Geo-Location Based Traffic Management with F5 BIG-IP for VMware Products (PoC): Infrastructure Setup (SKKB1018)

In this article we will talk about the infrastructure used for the PoC. We will go through the software components used and the requirements this PoC introduces. We will configure VMware NSX Manger, review DNS entries, deploy F5 BIG-IP GTM and LTM devices, configure F5 BIG-IP with 3rd party certificates, VLAN’s and Self IP’s.

Part 1: Geo-Location Based Traffic Management with F5 BIG-IP for vRA (PoC)
Part 2: Infrastructure Setup (this article)
Part 3: F5 BIG-IP LTM
Part 4: F5 BIG-IP GTM
Part 5: Infrastructure Setup (continued)
Part 6: Use Case 1
Part 7: Use Case 2

Lab Environment

The logical design of this lab can be seen HERE.

 

Infrastructure Setup

Required Components

This Proof of Concept (PoC) is built on top of VMware virtualization technologies. Any of the software component used can be changes with one providing equivalent functionality as long as it satisfies the need of this PoC.
 The PoC foundation relies on the following components:

  • 1x NSX Manager – Provide different VLAN’s to simulate access from different datacenters, Internal, and External networks:
    • F5-Internal-A-01 (VLAN) – Acts as an internal network for the LA datacenter.
    • F5-Internal-B-01 (VLAN) – Acts as an internal network for the NY datacenter.
    • F5-External-A-01 (VLAN) – Acts as an external network for the LA datacenter.
    • F5-External-B-01 (VLAN) – Acts as an external network for the NY datacenter.
    • F5-HA (VLAN) – Acts as an HA network for F5 BIG-IP devices in both the LA and NY datacenters.
  • 4x F5 BIG-IP devices –   2x licensed as GTM and 2x Licensed as LTM devices:
    • f5-gtm-a-01.vmware.com – Acts as an GTM device in the LA datacenter
    • f5-gtm-b-01.vmware.com – Acts as an GTM device in the NY datacenter
    • f5-ltm-a-01.vmware.com – Acts as an LTM device in the LA datacenter
    • f5-ltm-b-01.vmware.com – Acts as an LTM device in the NY datacenter
  • 3x Windows Servers
    • lan1dc1.vmware.com – Acting as DNS authoritative server for the vmware.com root domain. Contains f5.vmware.com zone delegation to F5 with NS records for both GTM devices.
    • srv-a-01.vmware.com – Acts as a LDNS for clients on the external network in LA datacenter. Non-authoritative (Secondary Zone) DNS server for the vmware.com domain.
    • srv-b-01.vmware.com – Acts as a LDNS for clients on the external network in NY datacenter. Non-authoritative (Secondary Zone) DNS server for the vmware.com domain.
  • GeoApp Nodes – In each use case these nodes represent different servers or components of an application. Refer to the particular use case to learn more. For some use cases, not all nodes are necessary.
    • geoapp-la-01.vmware.com – a GeoApp Node server in the LA datacenter.
    • geoapp-la-02.vmware.com – a GeoApp Node server in the LA datacenter.
    • geoapp-la-03.vmware.com – a GeoApp Node server in the LA datacenter.
    • geoapp-la-04.vmware.com – a GeoApp Node server in the LA datacenter.
    • geoapp-la-05.vmware.com – a GeoApp Node server in the LA datacenter.
    • geoapp-la-06.vmware.com – a GeoApp Node server in the LA datacenter.
    • geoapp-ny-01.vmware.com – a GeoApp Node server in the NY datacenter.
    • geoapp-ny-02.vmware.com – a GeoApp Node server in the NY datacenter.
    • geoapp-ny-03.vmware.com – a GeoApp Node server in the NY datacenter.
    • geoapp-ny-04.vmware.com – a GeoApp Node server in the NY datacenter.
    • geoapp-ny-05.vmware.com – a GeoApp Node server in the NY datacenter.
    • geoapp-ny-06.vmware.com – a GeoApp Node server in the NY datacenter.
  • 2x Clients (CentOS) – acting as clients accessing the GeoApp – one in each datacenter.
    • vm-a-01.vmware.com – Acting as client on the external network in LA datacenter
    • vm-b-01.vmware.com – Acting as client on the external network in NY datacenter

During the course of the article you will understand the design decisions behind these components for this PoC. Detailed logical diagram can be viewed at the link provided at the beginning of the article.

This article assumes you already have a virtual environment and are familiar with VMware vCenter Server, VMware ESXi and VMware NSX Manager.

NSX Manager

The NSX implementation in this lab follows standard setup as shown in the logical design diagram at the beginning or the article.

For the purpose of this PoC, five NSX VLAN’s have been created:

  • F5-Internal-A-01 (VLAN) – Acts as an internal network for the LA datacenter.
  • F5-Internal-B-01 (VLAN) – Acts as an internal network for the NY datacenter.
  • F5-External-A-01 (VLAN) – Acts as an external network for the LA datacenter.
  • F5-External-B-01 (VLAN) – Acts as an external network for the NY datacenter.
  • F5-HA (VLAN) – Acts as an HA network for F5 BIG-IP devices in both the LA and NY datacenter.

This is done as many of the F5 BIG-IP GTM and LTM functionalities used require that the F5 BIG-IP devices are configured with all interfaces: Internal, External, HA. Additionally these interfaces must reside on different subnets. Later these VLANs will allow us to load balance traffic based on subnets.

The following screenshot shows the NSX logical switches which were created:

The following screenshot shows how the NSX Distributed Router is connected to these NSX Logical Switches:

 

DNS Server

The following DNS entries have been created on the landc1.vmware.com server which is the Authoritative server for the vmware.com DNS zone.

The following table represents a summary of the IP/DNS/GW/Subnet’s used for all devices, name of the devices, and the intended purpose of the devices in this PoC.

IP

DNS Name

Network

Purpose

DNS

GW

192.168.1.x

n/a

ESXi Mgmt (vCenter)

vCenter/ESXi/VM management network

192.168.1.1

192.168.1.3

172.16.60.x

n/a

F5-internal-A-01 (NSX VLAN)

Acting as internal network for LA DC.

192.168.1.1

172.16.60.1

172.16.70.x

n/a

F5-internal-B-01 (NSX VLAN)

Acting as internal network for NY DC.

192.168.1.1

172.16.70.1

172.16.61.x

n/a

F5-External-A-01 (NSX VLAN)

Acting as external network for LA DC.

172.16.61.30

172.16.61.1

172.16.71.x

n/a

F5-External-B-01 (NSX VLAN)

Acting as external network for NY DC.

172.16.71.30

172.16.71.1

172.16.80.x

n/a

F5-HA (NSX VLAN)

Acting as HA network for F5 devices.

192.168.1.1

172.16.80.1

192.168.1.1

Lan1dc1

ESXi Mgmt (vCenter)

Acting as DNS server for vmware.com

192.168.1.1

192.168.1.3

172.16.61.30

srv-a-01

F5-External-A-01 (NSX VLAN)

Acting as LDNS in the external network for LA DC.

172.16.61.30

172.16.61.1

172.16.71.30

srv-b-01

F5-External-B-01 (NSX VLAN)

Acting as LDNS in the external network for NY DC.

172.16.71.30

172.16.71.1

172.16.61.40

vm-a-01

F5-External-A-01 (NSX VLAN)

Acting as client on the external network for LA DC.

172.16.61.30

172.16.61.1

172.16.71.40

vm-b-01

F5-External-B-01 (NSX VLAN)

Acting as client on the external network for NY DC.

172.16.71.30

172.16.71.1

172.16.60.50

geoapp-la-01

F5-internal-A-01 (NSX VLAN)

GeoApp Node 1 in LA DC

192.168.1.1

172.16.60.1

172.16.60.51

geoapp-la-02

F5-internal-A-01 (NSX VLAN)

GeoApp Node 2 in LA DC

192.168.1.1

172.16.60.1

172.16.60.52

geoapp-la-03

F5-internal-A-01 (NSX VLAN)

GeoApp Node 3 in LA DC

192.168.1.1

172.16.60.1

172.16.60.53

geoapp-la-04

F5-internal-A-01 (NSX VLAN)

GeoApp Node 4 in LA DC

192.168.1.1

172.16.60.1

172.16.60.54

geoapp-la-05

F5-internal-A-01 (NSX VLAN)

GeoApp Node 6 in LA DC

192.168.1.1

172.16.60.1

172.16.60.55

geoapp-la-06

F5-internal-A-01 (NSX VLAN)

GeoApp Node 7 in LA DC

192.168.1.1

172.16.60.1

172.16.70.50

geoapp-ny-01

F5-internal-B-01 (NSX VLAN)

GeoApp Node 1 in NY DC

192.168.1.1

172.16.70.1

172.16.70.51

geoapp-ny-02

F5-internal-B-01 (NSX VLAN)

GeoApp Node 2 in NY DC

192.168.1.1

172.16.70.1

172.16.70.52

geoapp-ny-03

F5-internal-B-01 (NSX VLAN)

GeoApp Node 3 in NY DC

192.168.1.1

172.16.70.1

172.16.70.53

geoapp-ny-04

F5-internal-B-01 (NSX VLAN)

GeoApp Node 4 in NY DC

192.168.1.1

172.16.70.1

172.16.70.54

geoapp-ny-05

F5-internal-B-01 (NSX VLAN)

GeoApp Node 5 in NY DC

192.168.1.1

172.16.70.1

172.16.70.55

geoapp-ny-06

F5-internal-B-01 (NSX VLAN)

GeoApp Node 6 in NY DC

192.168.1.1

172.16.70.1

192.168.1.61

F5-gtm-a-01

ESXi Mgmt (vCenter)

GTM in LA

192.168.1.1

192.168.1.3

192.168.1.63

F5-gtm-b-01

ESXi Mgmt (vCenter)

GTM in NY

192.168.1.1

192.168.1.3

192.168.1.65

F5-ltm-a-01

ESXi Mgmt (vCenter)

LTM in LA

192.168.1.1

192.168.1.3

192.168.1.67

F5-ltm-b-01

ESXi Mgmt (vCenter)

LTM in NY

192.168.1.1

192.168.1.3

172.16.60.2

f5-gtm-a-01-sip-internal-1

F5-internal-A-01 (NSX VLAN)

GTM SIP to Internal network for LA DC: general connectivity

n/a

n/a

172.16.70.2

f5-gtm-b-01-sip-internal-1

F5-internal-B-01 (NSX VLAN)

GTM SIP to Internal network for NY DC: general connectivity

n/a

n/a

172.16.60.10

f5-ltm-a-01-sip-internal-1

F5-internal-A-01 (NSX VLAN)

LTM SIP to Internal network for LA DC: general connectivity

n/a

n/a

172.16.70.10

f5-ltm-b-01-sip-internal-1

F5-internal-B-01 (NSX VLAN)

LTM SIP to Internal network for NY DC: general connectivity

n/a

n/a

172.16.61.2

f5-gtm-a-01-sip-external-1

F5-external-A-01 (NSX VLAN)

GTM SIP to external network for LA DC: general connectivity

n/a

n/a

172.16.61.3

f5-gtm-a-01-sip-external-2

F5-external-A-01 (NSX VLAN)

GTM SIP to external network for LA DC: DNS listener for f5.vmware.com

n/a

n/a

172.16.71.2

f5-gtm-b-01-sip- external -1

F5-external-B-01 (NSX VLAN)

GTM SIP to external network for NY DC: general connectivity

n/a

n/a

172.16.71.3

f5-gtm-b-01-sip- external -2

F5-external-B-01 (NSX VLAN)

GTM SIP to external network for NY DC: DNS listener for f5.vmware.com

n/a

n/a

172.16.61.10

f5-ltm-a-01-sip-external-1

F5-external-A-01 (NSX VLAN)

LTM SIP to external network for LA DC: general connectivity

n/a

n/a

172.16.71.10

f5-ltm-b-01-sip-external-1

F5-external-B-01 (NSX VLAN)

LTM SIP to external network for NY DC: general connectivity

n/a

n/a

172.16.80.2

f5-gtm-a-01-sip-ha-1

F5-HA (NSX VLAN)

GTM SIP to HA network for LA DC

n/a

n/a

172.16.80.10

f5-gtm-b-01-sip-ha-1

F5-HA (NSX VLAN)

GTM SIP to HA network for NY DC

n/a

n/a

172.16.60.100

f5-vs-geoapp-la

F5-internal-A-01 (NSX VLAN)

LTM VIP for GeoApp on internal network for LA DC

n/a

n/a

172.16.60.101

f5-vs-la-geoapp-va-web-443

F5-internal-A-01 (NSX VLAN)

LTM VIP for GeoApp on internal network for LA DC

n/a

n/a

172.16.60.102

f5-vs-la-geoapp-iaas-web-443

F5-internal-A-01 (NSX VLAN)

LTM VIP for GeoApp on internal network for LA DC

n/a

n/a

172.16.60.103

f5-vs-la-geoapp-iaas-mgr-443

F5-internal-A-01 (NSX VLAN)

LTM VIP for GeoApp on internal network for LA DC

n/a

n/a

172.16.60.104

f5-vs-la-geoapp-va-web-5432

F5-internal-A-01 (NSX VLAN)

LTM VIP for GeoApp on internal network for LA DC

n/a

n/a

172.16.70.100

f5-vs-geoapp-ny

F5-internal-B-01 (NSX VLAN)

LTM VIP for GeoApp on internal network for NY DC

n/a

n/a

172.16.70.101

f5-vs-ny-geoapp-va-web-443

F5-internal-B-01 (NSX VLAN)

LTM VIP for GeoApp on internal network for NY DC

n/a

n/a

172.16.70.102

f5-vs-ny-geoapp—iaas-web-443

F5-internal-B-01 (NSX VLAN)

LTM VIP for GeoApp on internal network for NY DC

n/a

n/a

172.16.70.103

f5-vs-ny-geoapp—iaas-mgr-443

F5-internal-B-01 (NSX VLAN)

LTM VIP for GeoApp on internal network for NY DC

n/a

n/a

172.16.70.104

f5-vs-ny-geoapp—va-web-5432

F5-internal-B-01 (NSX VLAN)

LTM VIP for GeoApp on internal network for NY DC

n/a

n/a

 

 

 

 

 

 

Objects or servers containing “-a-“ or “la” in their names are located in the Los Angeles datacenter or as also referred to Datacenter A.

Objects or servers containing “-b-“ or “ny” in their names are located in the New York datacenter or as also referred to Datacenter B.

F5 BIG-IP

 

Deployment

Four F5 BIG-IP Virtual Edition devices have been deployed in vCenter. 

During the deployment all interfaces of the devices were connected.
The network interfaces of the GTM (f5-gmt-a-01) and LTM (f5-ltm-a-01) devices which will reside in the LA datacenter were connected to the following networks in this order:

The network interfaces of the GTM (f5-gmt-b-01) and LTM (f5-ltm-b-01) devices which will reside in the NY datacenter were connected to the following networks in this order:

Note: F5 BIG-IP uses it’s interfaces always in the following order: 

  • Interface 1: Management network
  • Interface 2: Internal Network
  • Interface 3: External Network
  • Interface 4: HA Network

Make sure you connect the F5 BIG-IP devices to the appropriate networks in the correct order.
After power on of the F5 BIG-IP VM’s you can access the BIG-IP Configuration Utility by navigating to https://< DynamicallyAssignedIP>

Log in to the BIG-IP Configuration Utility of each device and finished the initial setup wizard.

For more information on the general steps through which the wizard takes you can be found here, see
Configuring vRealize Automation Load Balancing Using F5 BIG-IP

When entering the license for the f5-gtm-a-01 and f5-gtm-b-01 devices, makes sure to enter a GTM license.
When entering the license for the f5-ltm-a-01 and f5-ltm-b-01 devices, makes sure to enter a LTM license.

Make sure Global Traffic (GMT) resource provisioning module is selected for the GTM devices and if not select it under [System > Resource Provisioning]. You can remove Local Traffic (LTM) module as you do not need it on the GMT devices. You must reboot the device for these change to take effect

Upon successful licensing, module activation, and reboot the [DNS > GSLB] menu should appear in the BIG-IP Configuration Utility.

Make sure Local Traffic (LTM) resource provisioning module is selected for the LTM devices and if not select it under [System > Resource Provisioning]. You must reboot the device for these change to take effect

Upon Successful licensing , module activation,  and reboot the [Local Traffic] menu should appear in the BIG-IP Configuration Utility.

On each device go under [System > Platform] and make sure correct IP, network mask, management route, host name, host ip address, and time zone have been set. Make also sure SSH access has been enabled on all interfaces.
An example screenshot from one of the devices:

 

Certificates

All F5 devices come with self-signed certificates. We need to change these with certificates issued by 3rd party certification authority. This is a requirement for the successful communication between the GMT devices and GMT and LTM devices.

For this purpose I’ve created four certificates, one per device, issued by a CA. These are standard Web Server certificates containing Server Authentication and Client Authentication application policies.
Example screenshot from one of the certificates.

In Addition to the four certificates you will need the CA certificate of the Root and any Intermediate certificate auhotirtyes that you might be using. In My case I’m using 1-Tier CA Hieracrhy so I only need my RooCA CA certificate.

Go on f5-gtm-a-01 device and navigate to [System > Device Certificates > Device Certificate]
Import the following certificates:

  • The GTM device certificate. In this case the f5-gtm-a-01 certificate
  • Root CA certificate
  • Intermediate CA certificate(s)

Navigate to  [System > Device Certificates > Trusted Device Certificate]
Import the following certificates:

  • f5-gtm-a-01 certificate
  • f5-gtm-b-01 certificate
  • f5-ltm-a-01 certificate
  • f5-ltm-b-01 certificate
  • Root CA certificate
  • Intermediate CA certificate(s)

While on f5-gtm-a-01 device navigate to [DNS > GSLB > Servers > Trusted Server Certificates]
Import the following certificates, if not already imported:

  • f5-gtm-a-01 certificate
  • f5-gtm-b-01 certificate
  • f5-ltm-a-01 certificate
  • f5-ltm-b-01 certificate
  • Root CA certificate
  • Intermediate CA certificate(s)

Repeat the steps on the f5-gtm-b-01 GTM device to import the certificates

Go on the f5-ltm-a-01 LTM device and navigate to [System > Device Certificates > Device Certificate]
Import the following certificates:

  • The LTM device certificate. In this case the f5-ltm-a-01 certificate
  • Root CA certificate
  • Intermediate CA certificate(s)

Navigate to [System > Device Certificates > Trusted Device Certificate]
Import the following certificates:

  • f5-gtm-a-01 certificate (The certificate of the GMT which is in the same datacenter as your LTM device)
  • f5-ltm-a-01 certificate (the LTM device certificate)
  • Root CA certificate
  • Intermediate CA certificate(s)

Repeat the steps on the f5-ltm-b-01 device to import the certificates.

 

VLAN’s

A virtual local area network, or VLAN, is a logical collection of hosts on the network. Each VLAN has one or more BIG-IP system interfaces associated with it. VLANs have these primary advantages:

  • VLANs define boundaries for a broadcast domains: Traditionally, network administrators have deployed routers within the same IP network, to define smaller broadcast boundaries. A better solution is to use VLANs. When a host in a VLAN sends a broadcast message to find the MAC address of a destination host, the message is sent to only those hosts in the VLAN. Using VLANs to control the boundaries of broadcast domains prevents messages from flooding the network, thus enhancing network performance.
  • VLANs ease system and network maintenance: Normally, the way to enable hosts to share network resources, such as storage devices and printers, has been to group hosts into the same physical location. Continually moving and re-cabling hosts to other locations on the network, as well as manually updating routing tables, can be a costly and time-consuming task for a system or network administrator. Using VLANs, you can avoid these problems. All hosts that you group within a VLAN can share network resources, regardless of their physical location on the network.

For more information about VLAN, see Configuring VLANs and VLAN Groups and Introducing the Traffic Management Operating System

Go on f5-gtm-a-01 and navigate to [Network > VLANs]
Create VLANs with the following properties:

Name: Internal  
Interface: 1.1
Tagging: Untagged

Name: External 
Interface: 1.2
Tagging: Untagged

Name: High-Availability
Interface: 1.3
Tagging: Untagged

Leave all other properties to their default values.
At the end you should have the following interfaces created:

If you go under [Network > Interfaces > Interface list] you should see all interfaces shown with status UP

Repeat the steps on the rest of the GMT and LTM devices to create the same VLAN’s  and use the same properties.

 

Self IP’s (SIP)

Each VLAN you create has its own self IP address. The BIG-IP system uses this address as the source IP address when sending requests to hosts in a VLAN, and hosts in a VLAN use this IP address as the destination IP address when sending responses to the BIG-IP system.

When you first ran the Setup utility, you assigned a self IP address to the internal VLAN, and another self IP address to the external VLAN. As you create other VLANs, you assign self IP addresses to them, too. Also, units of a redundant system can share a self IP address, to ensure that the BIG-IP system can process server responses successfully when failover has occurred

For more information about VLAN, see Configuring VLANs and VLAN GroupsIntroducing the Traffic Management Operating System, and Configuring Self IP Addresses.

In this case we will be creating Self IP’s (SIP) on each of the VLAN’s we created earlier.
Go on f5-gtm-a-01 and navigate to [Network > Self IP’s]

Create four new SIP’s with the following properties:

Name: f5-gtm-a-01-sip-external-1
IP Address: 172.16.61.2
Netmask: 255.255.255.0
VLAN/ Tunnel: External
Port Lockdown: Allow All
Traffic Group: traffic-group-local-only

Name: f5-gtm-a-01-sip-external-2
IP Address: 172.16.61.3
Netmask: 255.255.255.0
VLAN/ Tunnel: External
Port Lockdown: Allow All
Traffic Group: traffic-group-local-only

Name: f5-gtm-a-01-sip-ha-1
IP Address: 172.16.80.2
Netmask: 255.255.255.0
VLAN/ Tunnel: High-Availability
Port Lockdown: Allow All
Traffic Group: traffic-group-local-only

Name: f5-gtm-a-01-sip-internal-1
IP Address: 172.16.61.2
Netmask: 255.255.255.0
VLAN/ Tunnel: Internal
Port Lockdown: Allow All
Traffic Group: traffic-group-local-only

Leave all other properties to their default values.

Go to the f5-gtm-b-01 GTM and navigate to [Network > Self IP’s]
Create SIP’s with the following properties:

Name: f5-gtm-b-01-sip-external-1
IP Address: 172.16.71.2
Netmask: 255.255.255.0
VLAN/ Tunnel: External
Port Lockdown: Allow All
Traffic Group: traffic-group-local-only

Name: f5-gtm-b-01-sip-external-2
IP Address: 172.16.71.3
Netmask: 255.255.255.0
VLAN/ Tunnel: External
Port Lockdown: Allow All
Traffic Group: traffic-group-local-only

Name: f5-gtm-b-01-sip-ha-1
IP Address: 172.16.80.10
Netmask: 255.255.255.0
VLAN/ Tunnel: High-Availability
Port Lockdown: Allow 8All
Traffic Group: traffic-group-local-only

Name: f5-gtm-b-01-sip-intrenal-1
IP Address: 172.16.70.2
Netmask: 255.255.255.0
VLAN/ Tunnel: Internal
Port Lockdown: Allow All
Traffic Group: traffic-group-local-only

Leave all other properties to their default values.

Go to the  f5-ltm-a-01 LTM and navigate to [Network > Self IP’s]
Create SIP’s with the following properties:

Name: f5-ltm-a-01-sip-external-1
IP Address: 172.16.61.10
Netmask: 255.255.255.0
VLAN/ Tunnel: External
Port Lockdown: Allow All
Traffic Group: traffic-group-local-only

Name: f5-ltm-a-01-sip-internal-1
IP Address: 172.16.60.10
Netmask: 255.255.255.0
VLAN/ Tunnel: Internal
Port Lockdown: Allow All
Traffic Group: traffic-group-local-only

Leave all other properties to their default values.

Go to the f5-ltm-b-01 LTM and navigate to [Network > Self IP’s]
Create SIP’s with the following properties:

Name: f5-ltm-b-01-sip-external-1
IP Address: 172.16.71.10
Netmask: 255.255.255.0
VLAN/ Tunnel: External
Port Lockdown: Allow All
Traffic Group: traffic-group-local-only

Name: f5-ltm-b-01-sip-internal-1
IP Address: 172.16.70.10
Netmask: 255.255.255.0
VLAN/ Tunnel: Internal
Port Lockdown: Allow All
Traffic Group: traffic-group-local-only

Leave all other properties to their default values.

 

 

DISCLAIMER; This is a personal blog. Any views or opinions represented in this blog are personal and belong solely to the blog owner and do not represent those of people, institutions or organizations that the owner may or may not be associated with in professional or personal capacity, unless explicitly stated. Any views or opinions are not intended to malign any religion, ethnic group, club, organization, company, or individual.
All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information.
Photos
Unless stated, all photos are the work of the blog owner and are licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License. If used with watermark, no need to credit to the blog owner. For any edit to photos, including cropping, please contact me first.
Recipes
Unless stated, all recipes are the work of the blog owner and are licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License. Please credit all recipes to the blog owner and link back to the original blog post.
Downloadable Files
Any downloadable file, including but not limited to pdfs, docs, jpegs, pngs, is provided at the user’s own risk. The owner will not be liable for any losses, injuries, or damages resulting from a corrupted or damaged file.
Comments
Comments are welcome. However, the blog owner reserves the right to edit or delete any comments submitted to this blog without notice due to
– Comments deemed to be spam or questionable spam
– Comments including profanity
– Comments containing language or concepts that could be deemed offensive
– Comments containing hate speech, credible threats, or direct attacks on an individual or group
The blog owner is not responsible for the content in comments.
This policy is subject to change at anytime.

Leave a Reply

Your email address will not be published. Required fields are marked *