Cloud Docs Home > F5 OpenStack Solutions Index

F5 Integration for OpenStack Neutron LBaaS

The F5 Integration for OpenStack Neutron LBaaS orchestrates BIG-IP Application Delivery Controllers (ADCs) with OpenStack Networking (Neutron) services. The Integration consists of the F5 Agent for OpenStack Neutron and F5 Driver for OpenStack LBaaSv2, which work together to configure F5 BIG-IP Local Traffic Manager (LTM) objects via the OpenStack Networking API.

General Prerequisites

This documentation set assumes that you:

See also

See the F5 OpenStack Solution Test Plan for information about minimum supported deployments.

F5 Driver for OpenStack LBaaSv2

The F5 Driver for OpenStack LBaaSv2, or F5 driver, is F5’s OpenStack Neutron LBaaSv2 service provider driver. It picks up Neutron LBaaS calls from the RPC messaging queue and assigns them to the F5 Agent for OpenStack Neutron.

Diagram showing the architecture of the F5 Integration for OpenStack Neutron LBaaS. A user issues a neutron lbaas command; the F5 LBaaSv2 driver assigns the task from the Neutron RPC messaging queue to the F5 Agent for OpenStack Neutron. The BIG-IP Controller periodically reports its status to the Neutron database.

F5 Integration for OpenStack Neutron LBaaS Architecture

F5 Agent for OpenStack Neutron

The F5 Agent for OpenStack Neutron, or F5 agent, translates from “OpenStack” to “F5”. It receives tasks from the Neutron RPC messaging queue, converts them to iControl REST API calls (using the F5 Python SDK), and sends the calls to the BIG-IP device(s).

Diagram showing the operation of the F5 Agent for OpenStack Neutron. A user issues a neutron lbaas command; the F5 LBaaSv2 driver assigns the task to the F5 Agent for OpenStack Neutron; the BIG-IP Controller sends the command to the BIG-IP device as an iControl REST API call to add or edit the requested object.

F5 Agent for OpenStack Neutron traffic flow

Key OpenStack Concepts

Agent-Tenant Affinity

When the Neutron LBaaS plugin loads the F5 driver, it creates a global messaging queue. The F5 Agent for OpenStack Neutron sends all callbacks and status updates to this global queue. The F5 driver picks up LBaaS requests from the global messaging queue in a round-robin fashion, then assigns the tasks to an available F5 agent instance based on “agent-tenant affinity”.

Agent-tenant affinity is a relationship between an F5 agent instance and an OpenStack “tenant”, or project. In brief, once an F5 agent handles an LBaaS request for a particular OpenStack tenant, the F5 agent has “agent-tenant affinity” with that tenant. That instance will handle all future LBaaS requests for that tenant (with a few caveats, noted below).

How “agent-tenant affinity” applies in LBaaS task assignment:

Agent-tenant affinity for a new load balancer
You request a new load balancer (neutron lbaas-loadbalancer-create).
The F5 LBaaSv2 driver checks the Neutron database to find out if an F5 agent instance already has affinity with the tenant the load balancer request is for.
If the F5 LBaaSv2 driver finds an F5 agent instance that has affinity with the load balancer’s tenant, it assigns the request to that instance.

If the F5 LBaaSv2 driver doesn’t find an F5 agent instance that has affinity with the load balancer’s tenant_id, it selects an active F5 agent instance at random.

The selected instance binds to the requested load balancer. It will handle all future LBaaS requests for that load balancer.

Agent-tenant affinity for an existing load balancer
You update an existing load balancer (neutron lbaas-loadbalancer-update).
The F5 LBaaSv2 driver checks the Neutron database to find out if an F5 agent instance is already bound to the load balancer.
If the F5 LBaaSv2 driver doesn’t find a bound F5 agent instance for the load balancer, it looks for an instance that has affinity with the load balancer’s tenant, then assigns the request to that instance.

If the F5 LBaaSv2 driver doesn’t find an F5 agent instance that has affinity with the load balancer’s tenant_id, it selects an active F5 agent instance at random.

The selected instance binds to the requested load balancer. It will handle all future LBaaS requests for that load balancer.

Important

If the F5 agent bound to a load balancer is inactive, the F5 LBaaSv2 driver looks for other active agents with the same Set up F5 agent to use the new environment. The F5 LBaaSv2 driver assigns the task to the first available agent it finds. The inactive F5 agent remains bound to the load balancer, with the expectation that it will eventually come back online and be able to handle future requests.

If you delete an F5 agent, you should also delete all of its bound load balancers.

To find all load balancers associated with a specific F5 agent :

neutron lbaas-loadbalancer-list-on-agent <agent-id>

Partnerships and certifications

The F5 Integration for OpenStack Neutron LBaaS provides under-the-cloud multi-tenant infrastructure L4-L7 services for Neutron tenants. In addition to community OpenStack participation, F5 maintains partnerships with several OpenStack platform vendors. Each partner has a defined certification process that includes requirements for testing the F5 Integration for OpenStack Neutron LBaaS for vendor and community OpenStack compatibility. See the Solution Test Plan for more information.

Footnotes

[1]Unsure how to get started with OpenStack? Consult one of F5’s OpenStack Platform Partners.