How to set up the F5 Agent for Hierarchical Port Binding¶
Overview¶
This guide demonstrates how to set up the F5 Integration for OpenStack Neutron LBaaS to use standard Hierarchical Port Binding (HPB) or to integrate the F5 Agent with a Cisco ACI OpFlex network.
Before you begin¶
This document assumes that you already:
- have a functional OpenStack cloud;
- set up all networking components;
- licensed and configured your BIG-IP device(s) for software-defined networking (SDN) (requires a Better or Best license);
- installed the F5 Agent and Driver;
- set up security groups for BIG-IP in OpenStack.
Important
- If you’re managing a BIG-IP device/cluster with multiple instances of the F5 Agent running on different hosts, each instance must use the same
f5_network_segment_physical_network. - If you’re using differentiated service environments, every F5 Agent in a service group must use the same HPB settings.
Tasks¶
| Task | Description |
|---|---|
| Set up the F5 Agent for standard HPB | Complete this section if you are using an SDN controller other than Cisco APIC. |
| Set up HPB with Cisco APIC/ACI & OpFlex on RedHat OSP | Complete this section if you are using the F5 Agent with Cisco APIC, ACI & OpenStack OpFlex. |
| Verify your setup. | Create neutron lbaas objects in a specific network segment to verify your setup. |
HPB settings¶
| Configuration Parameter | Description |
|---|---|
agent_id |
Manually configures the F5 Agent’s “host” name. For Cisco ACI: corresponds to the |
f5_external_physical_mappings = default:1.1:True |
Default setting; tells the F5 Agent that BIG-IP 1.1 is a
tagged interface connected to the external network
(physnet1 in the Cisco example). |
f5_network_segment_physical_network |
Activates HPB; tells Neutron what network segment you’re going to
create tenant networks in ( This should match a mapping used in the |
f5_global_routed_mode = False |
Default setting; disables the F5 Agent Global routed mode. |
common_network_ids = <neutron_uuid>:<BIG-IP_network_name> |
Tells the F5 Agent that a VLAN set up directly on the BIG-IP device corresponds to a specific Neutron network. For example:
|
Set up standard HPB¶
Edit the F5 Agent configuration file:
vi /etc/neutron/services/f5/f5-openstack-agent.iniSet the HPB settings as appropriate for your environment.
Hierarchical Port Binding Example¶############################################################################### # L2 Segmentation Mode Settings ############################################################################### # f5_external_physical_mappings = default:1.1:True # ... f5_network_segment_physical_network = <name_of_neutron_network> # f5_network_segment_polling_interval = 10 # f5_pending_services_timeout = 60 # ############################################################################### # L3 Segmentation Mode Settings ############################################################################### # f5_global_routed_mode = False #
Set up HPB with Cisco APIC/ACI & OpFlex on RedHat OSP¶
Note
The information provided here supplements the Cisco ACI with OpenStack OpFlex Deployment Guide for Red Hat. It assumes you have already completed the deployment and network configuration steps in the Cisco Deployment Guide.
See the Cisco APIC/ACI with OpFlex Use Case for more information about this deployment.
Configure the OpFlex ML2 Plugin to use Hierarchical Port Binding
Edit the F5 Agent configuration file:
vi /etc/neutron/services/f5/f5-openstack-agent.iniSet the HPB settings as appropriate for your environment.
Important
- The Cisco OpFlex plugin identifies the F5 Agent using the
agent_IDconfiguration parameter. - The F5 Agent
f5_network_segment_physical_networkconfiguration parameter corresponds to the Neutron external network segment where you want to create LBaaS objects. In the example provided here (and in the Cisco deployment guide),physnet1is the name of this segment.
###############################################################################
# Static Agent Configuration Setting
###############################################################################
#
agent_id = "f5-lbaasv2"
#
...
###############################################################################
# L2 Segmentation Mode Settings
###############################################################################
#
f5_external_physical_mappings = default:1.1:True
#
...
f5_network_segment_physical_network = physnet1
#
f5_network_segment_polling_interval = 10
#
f5_pending_services_timeout = 60
#
###############################################################################
# L3 Segmentation Mode Settings
###############################################################################
#
f5_global_routed_mode = False
#
Verify your deployment¶
Create LBaaS objects in Neutron
- Create a new Neutron load balancer for a subnet in the
f5_network_segment_physical_networkset up for the F5 Agent. - Create one (1) listener on a different subnet.
- Create one (1) pool
- Create two (2) pool members.
neutron lbaas-loadbalancer-create --name lb1 --vip-address <ip_address> <subnet_uuid> neutron lbaas-listener-create --name vs1 --loadbalancer lb1 --protocol HTTP --protocol-port 80 neutron lbaas-pool-create --name pool1 --protocol HTTP --lb-algorithm ROUND_ROBIN --listener vs1 neutron lbaas-member-create --address <ip_address> --protocol-port 80 --subnet <subnet_uuid> --name member1 pool1
- Create a new Neutron load balancer for a subnet in the
Use the BIG-IP configuration utility to verify creation of the partition, virtual server, pool, and pool members.
- Click the
2in the Members column to view the pool members.
You should now be able to send HTTP traffic to the listener (the BIG-IP virtual server) and load balance the traffic between the two pool members.