F5 Networks Big IP 1500

_Adrian_

Hey guys…
This might be another option for those that want a low power unit that's somewhat capable.

Unit looks like its built around an ATX board with a Intel Celeron, 80GB EIDE drive, 2GB of RAM, Compact flash support, your leaffy green 300W power supply, 4x Gigabit ethernet along 2x Gigabit FC ports...

( Not mine, just a random google image)

Pulling the big old tired IDE drive out and using a Dual CF to IDE converter would wake up the unit… I think...
Im wondering how this would stack up against a firebox....

Any insight or input ??

stephenw10

Interesting looking box.
It looks loud, many small fans.
Is that two completely separate boards connected via internal ethernet?
Broadcom NICs?

Steve

_Adrian_

Looks like it Steve…
I think the front PCB acts like a switch meanwhile the back part of the unit does the filtering.
Also looks like it had an accelerator card of some sort in there...

Its nice that it can be just unplugged and relocated to the rear of the unit with one of THESE

EDIT:
Found some specs on F5's site…

Processor
Single 2.5 GHz Celeron

Network Interface
4 x 10/100/1000
2 x Fiber Gigabit Ethernet interface (SFPs)
1000BASE-SX - 850 nm (LC Connector
1000BASE-LX - 1310 nm (LC Connector, optional)
1 x 10/100 Ethernet Management port

Hard Drive Capacity
80 GB hard drive

RAM
768 MB (expandable to 2 GB)

Power supply
300W 100/240 +/- 10% VAC AUTO Switching

Typical power consumption
143W

Heat generated
488 BTU/hour

_Adrian_

My buddy has a handful of these on the shelf :

"F5 NETWORKS BIG IP 1500 200-0138-02 LOCAL TRAFFIC MANAGER LOAD BALANCER

This unit is being sold As-Is due to missing software. The unit boots, but ends up in a boot loop, due to hard-drive being wiped clean.

Unit is equipped with 80GB WD Hard Drive. 4 Sticks of 512MB DDR memory, 128MB Flash and Channel Well PSG300C-80 Power Supply. etc "

@Boot:

System is booting, please wait…
Press Ctrl-c to stop autoboot: 0
kernel.core_uses_pid = 0
kernel.core_pattern = /var/core/%e.sccp.core

Host Console Shell --- Press <esc>( for command menu.

PXELINUX/F5 HSIBJ 3.07 Copyright (C) 1994-2005 H. Peter Anvin
Booting from local disk...

PXELINUX/F5 HSIBJ 3.07 Copyright (C) 1994-2005 H. Peter Anvin
Booting from local disk...

PXELINUX/F5 HSIBJ 3.07 Copyright (C) 1994-2005 H. Peter Anvin
Booting from local disk...

etc...

etc.........</esc>

Almost wondering if that front board will accept DD-WRT or Open-WRT and with pfSense behind it it would make a hella team :)

stephenw10

Yep that's a weird box!
I can find only two pictures of it open, including the one you posted, and in both it has nothing in the CF slot. Presumably it needs something there to boot the front board and you spec states 128MB flash. I would bet that front board is not X86 so, yes, you'd have to go OpenWRT or roll your own FreeBSD for whatever architecture it is.
The back board looks like a standard of the shelf motherboard with none of the backplate connectors exposed. It has VGA so I'm sure you could boot that part easily enough.

Do you have any specs for the original boxes performance? That would give you some idea of what contribution the front board may have been making. Did it use some custom ASICS to get multi gigabit throughput for example.

Steve

_Adrian_

@stephenw10:

Yep that's a weird box!
I can find only two pictures of it open, including the one you posted, and in both it has nothing in the CF slot. Presumably it needs something there to boot the front board and you spec states 128MB flash. I would bet that front board is not X86 so, yes, you'd have to go OpenWRT or roll your own FreeBSD for whatever architecture it is.
The back board looks like a standard of the shelf motherboard with none of the backplate connectors exposed. It has VGA so I'm sure you could boot that part easily enough.

Do you have any specs for the original boxes performance? That would give you some idea of what contribution the front board may have been making. Did it use some custom ASICS to get multi gigabit throughput for example.

Steve

This might help… but this is mainly what i have found so far...

This F5 LTM bigip 1500 unit has:
500 Mbps of Throughput
4 - gigabit (10/100/1000) copper ports
100 TPS SSL Hardware Acceleration
5 MBPS COMPRESSION
F5 OS v9

Server/Node Operating System Compatibility: Load balancing of any TCP/IP OS, including Windows NT, Windows 95, all UNIX platforms and Mac/OS

Internet/Intranet Protocol Support: All TCP services, UDP, SIP and SSL; nearly all IP-based protocols

Administrative Environment Support: DNS proxy, SMTP, F-secure SSH, SNMP, dynamic/static network monitoring, scheduled batch job processing, system status reports and alarms event notification

Network Management & Monitoring: Secure SSL browser-based interface, remote encrypted login and file transfer using F-secure SSH monitor, BIG-IP system network monitoring utilities and additional contributed software; SNMP gets and traps.

Dynamic Content Support: ASP (active server pages),VB (visual basic script), ActiveX, JAVA,VRML, CGI, Cool Talk, Net Meeting, Real Audio, Real Video, Netshow, Quick Time, PointCast, any HTTP encapsulated data

BIG-IP LTM Device Redundancy: Watchdog timer card, fail-safe cable (primary & secondary)

Web Server Application Compatibility: Any IP-based web or application server

_Adrian_

Also found this…

Here's the output from bigpipe version:

Kernel:
Linux 2.4.21-9.4.4.65.0smp
Package:
BIG-IP Version 9.4.4 65.1
Final Edition

Enabled Features:
QoS and ToS Tagging
Connection Limits
OneConnect - Switching and Pooling
Connection Rebinding
Connection Timeout
Route Pool
Last Hop Pool
Active Active
Failover
Pool Min Up Members
State Mirroring
VLAN Failsafe
HTTP traffic classifier
iSNAT - Rules Referencing SNAT Pools
Basic Load Balancing
Dynamic Ratio Load Balancing
Fastest Load Balancing
L3 Addr Load Balancing
Least Connection Load Balancing
Least Sessions Load Balancing
Observed Load Balancing
LB Pools Maximum Nodes unlimited
Predictive Load Balancing
Priority Load Balancing
Ratio Load Balancing
Round Robin Load Balancing
UDP Packet Load Balancing
Web Logic Load Balancing
EAV Monitor
FTP Monitor
gateway ICMP Monitor
HTTP Monitor
HTTPS Monitor
ICMP Monitor
IMAP Monitor
LDAP Monitor
LDAP Over SSL Monitor
Microsoft SQL Monitor
NNTP Monitor
Oracle Monitor
POP3 Monitor
RADIUS Monitor
RealN Monitor
Reverse Keyword
RPC Monitor
Monitor Rules
SASP Monitor
SCRIPTED Monitor
SIP Monitor
SMB Monitor
SMTP Monitor
SNMP Monitor
Soap Monitor
TCP Monitor
TCP Echo Monitor
TCP Half Open Monitor
Transparent Device Monitor
UDP Monitor
WAP Monitor
WMI Monitor
Monitors
Network Address Translation
Persistence
Cookie Persistence
Simple Persistence
SIP Persistence
SSL Session ID Persistence
Sticky Persistence
Universal Persistence
WTS Persistence
Pools
HTTP Content Transformation
Fast L4
FTP
HTTP Header Transformation
HTTP
Probe Control - IDS Traffic Management
HTTP Redirection
SIP
TCP
UDP
RTSP switching
L4 iRules
L7 iRules
User-Defined Statistics
iRules
SCTP support
SNAT Standard
Address Translation
Port Translation
Transparent Device Load Balancing
Local Traffic Manager
Interface Mirroring
Spanning Tree Protocol
PVA Enable
SSL Mbps 4000
SSL Total TPS 100
HTTP Compression 5
SSL client certificate authorization via LDAP
DDoS Connection Limits
Dynamic Connection Reaping
Packet Filter
SYN Check
SSL Support

Also found out that they update the switch card control processor (SCCP) manually.
As of yet I have no clue whats on the drive… time to dig deeper and check out the OpenWRT forums :)

_Adrian_

Also found this…
@F5:

The SCCP is a separate subsystem that controls the F5 switch hardware. The following examples include ways you can use the SCCP:

Change the system boot device
Halt or reboot the system
Perform a number of other specialized tasks that F5 Technical Support may request when troubleshooting your system

Warning: Some SCCP options can cause damage to your system. Do not use any SCCP option unless you are specifically instructed to do so in an AskF5 article or by an F5 Technical Support Engineer.

Accessing SCCP through secure shell (SSH)

Note: By default, the SCCP is not configured to allow access through SSH from the network. To enable SCCP access from the network using SSH, refer to SOL3753: Configuring the switch card control processor (SCCP) so that it can be accessed over the network.

You can access the SCCP from the command line when you are connected directly to the console port or remotely through SSH.

Log in to the command line of the BIG-IP system.
Connect through SSH to the SCCP by typing the following command:

ssh sccp
An sccp# prompt displays appearing similar to the following example:

Last login: Mon Jan 01 01:23:45 2006 from host
Welcome to the F5Networks SCCP!
sccp#
Enter the SCCP Host Console Shell by typing the following command:

hostconsh
The output appears similar to the following example:

[hostconsh] Attempting to acquire the host processor console…
Host Console Shell --- Press <esc>( for command menu.
Display the SCCP menu by pressing the ESC key once, then press and hold down the SHIFT key while pressing the 9 key.

The SCCP menu appears similar to the following example:

[hostconsh] Command Menu:
1 –- Connect to Host subsystem console
2 --- Select Host subsystem boot mode: boot from local drive
3 --- Select Host subsystem boot mode: netboot from SCCP
4 --- Select Host subsystem boot mode: netboot from external server
5 --- Reboot Host subsystem (sends reboot command)
6 --- Halt Host subsystem (sends halt command)
7 --- Reset Host subsystem (issues hardware reset--USE WITH CARE!)
8 --- Reboot SCCP subsystem (issues hardware reset--USE WITH CARE!)
9 --- Halt SCCP subsystem (issues hardware shutdown--USE WITH CARE!)
Q --- Exit Host subsystem console shell
[hostconsh] Enter command:

Important: This menu selection is limited; for a full menu selection, you can access the SCCP menu from the console.
Either select the desired SCCP menu item or exit the menu by pressing the q key and then pressing the y key to confirm exit. You return to the SCCP sccp# prompt.
Exit the SCCP by typing the following command:

exit

Accessing SCCP from the console

Note: You are not required to log in at the console prompt for the following procedure.

From the console, display the SCCP menu by pressing the ESC key once, then press and hold down the SHIFT key while pressing the 9 key.

You see output that appears similar to the following example:

[hostconsh] Command Menu:
1 –- Connect to Host subsystem console
2 --- Select Host subsystem boot mode: boot from local drive
3 --- Select Host subsystem boot mode: netboot from SCCP
4 --- Select Host subsystem boot mode: netboot from external server
5 --- Reboot Host subsystem (sends reboot command)
6 --- Halt Host subsystem (sends halt command)
7 --- Reset Host subsystem (issues hardware reset--USE WITH CARE!)
8 --- Reboot SCCP subsystem (issues hardware reset--USE WITH CARE!)
9 --- Halt SCCP subsystem (issues hardware shutdown--USE WITH CARE!)
B --- SCCP baud rate configurator
L --- SCCP login
N --- SCCP network configurator
[hostconsh] Enter command:

Important: When you access the SCCP through the console, the SCCP menu contains additional selections that were not provided on the menu when you accessed the SCCP through SSH.

Select the desired SCCP menu item, or type 1 to exit the menu.

If you select 1 to exit, you see output that appears similar to the following example:

Host Console Shell –- Press <esc>( for command menu.
Press the Enter key to return to the console prompt.

Displaying SCCP version information

To display the SCCP version information, connect to the SCCP using one of the methods described above, and type the following command:

uname -a</esc></esc>

Also after a bit of digging it looks like the card in the picture is a Broadcom SSL Crypto card…

stephenw10

So it looks like there's a good chance you can just use the switch board as is and run pfSense on the rear board. It looks to be connected via serial internally (the black braided cable) as well as via ethernet. Of course you'll need a good grasp on how it's configured and how it can be changed.
The crypto card may be supported by the ubsec(4) driver.

Steve

_Adrian_

Good thing i have a decent IP-KVM and can use one of these…

hidden inside the case and adding 2 of those neutrik case connector ( one for WAN and one for KVM ) at the back

I think I'm going to pull the trigger and see what can I get out of this box :P

stephenw10

Don't spend too much, you could end up with a massive paper weight if you can't get the front board to play nicely. Also even if you can the whole box working the performance is never going to be anything special with that single Celeron.

Steve

Darkk

@stephenw10:

Don't spend too much, you could end up with a massive paper weight if you can't get the front board to play nicely. Also even if you can the whole box working the performance is never going to be anything special with that single Celeron.

Steve

It looks like a standard motherboard in the back so if performance is an issue he could just swap the board out with something a bit newer. Very odd set up but it does have some advantages. Mainly able to swap out the motherboard.

_Adrian_

I think I see some SATA connectors at behind the last PCI slot…

BUT...
with that being said I didnt have one open, I just posted an image off the net.
Ther are roughly going for $50 plus shipping on ebay.

I'm looking for something like a firebox.
Whats your guys take on the XTM810 ?

Then I can actually use the DL380 for MS Exchange and free up my DL360 and let it handle DNS/DHCP/AD instead of running pfSense.

stephenw10

The XTM8 series are nice boxes. There is a gotcha with the install because the serial console port is actually com2 and Nano is hard coded to use com1. It all detailed in the XTM8 thread.

Steve

TeknikL

Did you try to boot the pfsense cd with a usb cdrom?

I have a Bigip 6400 and it boots off the disc, trying with a nanobsd serial console version now… will update.