INSTALLATION GUIDE

vThunder for VMware ESXi

July 24, 2015

© 7/24/2015 A10 Networks, Inc. Confidential - All Rights Reserved
Information in this document is subject to change without notice.

Patents
A10 Networks products including all Thunder Series products are protected by one or more of the following U.S. patents: 8977749,
8943577, 8918857, 8914871, 8904512, 8897154, 8868765, 8849938, 8826372, 8813180, 8782751, 8782221, 8595819, 8595791, 8595383,
8584199, 8464333, 8423676, 8387128, 8332925, 8312507, 8291487, 8266235, 8151322, 8079077, 7979585, 7804956, 7716378, 7665138,
7647635, 7627672, 7596695, 7577833, 7552126, 7392241, 7236491, 7139267, 6748084, 6658114, 6535516, 6363075, 6324286, 5931914,
5875185, RE44701, 8392563, 8103770, 7831712, 7606912, 7346695, 7287084, 6970933, 6473802, 6374300.

Trademarks
A10 Harmony, the A10 logo, A10 Lightning, A10 Networks, A10 Thunder, aCloud, ACOS, ACOS Policy Engine, Affinity, aFleX, aFlow, aGa-
laxy, aVCS, aXAPI, IDaccess, IDsentrie, IP-to-ID, SSL Insight, Thunder, Thunder TPS, UASG, and vThunder are trademarks or registered
trademarks of A10 Networks, Inc. in the United States and other countries. All other trademarks are property of their respective owners.

Confidentiality
This document contains confidential materials proprietary to A10 Networks, Inc. This document and information and ideas herein may
not be disclosed, copied, reproduced or distributed to anyone outside A10 Networks, Inc. without prior written consent of A10 Net-
works, Inc.

A10 Networks Inc. Software License and End User Agreement

Software for all A10 Networks products contains trade secrets of A10 Networks and its subsidiaries and Customer agrees to treat Soft-
ware as confidential information.

Anyone who uses the Software does so only in compliance with the terms of the End User License Agreement (EULA), provided later in
this document or available separately. Customer shall not:

1. reverse engineer, reverse compile, reverse de-assemble or otherwise translate the Software by any means

2. sublicense, rent or lease the Software.

Disclaimer
This document does not create any express or implied warranty about A10 Networks or about its products or services, including but not
limited to fitness for a particular use and non-infringement. A10 Networks has made reasonable efforts to verify that the information
contained herein is accurate, but A10 Networks assumes no responsibility for its use. All information is provided "as-is." The product
specifications and features described in this publication are based on the latest information available; however, specifications are sub-
ject to change without notice, and certain features may not be available upon initial product release. Contact A10 Networks for current
information regarding its products or services. A10 Networks’ products and services are subject to A10 Networks’ standard terms and
conditions.

Environmental Considerations
Some electronic components may possibly contain dangerous substances. For information on specific component types, please con-
tact the manufacturer of that component. Always consult local authorities for regulations regarding proper disposal of electronic com-
ponents in your area.

Further Information
For additional information about A10 products, terms and conditions of delivery, and pricing, contact your nearest A10 Networks loca-
tion, which can be found by visiting www.a10networks.com.
Table of Contents

Installation .................................................................................................................................................... 5
Overview ............................................................................................................................................................... 5
System Requirements ............................................................................................................................................................................ 7
Licensing ........................................................................................................................................................................................................ 7
Interfaces ....................................................................................................................................................................................................... 7
Feature Support (Varies Based on Software Release) ......................................................................................................10
Limitations ..................................................................................................................................................................................................11
Promiscuous Mode ......................................................................................................................................................................11
High Availability Limitations ...................................................................................................................................................11
Installing vThunder on vSphere Client .....................................................................................................12
Adding Extra Port Groups if Necessary .....................................................................................................................................12
Installing the vThunder Instance ..................................................................................................................................................12
Modifying vSwitch Settings .............................................................................................................................................................15
Powering On the vThunder Instance .........................................................................................................................................16
Accessing the vThunder CLI on the Console ........................................................................................................................16
Adding Extra Ethernet Data Interfaces ......................................................................................................................................17
Support for “no dedicated management port mode” ...........................................................................................18
Installation Using ovftool ..............................................................................................................................20
Installing the License and Initial Login .....................................................................................................21
License Installation ................................................................................................................................................................................21
More about Global License Manager (GLM) ..........................................................................................................................24
Initial vThunder Configuration .......................................................................................................................................................25
Login via CLI ......................................................................................................................................................................................25
Configure the Management Interface .............................................................................................................................25
Configuring Single-interface Mode for vThunder ....................................................................................................26
Change the Admin Password ................................................................................................................................................28
Save the Configuration Changes – write memory ...................................................................................................28
Additional Resources – Where to go from here? .......................................................................................................28
Upgrading vThunder.......................................................................................................................................28

page 3 | Document No.: VT-VMWARE-ESXI-002 - 7/24/2015

 vThunder for VMware ESXi—Installation Guide
Contents

Document No.: VT-VMWARE-ESXI-002 - 7/24/2015 | page 4

Installation

Overview
This guide describes how to install the vThunder virtual appliance on a VMware ESXi hypervisor.

vThunder for VMware ESXi is a fully operational, software-only version of the ACOS Series Server Load Balancer (SLB), Applica-
tion Delivery Controller (ADC), or IPv6 migration device.

The maximum throughput of vThunder for VMware ESXi is variable and depends on which vThunder software license was
purchased.

vThunder is distributed in an OVA format, which is a single-file version of Open Virtualization Format (OVF). The file you will
receive from A10 Support has an .ova extension.

You can install vThunder on a hardware platform running VMware ESXi 4.1 Update 2.1

For a list of minimal software and hardware requirements, see “System Requirements” on page 7.

NOTE: If the vThunder network interfaces are in a tagged VLAN, enter 4095 in the VLAN ID field
to enable tagging.

NOTE: The product name for the ACOS virtual appliance changed from “SoftAX” to “vThunder”
beginning with ACOS 2.7.1-P3 (SLB release) and ACOS 2.8.1 (IPv6 Migration release). This
document uses the “vThunder” name, but some file names, directory paths, and screen-
shots may still refer to “SoftAX”.

1.
VMware ESXi 5.0 is also supported.

page 5 | Document No.: VT-VMWARE-ESXI-002 - 7/24/2015

 vThunder for VMware ESXi—Installation Guide
Overview

Figure 1 shows vThunder running on top of commodity servers (which are running the VMware ESXi hypervisor).

FIGURE 1 vThunder for VMware ESXi

Document No.: VT-VMWARE-ESXI-002 - 7/24/2015 | page 6

vThunder for VMware ESXi—Installation Guide
Overview

System Requirements
Hardware Requirements

The hardware platform upon which the vThunder instance will be installed must meet the following minimal requirements:

• 1 CPU (Intel VT-enabled)

• 4 GB RAM memory (more RAM may be needed if you are using memory-intensive features, such as Jumbo Frame)

• 16 GB storage

• 2 Ethernet ports (1 mgmt interface and 1 data interface)

vThunder Requirements

The vThunder must meet the following requirements:

• 1 to 4 virtual CPUs

• 2 GB to 16 GB virtual memory (ACOS 4.0 and later requires 4 GB virtual memory)

• Virtual disk image size:

• 8 GB for ACOS 2.7.x and earlier

• 12 GB for ACOS 3.x, 4.x and later
• Running one of the following ACOS software versions:

• For standard SLB features – ACOS Release 2.7.1, or later

• For IPv6 migration features – ACOS Release 2.8.1, or later
• VMware ESXi 4.1 Update 2 client (required unless you plan to install using ovftool)
• Separate port groups for each vThunder interface (see “Adding Extra Port Groups if Necessary” on page 12), config-
ured before you begin installing vThunder

NOTE: To obtain VMware ESXi 4.1 Update 2, navigate to the following site:
http://www.vmware.com

Licensing
vThunder for VMware ESXi requires a license. Without a license, only minimum bandwidth is supported, in order to test the
network connectivity. In this document, following the installation instructions, instructions for obtaining and installing the
license are provided. (See “License Installation” on page 21.)

Interfaces
vThunder has 3 Ethernet interfaces after installation:

page 7 | Document No.: VT-VMWARE-ESXI-002 - 7/24/2015

 vThunder for VMware ESXi—Installation Guide
Overview

• Management – Dedicated management interface

• Ethernet 1 – Data interface
• Ethernet 2 – Data interface

NOTE: The minimum requirement is to have two ports (one management port, and one data
port). When installing vThunder from the OVA file, three ports are automatically created
(one management and two data ports). If desired, you can add or remove data ports
after the vThunder instance is deployed.

To connect the vThunder to other devices, you must connect each vThunder interface to a separate port group on the virtual
switch (vSwitch) on the VMware host.

In a typical deployment, one of the data interfaces is connected to the server farm, and the other data interface is connected
to the clients. However, one-arm deployment is also supported. You also can add additional data interfaces as needed.

Figure 2 on page 9 shows an example of vThunder interface connections. Each vThunder interface is connected to a sepa-
rate port group on the VMware host’s vSwitch. Each of the port groups is connected to a separate physical interface (NIC).

Document No.: VT-VMWARE-ESXI-002 - 7/24/2015 | page 8

vThunder for VMware ESXi—Installation Guide
Overview

FIGURE 2 vThunder for VMware ESXi Interfaces

vThunder also supports management connection to the command line interface (CLI) through the console in vSphere Cli-
ent. The console is required for initial configuration. You can access the ACOS device on the Mgmt (Management), Ethernet 1
(Eth1), and Ethernet 2 (Eth2) interfaces after you configure IP addresses on them and connect them to a port group on a
vSwitch.

page 9 | Document No.: VT-VMWARE-ESXI-002 - 7/24/2015

 vThunder for VMware ESXi—Installation Guide
Overview

Feature Support (Varies Based on Software Release)

vThunder for VMware ESXi supports many of the same features as the Thunder and AX Series hardware-based models, but
the exact set of supported features varies based on whether vThunder is running an ADC (SLB) release or a CGN (IPv6 Migra-
tion) release.

TABLE 1 Unsupported Features in Various ACOS Software Releases

ADC, CGNv6, or DDoS? Software Release Number Features which are NOT supported
ADC (SLB) ACOS 2.6.1.x When vThunder is running an ADC (SLB) release, it sup-
ports most of the same features supported by the Thunder
ACOS 2.7.x
and AX Series hardware-based models. However, the fol-
ACOS 4.x1 2 lowing features are not supported:
• CGN (IPv6 Migration) features
(Large-scale NAT, DS-Lite, NAT64/DNS64)
• Transparent (Layer 2) deployment
• Hardware-specific features (for example, hardware-
based HTTP/HTTPS compression and hardware-based
SSL acceleration)
• Port mirroring
• Trunking (802.1Q trunking)
• SSL Intercept and SSL Forward Proxy are supported in
4.0.x, but are not supported in prior releases
• ECDHE/DHE ciphers (requires an SSL ASIC)
CGN (IPv6 Migration) ACOS 2.6.6.x When vThunder is running a CGNv6 Migration release, it
supports most of the same features as the Thunder and AX
ACOS 2.8.x
Series hardware-based models, such as Large-scale NAT,
ACOS 4.x DS-Lite, NAT64/DNS64, and Lightweight 4over6. However,
the following features are not supported:
• Port mirroring
• Trunking (802.1Q trunking) / Single-interface mode
• ADC (SLB) features

1. ACOS 4.0, offers both an ADC/SLB feature set or a CGN feature set, but the two feature sets are mutually exclusive.
This means that once ADC is selected, then the CGN configuration options are no longer displayed in the CLI or GUI.
The following CLI command can be used to enable the ADC or CGN feature sets: application-type {adc | cgnv6}
2. When ACOS 4.0.x is deployed on a vThunder instance, and RBA is used to create multiple partitions within that vThunder
instance, it is possible for one partition to be deployed in ADC mode while the other partition can be deployed in CGN mode.

Document No.: VT-VMWARE-ESXI-002 - 7/24/2015 | page 10

vThunder for VMware ESXi—Installation Guide
Overview

Limitations
vThunder has the following limitations.

Promiscuous Mode
vThunder runs in non-promiscuous mode by default in order to achieve slight performance optimizations. However, the fol-
lowing limitations will apply:

• VE interfaces can be bound to only 1 tagged/untagged physical interface

• VE MAC address assignment scheme changes are not supported

If these limitations are problematic, you may remove them by re-enabling promiscuous mode. A vThunder system that is
running in non-promiscuous mode can be transitioned back to promiscuous mode with the following command:

system promiscuous-mode

NOTE: When making the transition from promiscuous mode to non-promiscuous mode (or
vice-versa), the vThunder instance must be reloaded.

When upgrading to 2.6.1-GR1-P4 from a prior release, vThunder automatically decides whether to run in promiscuous mode
or non-promiscuous mode based on the existing configuration. If the configuration satisfies all requirements for running in
non-promiscuous mode, then the system will default to running in non-promiscuous mode. Otherwise, the system will con-
tinue to run in promiscuous mode in order to avoid introducing incompatibilities between the old configuration and the
defaults associated with the newer software version.

High Availability Limitations

The following HA limitations will apply:

• In ACOS releases earlier than 4.0, HA in-line mode configurations are not supported.
• In ACOS 4.0, high availability can only be configured using VRRP-A.

page 11 | Document No.: VT-VMWARE-ESXI-002 - 7/24/2015

 vThunder for VMware ESXi—Installation Guide
Installing vThunder on vSphere Client

Installing vThunder on vSphere Client

This section describes the process of installing an instance of the vThunder on a vSphere client.

NOTE: The vSphere Client procedures in this guide are based on vSphere Client version 4.1.0.

Adding Extra Port Groups if Necessary

vThunder requires a separate port group for each vThunder interface (Management, Ethernet 1, and Ethernet 2), configured
before you begin vThunder installation. If the port groups are not already created in your ESXi, create them using the steps
below. Otherwise, go to “Installing the vThunder Instance” on page 12.

To add a port group to a vSwitch:

1. Start vSphere Client and log onto the VMware host system.

2. In the Inventory, select the host.

3. Click the Configuration tab and select Networking.

4. In the right column, select Properties next to the virtual switch (vSwitch) name.

5. Click Add.

6. Select Virtual Machine as the connection type, and click Next.

7. Edit the name in the Network Label field. This is the name you will select in step 10 in “Installing the vThunder
Instance” on page 12.

8. If your ESXi physical interface is not tagged, leave the VLAN ID set to 0. If your ESXi physical interface is tagged, set the
VLAN ID to the VLAN tag number.

9. Click Next, then click Finish.

10. Repeat for each port group. The vThunder interfaces must be in separate port groups.

11. Click Close.

Installing the vThunder Instance

1. Start vSphere Client and log onto the VMware host system, if not already logged in.

2. Download or copy the vThunder .ova archive file into the virtual machine store folder.

3. Select File > Deploy OVF Template.

4. Click Browse and navigate to the vThunder .ova archive file, and then click Open.

Document No.: VT-VMWARE-ESXI-002 - 7/24/2015 | page 12

vThunder for VMware ESXi—Installation Guide
Installing vThunder on vSphere Client

5. Click Next. The OVF Template Details screen appears, similar to that shown below:

FIGURE 3 OVF Template Details window

6. Click Next. The End User License Agreement screen appears. Review the license agreement, and if the terms are
acceptable, click Accept.

7. Click Next. The Name and Location screen appears. If desired, edit the default name of the vThunder template, and
then click Next.

FIGURE 4 Name and Location window

page 13 | Document No.: VT-VMWARE-ESXI-002 - 7/24/2015

 vThunder for VMware ESXi—Installation Guide
Installing vThunder on vSphere Client

NOTE: If a vThunder template is already installed using the default template name, you will
need to edit a new name for the new template to avoid a conflict.

8. The Resource Pool screen appears. Select the resource pool where you would like to deploy the template, and then
click Next.

9. If the Disk Format screen appears, select Thick provisioned format. This option provides better performance than
Thin provisioned format.

10. The Network Mapping screen appears. Map each vThunder network interface (Management, Ethernet 1, and
Ethernet 2) to a separate port group in the Destination Networks column.

To map a network interface, select a vThunder interface in the Source Networks column, and then select the port group
from the drop-down list in the Destination Networks column. For example, select source network “Management” and
destination network “Mgmt”. (See Figure 2 on page 9 and Figure 5 on page 14.)

The actual names of the port groups may differ. You assign the names when you create them as a prerequisite for
vThunder installation.

FIGURE 5 Deploy OVF Template - Network Mapping

11. Click Next to proceed.

Document No.: VT-VMWARE-ESXI-002 - 7/24/2015 | page 14

vThunder for VMware ESXi—Installation Guide
Installing vThunder on vSphere Client

The Ready To Complete screen appears, similar to that shown below:

FIGURE 6 Ready to Complete window

12. Verify all settings are correct, and click Finish. The vSphere Client deploys the new vThunder virtual machine.

Modifying vSwitch Settings

By default, VMware only allows packets that are addressed to a virtual machine (such as the vThunder) to be forwarded to
the virtual switch (vSwitch) ports connected to that virtual machine. However, for proper operation, the vThunder also must
be able to receive packets that are not addressed to it, such as packets addressed to load-balanced servers.

NOTE: The procedure below only applies to VMware's vSwitch. If you are using a third-party vir-
tual switch, such as the Cisco Nexus or Catalyst Series, this procedure may not be neces-
sary.

If the vThunder network interfaces are in a tagged VLAN, tagged VLAN mode also must be enabled on the vSwitch. By
default, tagged VLAN support is disabled.

1. Open vSphere Client, if not already open.

2. In the virtual machines inventory, select the host machine on which the vThunder is installed.

3. Click the Configuration tab.

page 15 | Document No.: VT-VMWARE-ESXI-002 - 7/24/2015

 vThunder for VMware ESXi—Installation Guide
Installing vThunder on vSphere Client

4. In the Hardware section, click Networking.

5. Click Properties next to the virtual machine to which the vThunder is connected.

6. Click the Port tab.

7. Select the interface.

8. Click Edit.

9. If the vThunder network interfaces are in a tagged VLAN, enter 4095 in the VLAN ID field to enable tagging. Otherwise,
leave the VLAN ID set to None.

NOTE: If the vThunder network interfaces are in a VLAN and you do not enter ‘4095’ in the
VLAN ID field, then the vThunder configuration will fail.

10. Click OK.

11. Click Close to close the Properties tab.

Powering On the vThunder Instance

1. Open vSphere Client, if not already open.

2. In the virtual machines inventory, select the vThunder virtual machine.

3. From the menu bar, select Inventory > Virtual Machine > Power > Power On.

Accessing the vThunder CLI on the Console

Initial configuration of vThunder requires the console. Using the console, you can configure IP addresses on the manage-
ment and data interfaces.

1. In the virtual machines inventory, select the vThunder virtual machine.

2. Click the Console tab or right-click and select Open Console. The Console window appears.

3. Click on the console window to activate keyboard support for the console window.

NOTE: While keyboard support is active for a console window, you cannot interact with other
windows. To escape the console, press Ctrl+Alt.

Document No.: VT-VMWARE-ESXI-002 - 7/24/2015 | page 16

vThunder for VMware ESXi—Installation Guide
Installing vThunder on vSphere Client

Adding Extra Ethernet Data Interfaces

The vThunder has two data interfaces by default. You can add more data interfaces as needed.

NOTE: The management interface always must be the first interface.

NOTE: Before adding an interface, see “Adding Extra Port Groups if Necessary” on page 12.

To add a data interface:

1. In the virtual machines inventory, select the vThunder virtual machine.

2. Click the Getting Started tab, if the page is not already displayed.

3. On the Getting Started page, select Edit virtual machines settings.

4. The Virtual Machine Properties dialog appears.

5. Click Add.

6. The Add Hardware dialog appears.

7. Select Ethernet Adapter and click Next.

8. In the Adapter Type section, select vmxnet3 from the Type drop-down list.

NOTE: The type for data interfaces must be “vmxnet3”. The type for the management interface
is “e1000”.

NOTE: If you want to enable “no dedicated management port mode”, which can be helpful for
customers who do not wish to have a dedicated management port, make sure the man-
agement interface type is set to "vmxnet3" and not "e1000". All interfaces should be set
to the same driver/adapter (i.e., "vmxnet3"). See “Support for “no dedicated manage-
ment port mode”” on page 18 for more information.

9. In the Network Connection section, select the vSwitch to which to map the new vThunder interface.

10. Click Next.

11. Review the configuration information to ensure that it is correct, then click Finish.

The vThunder interface is added to the port group on the vSwitch.

12. Reboot the vThunder virtual machine:

a. In the virtual machines inventory, select the vThunder virtual machine.

b. From the menu bar, select Inventory > Virtual Machine > Power > Reset.

page 17 | Document No.: VT-VMWARE-ESXI-002 - 7/24/2015

 vThunder for VMware ESXi—Installation Guide
Installing vThunder on vSphere Client

13. To verify the new interfaces, log onto the vThunder and enter the following command in the CLI: show interface brief

Compare the MAC addresses of the ACOS interfaces with the MAC addresses on the network interfaces configured in
VMware for the vThunder. They should match.

Support for “no dedicated management port mode”

ACOS 272-P4 offers the capability to run vThunder for VMware in “no dedicated management port mode”. When a vThunder
for VMware instance is in this mode, only one network adapter (VMXNET3 device driver) is used for all interfaces (both data
and management). This ability is in contrast to previous releases, in which the E1000 device driver was typically used as the
driver for a dedicated management interface and a different driver was used for the data ports.

This enhancement will help customers who are running vThunder for VMware in an environment where they do not want to
have a dedicated management port. In releases prior to 272-P4, it was typical for a regular vThunder for VMware instance to
have drivers assigned to ports as shown in Table 2 below. The interfaces could have different drivers assigned to the different
interfaces.

TABLE 2 Drivers assigned to ports

Mgmt and data ports use different drivers All ports use VMXNET3 driver
Eth1 – E1000 Eth1 – VMXNET3
Eth2 – VMXNET3 Eth2 – VMXNET3
Eth3 – VMXNET3 Eth3 – VMXNET3

When all interfaces use the VMXNET3 driver, there is no dedicated management interface, and any random port can be used
to provide management access.

Configuration

This enhancement, “no dedicated management port mode” cannot be enabled or disabled through the CLI or GUI. Instead,
the feature is enabled automatically by a new algorithm in the code. This algorithm runs a check when a new vThunder for
VMware instance is booting, and the algorithm checks for the presence of a dedicated management interface (“eth0”). If no
such “eth0” port exists, then ACOS automatically enables the “no dedicated management port mode”, with no intervention
from the user.

When ACOS is performing this check while the vThunder instance is booting, it also checks the startup config file. If the
startup config file is empty, then ACOS populates the config file with the following configuration to define the interface and
allow it to receive an IP address from a DHCP server. (The following is a hypothetical example of what would appear in the
config file if the admin had created a vThunder instance with 3 interfaces. The number of interfaces in the config file could
vary accordingly.)

interface ethernet 1
enable
ip address dhcp
!
interface ethernet 2
enable
ip address dhcp
!

Document No.: VT-VMWARE-ESXI-002 - 7/24/2015 | page 18

vThunder for VMware ESXi—Installation Guide
Installing vThunder on vSphere Client

interface ethernet 3
enable
ip address dhcp
!
enable-management service ssh ethernet 1 to 3
enable-management service http ethernet 1 to 3
enable-management service https ethernet 1 to 3
enable-management service snmp ethernet 1 to 3

Notes:

• If a vThunder instance is running in “no dedicated management port mode,” then a DHCP server should be set up for
at least one of the interfaces to ensure that management access is possible.
• The auto-populated contents of the config file that is automatically created when the “no dedicated management
port mode” is enabled (i.e., the sample shown above) should not be deleted or modified, or this may cause the fea-
ture to stop working correctly.
• This feature applies to vThunder for VMware and does not apply to any other hypervisor flavors upon which vThunder
can run.

• At present, this feature is only supported in ACOS 2.7.2-P4, and is not supported in any other releases.

page 19 | Document No.: VT-VMWARE-ESXI-002 - 7/24/2015

 vThunder for VMware ESXi—Installation Guide
Installation Using ovftool

Installation Using ovftool

To install vThunder using ovftool:

1. Download or copy the vThunder64 .ova archive file into the virtual machine store folder.

2. Run a script such as the following:

# ovftool \
--acceptAllEulas \
--name=your-vm-name \
--net:"Management"=MGMT \
--net:"Ethernet 1"=Client \
--net:"Ethernet 2"=Server \
--datastore=NFS_ds1 \
/local/path/to/SoftAX64-with-eula.ovf \
'vi://yourusername@vcenter-hostname:443/datacenter-name/host/your-host-name/Resources/
your-resource-group-name/'

Table 3 describes the commands shown in the example.

TABLE 3 ovftool commands for installing vThunder

ovftool Command Description
--acceptAllEulas Accepts all the End User License Agreements (EULAs) included
with vThunder.
--name=your-vm-name Name you are assigning to the vThunder.
net:"Management"=MGMT Maps the vThunder Management interface to a port group on the
vSwitch. In this example, port group name is “MGMT”.
net:"Ethernet 1"=Client Maps the vThunder Ethernet 1 interface to a port group on the
vSwitch.
net:"Ethernet 2"=Server Maps the vThunder Ethernet 2 interface to a port group on the
vSwitch.
datastore=NFS_ds1 Specifies the target datastore for the deployment.
/local/path/to/SoftAX64-with-eula.ovf The filepath to the SoftAX64-with-eula.ovf file.
'vi:// ...’ The target type (vi) and the filepath to the installation target.

To power on the vThunder, use the following command:

--powerOn

Document No.: VT-VMWARE-ESXI-002 - 7/24/2015 | page 20

vThunder for VMware ESXi—Installation Guide
Installing the License and Initial Login

Installing the License and Initial Login

This section shows how to obtain and install your product license, and how to log into the vThunder virtual appliance with
SSH (CLI) or HTTPS (GUI).

• Default management IP address: 172.31.31.31 /24

• Default admin username and password: admin, a10
• Default enable password required for configuration access, blank (none)

For more detailed steps, see the following:

• “License Installation” on page 21

• “Initial vThunder Configuration” on page 25

License Installation
The vThunder virtual appliance will have limited ability to pass user traffic until you install a license. You must obtain one of
the following types of licenses:

• 30-day Free vThunder trial license, OR

• Paid vThunder production license

The license installation process is virtually the same for the free trial and paid versions, and consists of the following high-
level steps:

1. “Downloading Software and Requesting a License from A10 Networks Website” on page 21

2. “Obtaining the Host ID/UID” on page 22

3. “Entering the License” on page 23

Downloading Software and Requesting a License from A10 Networks Website

You can download a free trial software or request a license by filling out a form on the A10 Networks website.

1. Go to the following URL: https://www.a10networks.com/vthunder-embed

2. Enter your name, email address, and other required registration information in the form.

3. Click Submit.

4. You will soon receive an email from A10 Networks containing two links:

• Software Download Link – If not already installed, click this link and follow the instructions to install the vThunder
software.
• Request License Link – Click this link from the email, which should appear similar to the following:
https://files.a10networks.com/vThunder_trial/subuidcode.php?uidfcus=aAFexRept2zjzYPDycWj&email=
[email protected]

page 21 | Document No.: VT-VMWARE-ESXI-002 - 7/24/2015

 vThunder for VMware ESXi—Installation Guide
Installing the License and Initial Login

a. After clicking the “Request License Link”, a page appears containing a blank field.

b. Enter the vThunder Host ID/UID. (The identifier is called a “Host ID” in the 2.7.x GUI and CLI, and it is called a “UID” in
the 4.x GUI.)

c. Paste the Host ID/UID string into the blank field, and then click Submit. (See “Obtaining the Host ID/UID” on
page 22 to obtain the Host ID string.) A confirmation message appears with the license located beneath the mes-
sage.

d. Copy the license and paste it into the ACOS GUI, as described here: “Entering the License” on page 23.

Obtaining the Host ID/UID

You can obtain the UID (also referred to as the “Host ID”) from the GUI or CLI.

From the GUI

1. Establish a connection to the ACOS device through the management interface.

2. Navigate as follow:

• If you are running ACOS 2.7.x release:

a. Select Config Mode > System > Maintenance > License.

b. The Host ID field appears near the top o f the page.

c. Copy the entire Host ID. (This i a hexadecimal string found near the Host ID field.)

d. Paste the Host ID in the blank field described above in step b of “Downloading Software and Requesting a License
from A10 Networks Website” on page 21 .

• If you are running ACOS 4.0.x release:

NOTE: The ACOS 4.0.x release currently does not support the ability to display the Host ID/UID
via the GUI.
To capture the UID, you must use the CLI by running the show license uid
command, as described below.

From the CLI

To obtain the Host ID/UID from the CLI:

1. Establish a connection to the ACOS device through the management interface.

2. Access the Privileged EXEC (enable) level or any configuration level of the CLI.

3. Enter the following command: show license uid

4. Copy the entire UID, which is the hexadecimal string displayed by the CLI.

5. Paste the UID into the blank field in the Web form, as described above in step b of “Downloading Software and
Requesting a License from A10 Networks Website” on page 21

Document No.: VT-VMWARE-ESXI-002 - 7/24/2015 | page 22

vThunder for VMware ESXi—Installation Guide
Installing the License and Initial Login

NOTE: If you upgrade to a newer version of VMware, this will change the Host ID/UID, which
will cause the installed vThunder license to become invalid. Therefore, if you choose to
upgrade to a newer version of VMware, you will need to obtain and install a new vThun-
der license.

Entering the License

Once you have obtained the free trial license or production license, you can enter it from the ACOS GUI or CLI.

From the GUI

To enter the license from the ACOS GUI:

1. Establish a connection to the ACOS device through the management interface.

2. Navigate as follow:

• If you are running ACOS 2.7.x release:

a. Config Mode > System > Maintenance > License.

b. Click Install to expand the field.

c. Paste the entire text of the license that you copied from the Web form into the License field.

d. Click Update.

• If you are running ACOS 4.0.x release:

a. System > Maintenance > Licenses.

b. Click Upgrade.

c. Paste the entire text of the license that you copied from the Web form into the Definition field.

d. Click the Upgrade button.

From the CLI

To enter the license from the ACOS CLI:

1. Access the Privileged EXEC (enable) level or any configuration level of the CLI.

2. Paste the license string into a file and save it on a server that can be locally accessed over the network by the vThunder.

3. Enter the following command to install the license:

import license file-name url

The file-name is the name of the file in which you saved the license. The url specifies the file transfer protocol, username
(if required), and directory path.

You can enter the entire URL on the command line or press Enter to display a prompt for each part of the URL. If you
enter the entire URL and a password is required, you will still be prompted for the password. To enter the entire URL:

page 23 | Document No.: VT-VMWARE-ESXI-002 - 7/24/2015

 vThunder for VMware ESXi—Installation Guide
Installing the License and Initial Login

• tftp://host/file
• ftp://[user@]host[:port]/file
• scp://[user@]host/file
• sftp://[user@]host/file
4. Enter the following command to verify license installation:

show license

CLI Example

The following commands log onto the CLI, access the Privileged EXEC level, and display the license host ID:

login as: admin

Using keyboard-interactive authentication.
Password:***
Last login: Mon Aug 2 07:58:10 2010

[type ? for help]

vThunder>enable
Password:******** <blank by default>
vThunder#show license uid
5172DE29D49EE3C101C7A0CD54FB8A0B6EC92CEE

The following command installs the license:

vThunder#import license softax-lic1.txt tftp://192.168.1.101/licenses/softax-lic1.txt

The following command verifies license installation:

vThunder#show license
Feature Installed: bandwidth
: 200 Mbps
Version: 1.01
Exp date: permanent
Host ID: 5172DG29E49EE3C102C7A0CD54FB8A0B6EC92CEE

More about Global License Manager (GLM)

For information about the different vThunder license billing models, please see “Pay-as-you-Go Billing with Global License
Manager” in the vThunder Pay-as-you-Go Licensing Installation and User Guide. This chapter explains how to select a paid
production license, the differences between the Rental Billing Model (RBM) and the Universal Billing Model (UBM), and tells
you how to access the GLM server if you would like to request additional licenses for your vThunder instances.

You can request a PDF of this document after creating a GLM account from this URL:
https://glm.a10networks.com/wizard/glm_welcome/create_account

Document No.: VT-VMWARE-ESXI-002 - 7/24/2015 | page 24

vThunder for VMware ESXi—Installation Guide
Installing the License and Initial Login

Initial vThunder Configuration

This section describes how to configure IP connectivity on the vThunder management and data interfaces.

NOTE: To display a list of commands for a level of the CLI, enter a question mark ( ? ) and press
Enter. You can display the list separately for each level.

For syntax help, enter a command or keyword followed by a “space”, then enter ? then
press Enter. This works for commands with sub-commands also.

Login via CLI

1. Log into vThunder with the default username admin and the default password a10.
login as: admin
Welcome to vThunder
Using keyboard-interactive authentication.
Password:***
[type ? for help]

2. Enable the Privileged EXEC level by typing enable and pressing the Enter key. There is no default password to enter
Privileged EXEC mode.

vThunder>enable
Password:(just press Enter on a new system)
vThunder#

3. Enable the configuration mode by typing config and pressing Enter.

vThunder#config
vThunder(config)#

4. It is strongly suggested that a Privileged EXEC enable password be set up as follows:

vThunder(config)#enable-password newpassword

Configure the Management Interface

NOTE: It is recommended to keep the management interface and the data interfaces in sepa-
rate IP subnets. If this is not done, certain operations, such as pinging may have unex-
pected results.

1. Configure the management interface IP address and default gateway. In the factory default configuration, the manage-
ment interface has IP address 172.31.31.31/24.

NOTE: The management interface is an out-of-band interface; therefore, it should not be on

the same subnet as any of the data interfaces.

page 25 | Document No.: VT-VMWARE-ESXI-002 - 7/24/2015

 vThunder for VMware ESXi—Installation Guide
Installing the License and Initial Login

In the example below, the IP address for the management interface is 192.168.2.228. None of the data interfaces should
have an IP address of 192.168.2.x.

vThunder(config)#interface management
vThunder(config-if:management)#ip address 192.168.2.228 /24
vThunder(config-if:management)#ip default-gateway 192.168.2.1

2. Verify the interface IP address change:

vThunder(config-if:management)#show interface management

GigabitEthernet 0 is up, line protocol is up.
Hardware is GigabitEthernet, Address is xxxx.yyyy.zzzz
Internet address is 192.168.2.228, Subnet mask is 255.255.255.0
...

3. Optionally, configure the ACOS device to use the management interface as the source interface for automated man-
agement traffic generated by the ACOS device:

ACOS(config-if:management)#ip control-apps-use-mgmt-port

(For more information, see the “Management Interface as Source for Automated Management Traffic" chapter in the System
Configuration and Administration Guide.)

vThunder(config-if:management)#exit
vThunder(config)#

Configuring Single-interface Mode for vThunder

NOTE: Single-interface mode is only supported in SLB releases and is not supported in IPv6
Migration releases.

NOTE: Single-interface mode is only supported on vThunder for VMware in ACOS 2.7.2-P6 and
later, and it will be supported in the upcoming 4.1.x release.

To simplify deployment, the vThunder instance can be configured to use a single interface for management and data traffic.
While other sections in this document refer to having a separate management and data interface, “single-interface mode”
requires consolidating the functionality of both interfaces into one unified interface. You can configure vThunder to use
DHCP to assign the same IP address to the interface IP, Source NAT IP, and the SLB VIP.

Prerequisites:

• The vThunder interface type must be set to “vmxnet3” for single-interface mode.

To configure vThunder to use a single IP assigned by the DHCP server:

1. Use the commands shown below to force the interface to use the IP assigned by DHCP:

Document No.: VT-VMWARE-ESXI-002 - 7/24/2015 | page 26

vThunder for VMware ESXi—Installation Guide
Installing the License and Initial Login

interface ethernet 1
ip address dhcp

2. SSH to the vThunder’s interface IP address that was assigned by the DHCP server.

3. Use the following commands to make vThunder use the IP assigned by DHCP as the VIP:

slb virtual-server v1 use-if-ip ethernet 1

port 80 tcp
service-group http-sg1

NOTE: This command will cause the VIP to use the same IP address that DHCP assigned to the
vThunder data interface.

4. Use the following commands to configure vThunder to use a source NAT pool:

ip nat pool pool1 use-if-ip ethernet 1

Configuring vThunder Network Settings for Web GUI Access

When configuring single-interface mode, you must configure vThunder to use one port (such as port 80) for VIP traffic and a
different port for Web-based GUI traffic (port 8080 for HTTP and port 8443 for HTTPS).

Use the commands below to configure the vThunder instance to separate the two types of traffic.

For ACOS 2.7.x and later, use the following CLI commands:

web-service server
web-service port 8080
web-service secure-server
web-service secure-port 8443

For ACOS 4.1.x and later, use the following CLI commands:

web-service port 8080

web-service secure-port 8443

NOTE: In some deployments, it may be necessary to configure additional “endpoints” on the

host side to get single-interface mode to work correctly. Please contact A10 Support for
additional information.

page 27 | Document No.: VT-VMWARE-ESXI-002 - 7/24/2015

 vThunder for VMware ESXi—Installation Guide
Upgrading vThunder

Change the Admin Password

A10 Networks recommends that you change the admin password immediately for security.

vThunder(config)#admin admin password newpassword

vThunder(config-admin:admin)#

The vThunder is now network accessible for configuration under the new IP address and admin password.

NOTE: By default, Telnet access is disabled on all interfaces, including the management inter-
face. SSH, HTTP, HTTPS, and SNMP access are enabled by default on the management
interface only, and disabled by default on all data interfaces.

Save the Configuration Changes – write memory

Configuration changes must be saved to system memory to take effect the next time the vThunder is powered on. Other-
wise, the changes are lost if the vThunder virtual machine or its host machine are powered down.

To write the current configuration to system memory:

vThunder(config)#write memory
Building configuration...
[OK]

Additional Resources – Where to go from here?

After you have logged into the vThunder GUI or CLI, you may be in need of assistance to configure the device. More informa-
tion can be found in the latest ACOS Release Notes. This document has a list of new features, known issues, and other infor-
mation to help get you started.

It is also highly recommended to use the basic deployment instructions that appear in the System Configuration and Adminis-
tration Guide.

Upgrading vThunder
NOTE: There is no upgrade path from 2.7.1 to 4.0.x. Instead, you must first upgrade from 2.7.1-
Px to 2.7.2-P3, and then you can upgrade from 2.7.2-P3 to 4.0.x.

The vThunder instance uses the same system image as model AX 2500.

To upgrade the vThunder using the GUI, follow the procedure below:

1. To download the latest software tar file, navigate to the following URL:
https://www.a10networks.com/support/axseries/software-downloads#vthunder

Document No.: VT-VMWARE-ESXI-002 - 7/24/2015 | page 28

vThunder for VMware ESXi—Installation Guide
Upgrading vThunder

NOTE: A10 Support username and password are required.

2. Once the tar file is downloaded, log into the vThunder instance and use the ACOS GUI to navigate as follow:

• If running ACOS 2.7.x release:

a. Select Config Mode > System > Maintenance > Upgrade.

b. Select the desired Upgrade from option (Local or Remote).

c. Click OK.

• If running ACOS 4.0.x release:

a. Select System > Maintenance > Upgrade.

b. Select the Media radio button (Disk or Compact Flash).

c. If you selected Disk, you must also specify the Destination radio button (Primary or Secondary).

d. Select the desired Upgrade from option (Local or Remote).

e. Navigate to the appropriate tar file.

f. Click the Upgrade button.

3. When the upgrade is complete, make sure to clear the browser cache to ensure proper display of the ACOS GUI.

page 29 | Document No.: VT-VMWARE-ESXI-002 - 7/24/2015

 vThunder for VMware ESXi—Installation Guide
Upgrading vThunder

Document No.: VT-VMWARE-ESXI-002 - 7/24/2015 | page 30

vThunder for VMware ESXi—Installation Guide

page 31 | Document No.: VT-VMWARE-ESXI-002 - 7/24/2015

 3

Document No.: VT-VMWARE-ESXI-002 | 7/24/2015