Manage BIG-IP Clusters

You can use the F5 Integration for OpenStack Neutron LBaaS to manage BIG-IP device service clusters with high availability, mirroring, and failover services in your OpenStack cloud.

Clustering provides a greater degree of redundancy than a standalone device offers. It helps to avoid service interruptions that could otherwise occur if a device should go down.

Learn more

Prerequisites

Caveats

  • The F5 Agent for OpenStack Neutron can manage clusters of two (2) to four (4) BIG-IP devices. Active-standby, or “pair”, mode applies to two-device clusters; scalen applies to clusters of more than two (2) devices.
  • The administrator login must be the same on all BIG-IP devices in the cluster.
  • F5 strongly advises against using configuration synchronization in clusters managed by the F5 Agent.

Configuration

Edit the device settings and Device driver/iControl Driver settings sections of the F5 Agent configuration file.

  1. Set the HA mode to pair or scalen.

    vi /etc/neutron/services/f5/f5-openstack-agent.ini
    ...
    # HA mode
    #
    f5_ha_type = pair    \\ 2-device cluster
    f5_ha_type = scalen  \\ 2-4 device cluster
    #
    #
    
  2. Add the iControl endpoint (IP address) for each BIG-IP device in the cluster and the admin login credentials. Values must be comma-separated.

    #
    icontrol_hostname = 1.2.3.4,5.6.7.8
    #
    icontrol_username = myusername
    #
    icontrol_password = mypassword
    #
    

Learn more

The F5 Integration for OpenStack Neutron LBaaS can manage a BIG-IP Sync-Failover device group when you set High Availability mode to pair or scalen .

BIG-IP scalen cluster diagram

BIG-IP scalen cluster

The F5 Agent expects to find a specific number of iControl endpoints (the icontrol_hostname Agent configuration parameter) based on the f5_ha_type, as noted below.

F5 Integration for OpenStack Neutron LBaaS high availability (HA) options
HA type Number of iControl endpoints expected
standalone 1
pair 2
scalen > 2

F5 LBaaSv2 and BIG-IP Auto-sync

Important

The F5 Agent for OpenStack Neutron applies LBaaS configuration changes to each BIG-IP device in a cluster at the same time, in real time. For this reason, do not use configuration synchronization (config sync) in clusters managed by the F5 Integration for OpenStack Neutron LBaaS.

For example, if you create a load balancer for a device group using config sync, the create command will succeed on the first device in the group and fail on the others. The failure occurs because config sync has already created the requested partition on each device in the cluster.

If you need to sync a BIG-IP device group, do so manually after making changes to Neutron LBaaS objects.

Danger

If you must use config sync mode, set the f5_ha_type to standalone and enter the iControl endpoint for one (1) of the BIG-IP devices in the group.

If you choose to do so, you must manually replace the iControl endpoint in the F5 Agent configuration file with the iControl endpoint of another device in the group if the configured device should fail.

While it is possible to use config sync for a device group after creating a new load balancer, it is not recommended.

F5 has not tested or verified this functionality.