F5 Networks Big IP 1500



  • Hey guys…
    This might be another option for those that want a low power unit that's somewhat capable.

    Unit looks like its built around an ATX board with a Intel Celeron, 80GB EIDE drive, 2GB of RAM, Compact flash support, your leaffy green 300W power supply, 4x Gigabit ethernet along 2x Gigabit FC ports...

    ( Not mine, just a random google image)

    Pulling the big old tired IDE drive out and using a Dual CF to IDE converter would wake up the unit… I think...
    Im wondering how this would stack up against a firebox....

    Any insight or input ??


  • Netgate Administrator

    Interesting looking box.
    It looks loud, many small fans.
    Is that two completely separate boards connected via internal ethernet?
    Broadcom NICs?

    Steve



  • Looks like it Steve…
    I think the front PCB acts like a switch meanwhile the back part of the unit does the filtering.
    Also looks like it had an accelerator card of some sort in there...

    Its nice that it can be just unplugged and relocated to the rear of the unit with one of THESE

    EDIT:
    Found some specs on F5's site…

    Processor
    Single 2.5 GHz Celeron

    Network Interface
    4 x 10/100/1000
      2 x Fiber Gigabit Ethernet interface (SFPs)
                          1000BASE-SX - 850 nm (LC Connector
                          1000BASE-LX - 1310 nm (LC Connector, optional)
            1 x 10/100 Ethernet Management port

    Hard Drive Capacity
    80 GB hard drive

    RAM
    768 MB (expandable to 2 GB)

    Power supply
    300W 100/240 +/- 10% VAC AUTO Switching

    Typical power consumption
    143W

    Heat generated
    488 BTU/hour



  • My buddy has a handful of these on the shelf :

    "F5 NETWORKS BIG IP 1500 200-0138-02 LOCAL TRAFFIC MANAGER LOAD BALANCER

    This unit is being sold As-Is due to missing software. The unit boots, but ends up in a boot loop, due to hard-drive being wiped clean.

    Unit is equipped with 80GB WD Hard Drive. 4 Sticks of 512MB DDR memory, 128MB Flash and Channel Well PSG300C-80 Power Supply. etc "

    @Boot:

    System is booting, please wait…
    Press Ctrl-c to stop autoboot:  0
    kernel.core_uses_pid = 0
    kernel.core_pattern = /var/core/%e.sccp.core

    Host Console Shell --- Press <esc>( for command menu.

    PXELINUX/F5 HSIBJ 3.07  Copyright (C) 1994-2005 H. Peter Anvin
    Booting from local disk...

    PXELINUX/F5 HSIBJ 3.07  Copyright (C) 1994-2005 H. Peter Anvin
    Booting from local disk...

    PXELINUX/F5 HSIBJ 3.07  Copyright (C) 1994-2005 H. Peter Anvin
    Booting from local disk...

    etc...

    etc.........</esc>

    Almost wondering if that front board will accept DD-WRT or Open-WRT and with pfSense behind it it would make a hella team :)


  • Netgate Administrator

    Yep that's a weird box!
    I can find only two pictures of it open, including the one you posted, and in both it has nothing in the CF slot. Presumably it needs something there to boot the front board and you spec states 128MB flash. I would bet that front board is not X86 so, yes, you'd have to go OpenWRT or roll your own FreeBSD for whatever architecture it is.
    The back board looks like a standard of the shelf motherboard with none of the backplate connectors exposed. It has VGA so I'm sure you could boot that part easily enough.

    Do you have any specs for the original boxes performance? That would give you some idea of what contribution the front board may have been making. Did it use some custom ASICS to get multi gigabit throughput for example.

    Steve



  • @stephenw10:

    Yep that's a weird box!
    I can find only two pictures of it open, including the one you posted, and in both it has nothing in the CF slot. Presumably it needs something there to boot the front board and you spec states 128MB flash. I would bet that front board is not X86 so, yes, you'd have to go OpenWRT or roll your own FreeBSD for whatever architecture it is.
    The back board looks like a standard of the shelf motherboard with none of the backplate connectors exposed. It has VGA so I'm sure you could boot that part easily enough.

    Do you have any specs for the original boxes performance? That would give you some idea of what contribution the front board may have been making. Did it use some custom ASICS to get multi gigabit throughput for example.

    Steve

    This might help… but this is mainly what i have found so far...

    This F5 LTM bigip 1500 unit has:
        500 Mbps of Throughput
        4 - gigabit (10/100/1000) copper ports
        100 TPS SSL Hardware Acceleration
        5 MBPS COMPRESSION
        F5 OS v9

    Server/Node Operating System Compatibility: Load balancing of any TCP/IP OS, including Windows NT, Windows 95, all UNIX platforms and Mac/OS

    Internet/Intranet Protocol Support: All TCP services, UDP, SIP and SSL; nearly all IP-based protocols

    Administrative Environment Support: DNS proxy, SMTP, F-secure SSH, SNMP, dynamic/static network monitoring, scheduled batch job processing, system status reports and alarms event notification

    Network Management & Monitoring: Secure SSL browser-based interface, remote encrypted login and file transfer using F-secure SSH monitor, BIG-IP system network monitoring utilities and additional contributed software; SNMP gets and traps.

    Dynamic Content Support: ASP (active server pages),VB (visual basic script), ActiveX, JAVA,VRML, CGI, Cool Talk, Net Meeting, Real Audio, Real Video, Netshow, Quick Time, PointCast, any HTTP encapsulated data

    BIG-IP LTM Device Redundancy: Watchdog timer card, fail-safe cable (primary & secondary)

    Web Server Application Compatibility: Any IP-based web or application server



  • Also found this…

    Here's the output from bigpipe version:

    Kernel:
    Linux 2.4.21-9.4.4.65.0smp
    Package:
    BIG-IP Version 9.4.4 65.1
    Final Edition

    Enabled Features:
    QoS and ToS Tagging                   
    Connection Limits                     
    OneConnect - Switching and Pooling   
    Connection Rebinding                 
    Connection Timeout                   
    Route Pool                           
    Last Hop Pool                         
    Active Active                         
    Failover                             
    Pool Min Up Members                   
    State Mirroring                       
    VLAN Failsafe                         
    HTTP traffic classifier               
    iSNAT - Rules Referencing SNAT Pools 
    Basic Load Balancing                 
    Dynamic Ratio Load Balancing         
    Fastest Load Balancing               
    L3 Addr Load Balancing               
    Least Connection Load Balancing       
    Least Sessions Load Balancing         
    Observed Load Balancing               
    LB Pools Maximum Nodes unlimited     
    Predictive Load Balancing             
    Priority Load Balancing               
    Ratio Load Balancing                 
    Round Robin Load Balancing           
    UDP Packet Load Balancing             
    Web Logic Load Balancing             
    EAV Monitor                           
    FTP Monitor                           
    gateway ICMP Monitor                 
    HTTP Monitor                         
    HTTPS Monitor                         
    ICMP Monitor                         
    IMAP Monitor                         
    LDAP Monitor                         
    LDAP Over SSL Monitor                 
    Microsoft SQL Monitor                 
    NNTP Monitor                         
    Oracle Monitor                       
    POP3 Monitor                         
    RADIUS Monitor                       
    RealN Monitor                         
    Reverse Keyword                       
    RPC Monitor                           
    Monitor Rules                         
    SASP Monitor                         
    SCRIPTED Monitor                     
    SIP Monitor                           
    SMB Monitor                           
    SMTP Monitor                         
    SNMP Monitor                         
    Soap Monitor                         
    TCP Monitor                           
    TCP Echo Monitor                     
    TCP Half Open Monitor                 
    Transparent Device Monitor           
    UDP Monitor                           
    WAP Monitor                           
    WMI Monitor                           
    Monitors                             
    Network Address Translation           
    Persistence                           
    Cookie Persistence                   
    Simple Persistence                   
    SIP Persistence                       
    SSL Session ID Persistence           
    Sticky Persistence                   
    Universal Persistence                 
    WTS Persistence                       
    Pools                                 
    HTTP Content Transformation           
    Fast L4                               
    FTP                                   
    HTTP Header Transformation           
    HTTP                                 
    Probe Control - IDS Traffic Management
    HTTP Redirection                     
    SIP                                   
    TCP                                   
    UDP                                   
    RTSP switching                       
    L4 iRules                             
    L7 iRules                             
    User-Defined Statistics               
    iRules                               
    SCTP support                         
    SNAT Standard                         
    Address Translation                   
    Port Translation                     
    Transparent Device Load Balancing     
    Local Traffic Manager                 
    Interface Mirroring                   
    Spanning Tree Protocol               
    PVA Enable                           
    SSL Mbps 4000                         
    SSL Total TPS 100                     
    HTTP Compression 5                   
    SSL client certificate authorization via LDAP
    DDoS Connection Limits               
    Dynamic Connection Reaping           
    Packet Filter                         
    SYN Check                             
    SSL Support

    Also found out that they update the switch card control processor (SCCP) manually.
    As of yet I have no clue whats on the drive… time to dig deeper and check out the OpenWRT forums :)



  • Also found this…
    @F5:

    The SCCP is a separate subsystem that controls the F5 switch hardware. The following examples include ways you can use the SCCP:

    Change the system boot device
        Halt or reboot the system
        Perform a number of other specialized tasks that F5 Technical Support may request when troubleshooting your system

    Warning: Some SCCP options can cause damage to your system. Do not use any SCCP option unless you are specifically instructed to do so in an AskF5 article or by an F5 Technical Support Engineer.

    Accessing SCCP through secure shell (SSH)

    Note:  By default, the SCCP is not configured to allow access through SSH from the network. To enable SCCP access from the network using SSH, refer to SOL3753: Configuring the switch card control processor (SCCP) so that it can be accessed over the network.

    You can access the SCCP from the command line when you are connected directly to the console port or remotely through SSH.

    Log in to the command line of the BIG-IP system.
        Connect through SSH to the SCCP by typing the following command:

    ssh sccp
        An sccp# prompt displays appearing similar to the following example:

    Last login: Mon Jan 01 01:23:45 2006 from host
        Welcome to the F5Networks SCCP!
        sccp#
        Enter the SCCP Host Console Shell by typing the following command:

    hostconsh
        The output appears similar to the following example:

    [hostconsh] Attempting to acquire the host processor console…
        Host Console Shell --- Press <esc>( for command menu.
        Display the SCCP menu by pressing the ESC key once, then press and hold down the SHIFT key while pressing the 9 key.

    The SCCP menu appears similar to the following example:

    [hostconsh] Command Menu:
        1 –- Connect to Host subsystem console
        2 --- Select Host subsystem boot mode: boot from local drive
        3 --- Select Host subsystem boot mode: netboot from SCCP
        4 --- Select Host subsystem boot mode: netboot from external server
        5 --- Reboot Host subsystem (sends reboot command)
        6 --- Halt  Host subsystem (sends halt command)
        7 --- Reset  Host subsystem (issues hardware reset--USE WITH CARE!)
        8 --- Reboot SCCP subsystem (issues hardware reset--USE WITH CARE!)
        9 --- Halt  SCCP subsystem (issues hardware shutdown--USE WITH CARE!)
        Q --- Exit Host subsystem console shell
        [hostconsh] Enter command:

    Important: This menu selection is limited; for a full menu selection, you can access the SCCP menu from the console.
        Either select the desired SCCP menu item or exit the menu by pressing the q key and then pressing the y key to confirm exit. You return to the SCCP sccp# prompt.
        Exit the SCCP by typing the following command:

    exit

    Accessing SCCP from the console

    Note: You are not required to log in at the console prompt for the following procedure.

    From the console, display the SCCP menu by pressing the ESC key once, then press and hold down the SHIFT key while pressing the 9 key.

    You see output that appears similar to the following example:

    [hostconsh] Command Menu:
        1 –- Connect to Host subsystem console
        2 --- Select Host subsystem boot mode: boot from local drive
        3 --- Select Host subsystem boot mode: netboot from SCCP
        4 --- Select Host subsystem boot mode: netboot from external server
        5 --- Reboot Host subsystem (sends reboot command)
        6 --- Halt Host subsystem (sends halt command)
        7 --- Reset Host subsystem (issues hardware reset--USE WITH CARE!)
        8 --- Reboot SCCP subsystem (issues hardware reset--USE WITH CARE!)
        9 --- Halt SCCP subsystem (issues hardware shutdown--USE WITH CARE!)
        B --- SCCP baud rate configurator
        L --- SCCP login
        N --- SCCP network configurator
        [hostconsh] Enter command:

    Important: When you access the SCCP through the console, the SCCP menu contains additional selections that were not provided on the menu when you accessed the SCCP through SSH.

    Select the desired SCCP menu item, or type 1 to exit the menu.

    If you select 1 to exit, you see output that appears similar to the following example:

    Host Console Shell –- Press <esc>( for command menu.
        Press the Enter key to return to the console prompt.

    Displaying SCCP version information

    To display the SCCP version information, connect to the SCCP using one of the methods described above, and type the following command:

    uname -a</esc></esc>

    Also after a bit of digging it looks like the card in the picture is a Broadcom SSL Crypto card…


  • Netgate Administrator

    So it looks like there's a good chance you can just use the switch board as is and run pfSense on the rear board. It looks to be connected via serial internally (the black braided cable) as well as via ethernet. Of course you'll need a good grasp on how it's configured and how it can be changed.
    The crypto card may be supported by the ubsec(4) driver.

    Steve



  • Good thing i have a decent IP-KVM and can use one of these…

    hidden inside the case and adding 2 of those neutrik case connector ( one for WAN and one for KVM ) at the back

    I think I'm going to pull the trigger and see what can I get out of this box :P


  • Netgate Administrator

    Don't spend too much, you could end up with a massive paper weight if you can't get the front board to play nicely. Also even if you can the whole box working the performance is never going to be anything special with that single Celeron.

    Steve



  • @stephenw10:

    Don't spend too much, you could end up with a massive paper weight if you can't get the front board to play nicely. Also even if you can the whole box working the performance is never going to be anything special with that single Celeron.

    Steve

    It looks like a standard motherboard in the back so if performance is an issue he could just swap the board out with something a bit newer.  Very odd set up but it does have some advantages.  Mainly able to swap out the motherboard.



  • I think I see some SATA connectors at behind the last PCI slot…

    BUT...
    with that being said I didnt have one open, I just posted an image off the net.
    Ther are roughly going for $50 plus shipping on ebay.

    I'm looking for something like a firebox.
    Whats your guys take on the XTM810 ?

    Then I can actually use the DL380 for MS Exchange and free up my DL360 and let it handle DNS/DHCP/AD instead of running pfSense.


  • Netgate Administrator

    The XTM8 series are nice boxes. There is a gotcha with the install because the serial console port is actually com2 and Nano is hard coded to use com1. It all detailed in the XTM8 thread.

    Steve



  • Did you try to boot the pfsense cd with a usb cdrom?

    I have a Bigip 6400 and it boots off the disc, trying with a nanobsd serial console version now… will update.


Log in to reply