
Accessing the vThunder CLI on the Console ...........................................................................................15
Support for Non-dedicated Management Port Mode .........................................................................16
Adding Extra Ethernet Data Interfaces ......................................................................................................17
Adding Extra Port Groups if Necessary .....................................................................................................18
Installation vThunder Software Using ovftool................................................................................................19
Installing the License and Initial Login ..............................................................................................................20
Installing the License .......................................................................................................................................20
Transferring a License to a Different vThunder Instance ....................................................................21
More About the Global License Manager (GLM) ...................................................................................21
Initial vThunder Configuration .............................................................................................................................22
Login via CLI ........................................................................................................................................................22
Configure the Management Interface .......................................................................................................22
Configuring Single-interface Mode for vThunder .................................................................................24
Change the Admin Password ........................................................................................................................25
Save the Configuration Changes – write memory ................................................................................25
System Poll Mode ..............................................................................................................................................26
Additional Resources – Where to go from here? ...................................................................................28
Upgrading vThunder................................................................................................................................................29
page 3 | Document No.: VT-VMWARE-ESXI-004 - Apr 06, 2017
vThunder for VMware ESXi—Installation Guide
Contents
Document No.: VT-VMWARE-ESXI-004 - Apr 06, 2017 | page 4
Installation
This guide describes how to install the vThunder virtual appliance on a VMware ESXi hypervisor.
The following topics are available:
• Overview
• Installing vThunder on vSphere Client
• Installation vThunder Software Using ovftool
• Installing the License and Initial Login
• Initial vThunder Configuration
• Upgrading vThunder
Overview
vThunder for VMware ESXi is a fully operational, software-only version of the ACOS Series Server Load Balancer (SLB),
Application Delivery Controller (ADC), or IPv6 migration device.
The maximum throughput of vThunder for VMware ESXi is variable and depends on which vThunder software license
was purchased.
vThunder is distributed in an OVA format, which is a single-file version of Open Virtualization Format (OVF). The file you
will receive from A10 Support has an ova extension.
You can install vThunder on a hardware platform running VMware ESXi 4.1 Update 2, or VMware ESXi 5.0.
For a list of minimal software and hardware requirements, see “System Requirements” on page 6.
NOTE:
If the vThunder network interfaces are in a tagged VLAN, enter 4095 in the VLAN ID
field to enable tagging.
NOTE:
The product name for the ACOS virtual appliance changed from “SoftAX” to “vThunder”
beginning with ACOS 2.7.1-P3 (SLB release) and ACOS 2.8.1 (IPv6 Migration release).
This document uses the “vThunder” name, but some file names, directory paths, and
screenshots may still refer to “SoftAX”.
page 5 | Document No.: VT-VMWARE-ESXI-004 - Apr 06, 2017
vThunder for VMware ESXi—Installation Guide
Overview
Figure 1 shows vThunder running on top of commodity servers (which are running the VMware ESXi hypervisor).
FIGURE 1
vThunder for VMware ESXi
System Requirements
Hardware Requirements
The hardware platform where vThunder will be installed must meet the following minimal requirements:
• 1 CPU (Intel VT-enabled)
• 4 GB RAM memory (more RAM may be needed if you are using memory-intensive features, such as Jumbo
Frame)
• 16 GB disk space
• 2 Ethernet ports (1 mgmt interface and 1 data interface)
Document No.: VT-VMWARE-ESXI-004 - Apr 06, 2017 | page 6
vThunder for VMware ESXi—Installation Guide
Overview
vThunder Requirements
The vThunder must meet the following requirements:
• 1 to 4 virtual CPUs
• 2 GB to 16 GB virtual memory:
• 8 GB virtual memory required for ACOS 3.2.x
• 4 GB virtual memory required for ACOS 4.x
• Virtual disk image size:
• 10 GB for ACOS 2.7.x and earlier
• 12 GB for ACOS 2.7.1-GR1, 2.7.2-Px and earlier
• 12 GB for ACOS 3.x, 4.x and later
• Running one of the following ACOS software versions:
• For standard SLB features – ACOS Release 2.7.1, or later
• For IPv6 migration features – ACOS Release 2.8.1, or later
• Virtual network adapters:
• Minimum: 1 management, 1 data port
• Maximum: 1 management, 8 data ports
• VMware ESXi 4.1 Update 2 client (required unless you plan to install using ovftool)
• Separate port groups for each vThunder interface (see “Adding Extra Port Groups if Necessary” on page 18), con-
figured before you begin installing vThunder
NOTE:
To obtain VMware ESXi 4.1 Update 2, navigate to: http://www.vmware.com
Downloading the vThunder Software
To download the vThunder for VMware ESXi software, log into your Global License Manager (GLM) account and visit the
following URL: https://glm.a10networks.com/downloads
The A10 sales team should have set up a GLM account for you when you first purchase the product. If you do not yet
have a GLM account, please contact sales@a10networks.com.
For more information about using the GLM to download the software, see “More About the Global License Manager
(GLM)” on page 21.
page 7 | Document No.: VT-VMWARE-ESXI-004 - Apr 06, 2017
vThunder for VMware ESXi—Installation Guide
Overview
Licensing
vThunder for VMware ESXi requires a license. Without a license, the product cannot run production traffic, and the
amount of bandwidth is only sufficient for testing network connectivity. After you have downloaded and installed the
vThunder software, you will need a license before you can run live traffic. Instructions for obtaining and installing the
license are provided here: “Installing the License and Initial Login” on page 20.
Interfaces
vThunder has 3 Ethernet interfaces after installation:
• Management – Dedicated management interface
• Ethernet 1 – Data interface
• Ethernet 2 – Data interface
NOTE:
The minimum requirement is to have two ports (one management port, and one data
port). When installing vThunder from the OVA file, three ports are automatically created
(one management and two data ports). If desired, you can add or remove data ports
after the vThunder instance is deployed.
To connect the vThunder to other devices, you must connect each vThunder interface to a separate port group on the
virtual switch (vSwitch) on the VMware host.
In a typical deployment, one of the data interfaces is connected to the server farm, and the other data interface is connected to the clients. However, one-arm deployment is also supported. You also can add additional data interfaces as
needed.
Figure 2 on page 9 shows an example of vThunder interface connections. Each vThunder interface is connected to a
separate port group on the VMware host’s vSwitch. Each of the port groups is connected to a separate physical interface (NIC).
Document No.: VT-VMWARE-ESXI-004 - Apr 06, 2017 | page 8
vThunder for VMware ESXi—Installation Guide
Overview
FIGURE 2
vThunder for VMware ESXi Interfaces
vThunder also supports management connection to the command line interface (CLI) through the console in vSphere
Client. The console is required for initial configuration. You can access the ACOS device on the Mgmt (Management),
Ethernet 1 (Eth1), and Ethernet 2 (Eth2) interfaces after you configure IP addresses on them and connect them to a port
group on a vSwitch.
Feature Support
vThunder for VMware ESXi supports many of the same features as the Thunder Series hardware-based models, but the
exact set of supported features varies based on whether vThunder is running an ADC (SLB) release, CGN (IPv6 Migration) release, or a DDoS release.
See the vThunder Feature Support Matrix for a complete summary.
page 9 | Document No.: VT-VMWARE-ESXI-004 - Apr 06, 2017
vThunder for VMware ESXi—Installation Guide
Overview
Limitations
vThunder has the following limitations:
Promiscuous Mode
vThunder runs in non-promiscuous mode by default in order to achieve slight performance optimizations. However,
the following limitations will apply:
• VE interfaces can be bound to only 1 tagged/untagged physical interface
• VE MAC address assignment scheme changes are not supported
• The virtualized Network Interface Card (VNIC) in the vSwitch to which the vThunder interface is attached may
also need to be set to promiscuous mode for proper functioning.
If these limitations are problematic, you may remove them by re-enabling promiscuous mode. A vThunder system that
is running in non-promiscuous mode can be transitioned back to promiscuous mode with the following command:
system promiscuous-mode
NOTE:
When making the transition from promiscuous mode to non-promiscuous mode (or
vice-versa), the vThunder instance must be reloaded.
When upgrading to 2.6.1-GR1-P4 from a prior release, vThunder automatically decides whether to run in promiscuous
mode or non-promiscuous mode based on the existing configuration. If the configuration satisfies all requirements for
running in non-promiscuous mode, then the system will default to running in non-promiscuous mode. Otherwise, the
system will continue to run in promiscuous mode in order to avoid introducing incompatibilities between the old configuration and the defaults associated with the newer software version.
High Availability Limitations
The following HA limitations will apply:
• HA is supported in releases prior to ACOS 4.0. However, HA in-line mode configurations are not supported.
• In ACOS 4.0 and later, HA is no longer supported. Redundancy can only be configured using VRRP-A.
Provisioned Size Limitations
Increasing the provisioned size of the virtual machine for vThunder is not supported.
Document No.: VT-VMWARE-ESXI-004 - Apr 06, 2017 | page 10
vThunder for VMware ESXi—Installation Guide
Installing vThunder on vSphere Client
Installing vThunder on vSphere Client
This section describes the process of installing an instance of the vThunder on a vSphere client.
NOTE:
The vSphere Client procedures in this guide are based on vSphere Client version 4.1.0.
Installing the vThunder Instance
1. Start vSphere Client and log onto the VMware host system, if not already logged in.
2. Download or copy the vThunder .ova archive file into the virtual machine store folder.
3. Select File > Deploy OVF Template.
4. Click Browse and navigate to the vThunder .ova archive file, and then click Open.
5. Click Next. The OVF Template Details screen appears, similar to that shown below:
FIGURE 3
OVF Template Details window
6. Click Next. The End User License Agreement screen appears. Review the license agreement, and if the terms are
acceptable, click Accept.
7. Click Next. The Name and Location screen appears. If desired, edit the default name of the vThunder template, and
then click Next.
page 11 | Document No.: VT-VMWARE-ESXI-004 - Apr 06, 2017
vThunder for VMware ESXi—Installation Guide
Installing vThunder on vSphere Client
FIGURE 4
NOTE:
Name and Location window
If a vThunder template is already installed using the default template name, you will
need to edit a new name for the new template to avoid a conflict.
8. The Resource Pool screen appears. Select the resource pool where you would like to deploy the template, and then
click Next.
9. If the Disk Format screen appears, select Thick provisioned format. This option provides better performance than
Thin provisioned format.
10.The Network Mapping screen appears. Map each vThunder network interface (Management, Ethernet 1, and
Ethernet 2) to a separate port group in the Destination Networks column.
To map a network interface, select a vThunder interface in the Source Networks column, and then select the port
group from the drop-down list in the Destination Networks column. For example, select source network “Management” and destination network “Mgmt”. (See Figure 2 on page 9 and Figure 5 on page 13.)
The actual names of the port groups may differ. You assign the names when you create them as a prerequisite for
vThunder installation.
Document No.: VT-VMWARE-ESXI-004 - Apr 06, 2017 | page 12
vThunder for VMware ESXi—Installation Guide
Installing vThunder on vSphere Client
FIGURE 5
Deploy OVF Template - Network Mapping
11.Click Next to proceed.
page 13 | Document No.: VT-VMWARE-ESXI-004 - Apr 06, 2017
vThunder for VMware ESXi—Installation Guide
Installing vThunder on vSphere Client
The Ready To Complete screen appears, similar to that shown below:
FIGURE 6
Ready to Complete window
12.Verify all settings are correct, and click Finish. The vSphere Client deploys the new vThunder virtual machine.
Modifying vSwitch Settings
By default, VMware only allows packets that are addressed to a virtual machine (such as the vThunder) to be forwarded
to the virtual switch (vSwitch) ports connected to that virtual machine. However, for proper operation, the vThunder
also must be able to receive packets that are not addressed to it, such as packets addressed to load-balanced servers.
NOTE:
The procedure below only applies to VMware's vSwitch. If you are using a third-party
virtual switch, such as the Cisco Nexus or Catalyst Series, this procedure may not be
necessary.
If the vThunder network interfaces are in a tagged VLAN, tagged VLAN mode also must be enabled on the vSwitch. By
default, tagged VLAN support is disabled.
1. Open vSphere Client, if not already open.
2. In the virtual machines inventory, select the host machine on which the vThunder is installed.
Document No.: VT-VMWARE-ESXI-004 - Apr 06, 2017 | page 14
vThunder for VMware ESXi—Installation Guide
Installing vThunder on vSphere Client
3. Click the Configuration tab.
4. In the Hardware section, click Networking.
5. Click Properties next to the virtual machine to which the vThunder is connected.
6. Click the Port tab.
7. Select the interface.
8. Click Edit.
9. If the vThunder network interfaces are in a tagged VLAN, enter 4095 in the VLAN ID field to enable tagging. Otherwise, leave the VLAN ID set to None.
NOTE:
If the vThunder network interfaces are in a VLAN and you do not enter ‘4095’ in the
VLAN ID field, then the vThunder configuration will fail.
10.Click OK.
11.Click Close to close the Properties tab.
Powering On the vThunder Instance
1. Open vSphere Client, if not already open.
2. In the virtual machines inventory, select the vThunder virtual machine.
3. From the menu bar, select Inventory > Virtual Machine > Power > Power On.
Accessing the vThunder CLI on the Console
Initial configuration of vThunder requires the console. Using the console, you can configure IP addresses on the management and data interfaces.
1. In the virtual machines inventory, select the vThunder virtual machine.
2. Click the Console tab or right-click and select Open Console. The Console window appears.
3. Click on the console window to activate keyboard support for the console window.
NOTE:
While keyboard support is active for a console window, you cannot interact with other
windows. To escape the console, press Ctrl+Alt.
4. Use the following information to log into the vThunder virtual appliance with for the first time.
• Default management IP address: 172.31.31.31 /24
• Default admin username and password: admin, a10
page 15 | Document No.: VT-VMWARE-ESXI-004 - Apr 06, 2017
vThunder for VMware ESXi—Installation Guide
Installing vThunder on vSphere Client
• Default enable password required for configuration access, blank (none)
5. Next, you will need to install the license (see “Installing the License and Initial Login” on page 20).
6. And perform basic configurations (see “Initial vThunder Configuration” on page 22).
Support for Non-dedicated Management Port Mode
Beginning with release 2.7.2-P4, ACOS offers the ability to run vThunder for VMware in “non-dedicated management
port mode”.
While in this mode, only one network adapter (VMXNET3 device driver) is used for all interfaces (both data and management). This ability is in contrast to previous releases, in which the E1000 device driver was typically used as the
driver for a dedicated management interface and a different driver was used for the data ports.
In releases prior to 2.7.2-P4, it was typical for a regular vThunder for VMware instance to have drivers assigned to ports
as shown in Table 1 below. The interfaces could have different drivers assigned to the different interfaces.
TABLE 1 Drivers assigned to ports
Mgmt and data ports use different
drivers
All ports use VMXNET3 driver
Eth1 – E1000
Eth1 – VMXNET3
Eth2 – VMXNET3
Eth2 – VMXNET3
Eth3 – VMXNET3
Eth3 – VMXNET3
When all interfaces use the VMXNET3 driver, there is non-dedicated management interface, and any random port can
be used to provide management access. Non-dedicated management port mode can be helpful if you are running
vThunder for VMware in an environment where it may not be possible to have a dedicated management port.
Configuration
Non-dedicated management port mode cannot be enabled or disabled through the CLI or GUI. Instead, the feature is
enabled automatically by a new algorithm in the code.
This new algorithm runs a check whenever a new vThunder for VMware instance is booting. The algorithm checks for
the presence of a dedicated management interface (“eth0”), and if it does not exist, then ACOS automatically enables
the “non-dedicated management port mode”. With no intervention required of the user.
As ACOS is performing this check during bootup, the algorithm also checks the startup config file. If the startup config
file is empty, then ACOS populates the config file with the configuration shown below. This config file defines the interface and allows it to receive an IP address from a DHCP server. (The following is a hypothetical example of what would
appear in the config file if the admin had created a vThunder instance with 3 interfaces. The number of interfaces in the
config file could vary as needed.)
interface ethernet 1
enable
ip address dhcp
!
Document No.: VT-VMWARE-ESXI-004 - Apr 06, 2017 | page 16
vThunder for VMware ESXi—Installation Guide
Installing vThunder on vSphere Client
interface ethernet 2
enable
ip address dhcp
!
interface ethernet 3
enable
ip address dhcp
!
enable-management service ssh ethernet 1 to 3
enable-management service http ethernet 1 to 3
enable-management service https ethernet 1 to 3
enable-management service snmp ethernet 1 to 3
Notes:
• If a vThunder instance is running in “non-dedicated management port mode,” then a DHCP server should be set
up for at least one of the interfaces to ensure that management access is possible.
• The auto-populated contents of the config file that is automatically created when the “non-dedicated manage-
ment port mode” is enabled (i.e., the sample shown above) should not be deleted or modified, or this may cause
the feature to stop working.
• This feature applies to vThunder for VMware and does not apply to any other hypervisor flavors upon which
vThunder can run.
• This feature is supported in the following releases: ACOS 2.7.2-P4 through 2.7.2-P9, and ACOS 4.1.1.
Adding Extra Ethernet Data Interfaces
The vThunder has two data interfaces by default. You can add more data interfaces as needed. Before adding an interface, see “Adding Extra Port Groups if Necessary” on page 18.
NOTE:
The management interface always must be the first interface.
NOTE:
vThunder does not support hot-swapping Ethernet ports. To add a new data port, you
must stop the running instance, add the new port or delete an existing port, and then
restart the vThunder instance.
To add a data interface:
1. In the virtual machines inventory, select the vThunder virtual machine.
2. Click the Getting Started tab, if the page is not already displayed.
3. On the Getting Started page, select Edit virtual machines settings.
page 17 | Document No.: VT-VMWARE-ESXI-004 - Apr 06, 2017
vThunder for VMware ESXi—Installation Guide
Installing vThunder on vSphere Client
4. The Virtual Machine Properties dialog appears.
5. Click Add. The Add Hardware dialog appears.
6. Select Ethernet Adapter and click Next.
7. In the Adapter Type section, select vmxnet3 from the Type drop-down list. If not available, manually add it first.
NOTE:
The type for data interfaces is “vmxnet3”, and the type for the management interface is
“e1000”.
NOTE:
To enable “non-dedicated management port mode”, make sure the management interface type is set to “vmxnet3” and not “e1000”. All interfaces should be set to the same
driver/adapter (“vmxnet3”). See “Support for Non-dedicated Management Port Mode”
on page 16 for information.
8. In the Network Connection section, select the vSwitch for the new vThunder interface, and click Next.
9. Review the configuration information to ensure it is correct, and then click Finish. The vThunder interface is added
to the port group on the vSwitch.
10.Reboot the vThunder virtual machine:
a. In the virtual machines inventory, select the vThunder virtual machine.
b. From the menu bar, select Inventory > Virtual Machine > Power > Reset.
CAUTION:
You must reboot the vThunder instance after adding/deleting an Ethernet port, or performance issues may occur.
11.To verify the new interfaces, log onto the vThunder instance using the CLI and enter the following command:
show interface brief
Compare the MAC addresses of the ACOS interfaces with the MAC addresses on the network interfaces configured
in VMware for the vThunder. They should match.
Adding Extra Port Groups if Necessary
vThunder requires a separate port group for each vThunder interface (Management, Ethernet 1, and Ethernet 2), configured before you begin vThunder installation. If the port groups are not already created in your ESXi, create them
using the steps below. Otherwise, go to “Installing the vThunder Instance” on page 11.
To add a port group to a vSwitch:
1. Start vSphere Client and log onto the VMware host system.
2. In the Inventory, select the host.
Document No.: VT-VMWARE-ESXI-004 - Apr 06, 2017 | page 18
vThunder for VMware ESXi—Installation Guide
Installation vThunder Software Using ovftool
3. Click the Configuration tab and select Networking.
4. In the right column, select Properties next to the virtual switch (vSwitch) name.
5. Click Add.
6. Select Virtual Machine as the connection type, and click Next.
7. Edit the name in the Network Label field. This is the name you will select in step 10 in “Installing the vThunder
Instance” on page 11.
8. If your ESXi physical interface is not tagged, leave the VLAN ID set to 0. If your ESXi physical interface is tagged, set
the VLAN ID to the VLAN tag number.
9. Click Next, then click Finish.
10.Repeat for each port group. The vThunder interfaces must be in separate port groups.
11.Click Close.
Installation vThunder Software Using ovftool
To install vThunder using ovftool:
1. Download or copy the vThunder64 .ova archive file into the virtual machine store folder.
2. Run a script such as the following:
# ovftool \
--acceptAllEulas \
--name=your-vm-name \
--net:"Management"=MGMT \
--net:"Ethernet 1"=Client \
--net:"Ethernet 2"=Server \
--datastore=NFS_ds1 \
/local/path/to/SoftAX64-with-eula.ovf \
'vi://yourusername@vcenter-hostname:443/datacenter-name/host/your-host-name/Resources/yourresource-group-name/'
Table 2 describes the commands shown in the example.
TABLE 2 ovftool commands for installing vThunder
ovftool Command
Description
--acceptAllEulas
Accepts all the End User License Agreements (EULAs) included
with vThunder.
Name you are assigning to the vThunder.
Maps the vThunder Management interface to a port group on
the vSwitch. In this example, port group name is “MGMT”.
--name=your-vm-name
net:"Management"=MGMT
page 19 | Document No.: VT-VMWARE-ESXI-004 - Apr 06, 2017
vThunder for VMware ESXi—Installation Guide
Installing the License and Initial Login
TABLE 2 ovftool commands for installing vThunder (Continued)
ovftool Command
Description
net:"Ethernet 1"=Client
Maps the vThunder Ethernet 1 interface to a port group on the
vSwitch.
Maps the vThunder Ethernet 2 interface to a port group on the
vSwitch.
net:"Ethernet 2"=Server
datastore=NFS_ds1
Specifies the target datastore for the deployment.
/local/path/to/SoftAX64-with-eula.ovf
The filepath to the SoftAX64-with-eula.ovf file.
The target type (vi) and the filepath to the installation target.
'vi:// ...’
To power on the vThunder, use the following command:
--powerOn
Installing the License and Initial Login
This section shows how to log onto the vThunder with SSH (CLI) or HTTPS (GUI), and general steps on obtaining and
installing your product license.
Login Information:
• Default management IP address: 172.31.31.31 /24
• Default admin username and password: admin, a10
• Default enable password required for configuration access, blank (none)
For license installation and information, see the following:
• “Installing the License” on page 20
• “Transferring a License to a Different vThunder Instance” on page 21
• “More About the Global License Manager (GLM)” on page 21
Installing the License
After you have downloaded the software (covered on “Downloading the vThunder Software” on page 7), and installed
the software (covered on “Installing vThunder on vSphere Client” on page 11), you must install the product license
before you can run live traffic on the virtual appliance.
To purchase a vThunder license, please contact sales@a10networks.com.
Upon purchasing the vThunder license, the following events will happen:
1. The A10 sales team will create a Global License Manager (GLM) account for you.
Document No.: VT-VMWARE-ESXI-004 - Apr 06, 2017 | page 20
vThunder for VMware ESXi—Installation Guide
Installing the License and Initial Login
2. You will receive an auto-generated email from A10, which will contain the following:
• Instructions for downloading the software1 from the GLM server (if you have not already done so).
• A unique License Entitlement Token which you will need to use to activate your vThunder license.
• Brief instructions for obtaining the UID (or “host ID”) from your vThunder instance, which you will also need to
use with the token above to activate your vThunder license. Detailed instructions can be found in “Obtaining
your UUID/UID /Host ID” in the Global License Manager User Guide.
• An “activation link” which will take you to the GLM server.
3. Click the activation link that appears in the email. It should say something similar to “Click here to activate an appliance.”
4. Log into the GLM server using the credentials provided to you by the sales team when they set up your account.
5. Enter the Host ID and License Entitlement Token that were sent to you in the email mentioned above.
6. You will receive another automated email containing the activation key. Apply this activation key to the vThunder,
as described in “Activation Key License Installation” in the Global License Manager User Guide.
7. Your vThunder instance should now be fully licensed and capable of running live traffic.
Transferring a License to a Different vThunder Instance
If you wish to transfer an existing standard license to another vThunder appliance, see “Migrating an Existing License”
for instructions in the Global License Manager User Guide.
More About the Global License Manager (GLM)
The Global License Manager (GLM) is the master licensing and billing system for A10 Networks’ appliances. The GLM is
managed by A10 Networks and is the primary portal for customers to begin activation of purchased appliances, create
trial licenses, manage existing assets, track license status, request Return Merchandise Authorizations (RMA), and access
installation resources.
For information about using the GLM to get a license, please see the Global License Manager User Guide. You can download a PDF of this document after you have created a GLM account, by clicking this URL: https://glm.a10networks.com/
and navigating to Downloads.
1.
The downloadable image available is only on the vThunder image based on ACOS 4.x and not prior 2.7.x releases.
page 21 | Document No.: VT-VMWARE-ESXI-004 - Apr 06, 2017
vThunder for VMware ESXi—Installation Guide
Initial vThunder Configuration
Initial vThunder Configuration
This section describes how to configure IP connectivity on the vThunder management and data interfaces.
NOTE:
To display a list of commands for a level of the CLI, enter a question mark ( ? ) and press
Enter. You can display the list separately for each level.
For syntax help, enter a command or keyword followed by a “space”, then enter ? then
press Enter. This works for commands with sub-commands also.
Login via CLI
1. Log into vThunder with the default username admin and the default password a10.
login as: admin
Welcome to vThunder
Using keyboard-interactive authentication.
Password:***
[type ? for help]
2. Enable the Privileged EXEC level by typing enable and pressing the Enter key. There is no default password to
enter Privileged EXEC mode.
vThunder>enable
Password:(just
press Enter on a new system)
vThunder#
3. Enable the configuration mode by typing config and pressing Enter.
vThunder#config
vThunder(config)#
4. It is strongly suggested that a Privileged EXEC enable password be set up as follows:
vThunder(config)#enable-password newpassword
Configure the Management Interface
The procedure below discusses assignment of an IP to the management interface of the vThunder:
1. Configure the management interface IP address and default gateway. Starting with ACOS release 4.1.0, ACOS will
obtain an IP for the management interface in the following order:
a. If there is a management port IP configuration (either a static IP address or DHCP) in the active startup-config
file, then ACOS will either assign the static IP to the vThunder management interface or will attempt to get the
IP address from the DHCP server.
b. If there is no management port IP configuration (neither a static IP address nor DHCP), then vThunder will
attempt to get an IP address from an accessible DHCP server.
Document No.: VT-VMWARE-ESXI-004 - Apr 06, 2017 | page 22
vThunder for VMware ESXi—Installation Guide
Initial vThunder Configuration
c. If vThunder cannot obtain an IP address from a DHCP server, then the default static IP address of “172.31.31.31/
24” will be used.
NOTE:
The management interface is an out-of-band interface and should not be on the same
subnet as any of the data interfaces. If the management interface and the data interfaces are not kept in separate IP subnets, some operations such as pinging may not perform as expected.
In the example below, the IP address for the management interface is 192.168.2.228. None of the data interfaces
should have an IP address of 192.168.2.x.
vThunder(config)#interface management
vThunder(config-if:management)#ip address 192.168.2.228 /24
vThunder(config-if:management)#ip default-gateway 192.168.2.1
2. Verify the interface IP address change:
vThunder(config-if:management)#show interface management
GigabitEthernet 0 is up, line protocol is up.
Hardware is GigabitEthernet, Address is xxxx.yyyy.zzzz
Internet address is 192.168.2.228, Subnet mask is 255.255.255.0
...
3. Optionally, configure the ACOS device to use the management interface as the source interface for automated
management traffic generated by the ACOS device:
ACOS(config-if:management)#ip control-apps-use-mgmt-port
(For more information, see the “Management Interface as Source for Automated Management Traffic" chapter in the
System Configuration and Administration Guide.)
vThunder(config-if:management)#exit
vThunder(config)#
page 23 | Document No.: VT-VMWARE-ESXI-004 - Apr 06, 2017
vThunder for VMware ESXi—Installation Guide
Initial vThunder Configuration
Configuring Single-interface Mode for vThunder
NOTE:
Single-interface mode is only supported in SLB releases and is not supported in IPv6
Migration releases.
NOTE:
Single-interface mode is only supported on vThunder for VMware in ACOS 2.7.2-P6 and
later. It will also be supported in the upcoming 4.1.x release.
To simplify deployment, the vThunder instance can be configured to use a single interface for management and data
traffic. While other sections in this document refer to having a separate management and data interface, “single-interface mode” requires consolidating the functionality of both interfaces into one unified interface. You can configure
vThunder to use DHCP to assign the same IP address to the interface IP, Source NAT IP, and the SLB VIP.
Prerequisites:
• The vThunder interface type must be set to “vmxnet3” for single-interface mode.
To configure vThunder to use a single IP assigned by the DHCP server:
1. Use the commands shown below to force the interface to use the IP assigned by DHCP:
interface ethernet 1
ip address dhcp
2. SSH to the vThunder’s interface IP address that was assigned by the DHCP server.
3. Use the following commands to make vThunder use the IP assigned by DHCP as the VIP:
slb virtual-server v1 use-if-ip ethernet 1
port 80 tcp
service-group http-sg1
NOTE:
This command will cause the VIP to use the same IP address that DHCP assigned to the
vThunder data interface.
4. Use the following commands to configure vThunder to use a source NAT pool:
ip nat pool pool1 use-if-ip ethernet 1
Configuring vThunder Network Settings for Web GUI Access
When configuring single-interface mode, you must configure vThunder to use one port (such as port 80) for VIP traffic
and a different port for Web-based GUI traffic (port 8080 for HTTP and port 8443 for HTTPS).
Use the commands below to configure the vThunder instance to separate the two types of traffic.
Document No.: VT-VMWARE-ESXI-004 - Apr 06, 2017 | page 24
vThunder for VMware ESXi—Installation Guide
Initial vThunder Configuration
For ACOS 2.7.x and later, use the following CLI commands:
web-service
web-service
web-service
web-service
server
port 8080
secure-server
secure-port 8443
For ACOS 4.1.x and later, use the following CLI commands:
web-service port 8080
web-service secure-port 8443
NOTE:
In some deployments, it may be necessary to configure additional “endpoints” on the
host side to get single-interface mode to work correctly. Please contact A10 Support for
additional information.
Change the Admin Password
A10 Networks recommends that you change the admin password immediately for security.
vThunder(config)#admin admin password newpassword
vThunder(config-admin:admin)#
The vThunder is now network accessible for configuration under the new IP address and admin password.
NOTE:
By default, Telnet access is disabled on all interfaces, including the management interface. SSH, HTTP, HTTPS, and SNMP access are enabled by default on the management
interface only, and disabled by default on all data interfaces.
Save the Configuration Changes – write memory
Configuration changes must be saved to system memory to take effect the next time the vThunder is powered on. Otherwise, the changes are lost if the vThunder virtual machine or its host machine are powered down.
To write the current configuration to system memory:
vThunder(config)#write memory
Building configuration...
[OK]
page 25 | Document No.: VT-VMWARE-ESXI-004 - Apr 06, 2017
vThunder for VMware ESXi—Installation Guide
Initial vThunder Configuration
System Poll Mode
Previous ACOS releases support Interrupt Mode, but beginning with ACOS 4.1.1, vThunder offers support for System
Poll Mode.
System Poll Mode uses the Data Plane Development Kit (DPDK), which is a set of data plane libraries and network interface drivers that can be used to accelerate fast-packet processing. The DPDK library was created by Intel and made
available through BSD open source license. DPDK maximizes throughput and minimizes packet processing time
through several methods, such as bypassing the kernel, processing packets in the user space, and using polling instead
of interrupts.
In general, System Poll Mode tends to be faster than Interrupt Mode for most applications.
NOTE:
Depending on the platform, vThunder instances may experience high latency when
directly connected to a Linux server by a virtual switch. Interrupt Mode has higher
latency than System Poll Mode, but System Poll Mode has slightly higher latency than
the ACOS hardware platforms. (Bug 350120)
Enabling System Poll Mode
System Poll Mode is disabled by default. To enable System Poll Mode:
1. Use the following CLI command from global config mode:
vThunder(config)#system-poll-mode enable
2. Exit global config mode and reboot the vThunder instance using the following command:
vThunder(config)#exit
vThunder#reboot
After vThunder finishes rebooting, System Poll Mode will be enabled.
3. To verify System Poll Mode is enabled on the vThunder instance, check the output from the show version command:
vThunder(config)#show version
Thunder Series Unified Application Service Gateway vThunder
Copyright 2007-2016 by A10 Networks, Inc. All A10 Networks products are
protected by one or more of the following US
9294503, 9294467, 9270774, 9270705, 9258332,
9154584, 9154577, 9124550, 9122853, 9118620,
9060003, 9032502, 8977749, 8943577, 8918857,
8868765, 8849938, 8826372, 8813180, 8782751,
8595383, 8584199, 8464333, 8423676, 8387128,
8266235, 8151322, 8079077, 7979585, 7804956,
7627672, 7596695, 7577833, 7552126, 7392241,
6658114, 6535516, 6363075, 6324286, RE44701,
7606912, 7346695, 7287084, 6970933, 6473802,
patents:
9253152,
9118618,
8914871,
8782221,
8332925,
7716378,
7236491,
8392563,
6374300
9219751,
9106561,
8904512,
8595819,
8312507,
7665138,
7139267,
8103770,
9215275
9094364
8897154
8595791
8291487
7647635
6748084
7831712
64-bit Advanced Core OS (ACOS) version 4.1.1, build 193 (Sep-09-2016,01:04)
Booted from Hard Disk primary image
Document No.: VT-VMWARE-ESXI-004 - Apr 06, 2017 | page 26
vThunder for VMware ESXi—Installation Guide
Initial vThunder Configuration
Licenses: Bandwidth
Serial Number: vThunder1000023595
aFleX version: 2.0.0
aXAPI version: 3.0
Hard Disk primary image (default) version 4.1.1, build 193
Hard Disk secondary image version 4.1.1, build 183
Last configuration saved at Sep-9-2016, 17:53
Virtualization type: <hypervisor-name>
System Polling Mode :On
<-- indicates System Poll Mode is enabled.
Build Type: Internal
Hardware: 4 CPUs(Stepping 5), Single 12G Hard disk
Memory 4043 Mbyte, Free Memory 1745 Mbyte
Hardware Manufacturing Code: N/A
Current time is Sep-9-2016, 21:59
The system has been up 0 day, 0 hour, 10 minutes
4. (Optional) You can disable System Poll Mode using the “no” form of the command, as shown below.
Then, reboot the vThunder instance:
vThunder(config)#no system-poll-mode enable
vThunder(config)#exit
vThunder#reboot
Setting the Maximum Limit of Cores for I/O Processing
For vThunder devices that are running with System Poll Mode enabled, you can dynamically set the maximum upper
limit of cores dedicated to I/O processing.
ACOS allocates the available CPUs for performing Control, Packet Processing, and for Packet I/O. In some situations,
such as for handling SSL traffic, it may make more sense to limit the number of CPUs allocated to Packet I/O. This is
because SSL traffic tends to be more bound to the Data CPUs and less bound for the I/O CPUs. Therefore, with heavy
SSL traffic, restricting the number of I/O cores will free up more Data CPUs, and this will achieve better throughput.
NOTE:
The configuration becomes active only after reloading or rebooting the device.
After you have enabled System Poll Mode per the instructions above, you can set the max I/O cores as follows:
1. Use the following CLI command from global config mode:
vThunder(config)# system io-cpu max-cores <number range is system-dependent>
2. Exit global config mode and reboot the vThunder instance using the following command:
vThunder(config)#exit
vThunder#reboot
After vThunder finishes rebooting, System Poll Mode will be enabled, with the new upper limit for I/O cores in
place.
3. You can check that the Max I/O cores config is in effect by using the following show command:
vThunder(config)# show cpu
Time: 10:54:29 UTC Wed Feb 22 2017
1Sec
5Sec
10Sec
30Sec
page 27 | Document No.: VT-VMWARE-ESXI-004 - Apr 06, 2017
60Sec
vThunder for VMware ESXi—Installation Guide
Initial vThunder Configuration
-------------------------------------------------------Control1
5%
4%
4%
10%
27%
Data1
0%
0%
0%
0%
0%
Data2
0%
0%
0%
0%
0%
I/O1
0%
0%
0%
0%
0%
Details:
• As a minimum requirement for using System Poll Mode with vThunder for VMware, the server must be running
VMware ESXi 5.0, Update 1 (or newer).
• When System Poll Mode is enabled on vThunder, each vThunder instance requires a minimum of 4 vCPUs to
function correctly.
• The vThunder vCPU can be in either System Poll Mode or Interrupt Mode. If the vThunder instance is using the
newer System Poll Mode, and if the interface driver is VMXNET3, then Jumbo Frames are not supported. However, Jumbo Frames are supported if the vThunder instance is using Interrupt Mode.
Additional Resources – Where to go from here?
After you have logged into the vThunder GUI or CLI, you may be in need of assistance to configure the device. More
information can be found in the latest ACOS Release Notes. This document has a list of new features, known issues, and
other information to help get you started.
It is also highly recommended to use the basic deployment instructions that appear in the System Configuration and
Administration Guide.
Document No.: VT-VMWARE-ESXI-004 - Apr 06, 2017 | page 28
vThunder for VMware ESXi—Installation Guide
Upgrading vThunder
Upgrading vThunder
NOTE:
There is no upgrade path from 2.7.1 to 4.x. Instead, you must first upgrade from 2.7.1-Px
to 2.7.2-P3, and then you can upgrade from 2.7.2-P3 to 4.x.
The vThunder instance uses the same system image as model AX 2500.
To upgrade the vThunder using the GUI, follow the procedure below:
1. To download the latest software tar file, navigate to the following URL:
https://www.a10networks.com/support/axseries/software-downloads#vthunder
NOTE:
A10 Support username and password are required.
2. Once the tar file is downloaded, log into the vThunder instance and use the ACOS GUI to navigate as follows:
• If running ACOS 2.7.x release:
a. Select Config Mode > System > Maintenance > Upgrade.
b. Select the desired Upgrade from option (Local or Remote).
c. Click OK.
• If running ACOS 4.x release:
a. Select System > Maintenance > Upgrade.
b. Select the Media radio button (Disk or Compact Flash).
c. If you selected Disk, you must also specify the Destination radio button (Primary or Secondary).
d. Select the desired Upgrade from option (Local or Remote).
e. Navigate to the appropriate tar file.
f. Click the Upgrade button.
3. When the upgrade is complete, make sure to clear the browser cache to ensure proper display of the ACOS GUI.
page 29 | Document No.: VT-VMWARE-ESXI-004 - Apr 06, 2017
vThunder for VMware ESXi—Installation Guide
Upgrading vThunder
Document No.: VT-VMWARE-ESXI-004 - Apr 06, 2017 | page 30
vThunder for VMware ESXi—Installation Guide
page 31 | Document No.: VT-VMWARE-ESXI-004 - Apr 06, 2017
3
Document No.: VT-VMWARE-ESXI-004 | Apr 06, 2017