This document provides general information regarding the F5 Integration for Cloud Foundry. For deployment and usage instructions, please refer to the guides below.
The BIG-IP Controller for Cloud Foundry (
cf-bigip-ctlr) lets you use an F5 BIG-IP device(s) as an Application Delivery Controller (ADC) serving North-South traffic in Cloud Foundry or Pivotal Cloud Foundry (PCF). See the Container Connector compatibility table for compatibility information.
The BIG-IP Controller is a Docker container-based application that runs on a Cloud Foundry Diego cell. It uses a two-tier architecture:
For each Cloud Foundry Route, the BIG-IP Controller creates a set of forwarding policy rules, a virtual server, pool, and pool members.
By default, the BIG-IP Controller creates a single HTTP virtual server in tier 1, which handles traffic on port 80. You can create an HTTPS virtual server (which uses port 443) by specifying a BIG-IP SSL profile in the Application manifest when you Deploy the BIG-IP Controller for Cloud Foundry.
The BIG-IP Controller creates an L4 (TCP) virtual server for each TCP route.
The F5 Container Connector for Cloud Foundry’s documentation set assumes that you:
To upgrade to a newer version of the BIG-IP Controller for Cloud Foundry, take the steps below.
Update the App manifest with the settings for any new features you want to use.
cf-bigip-ctlr App using the cf push command.
Be sure to use the
-o flag to specify the Docker image and version you want to use.
cf push cf-bigip-ctlr -o f5networks/cf-bigip-ctlr:1.1.0 -f manifest.yaml
You can use the BIG-IP Controller to apply existing BIG-IP services – health monitors, policies, profiles, and SSL profiles – to the virtual server(s) and pools for HTTP routes. (These configurations do not apply to TCP routes.) Likewise, you can select any BIG-IP load balancing mode for both HTTP and TCP pools.
The Cloud Foundry Application Manifest file provides the means of identifying the BIG-IP policies, profiles, etc., you want to apply. Some policy and profile configurations only apply to L7 (HTTP) virtual servers. See the cf-bigip-ctlr configuration parameters table for more information.
See Apply BIG-IP policies and profiles for an example using “x-forwarded-for” and “x-forwarded-proto” headers.
The BIG-IP Controller runs in
global mode by default, meaning a single set of configurations apply to all of the pools/pool members created for Cloud Foundry Routes and Applications.
If you need a greater degree of control over the configurations for Routes associated with specific Apps, you can run the BIG-IP Controller in
broker_mode as a Cloud Foundry Service Broker. See Deploy the BIG-IP Controller for Cloud Foundry with per-Route Virtual Servers for instructions.
If you’re using a BIG-IP device pair or cluster, you can use automatic configuration sync to back up your configurations across all devices. Be sure to use a BIG-IP floating IP address as the external address (
bigip.external_addr) in your Application Manifest. It is possible to run multiple BIG-IP Controller instances – each of which would manage a separate BIG-IP device – provided you have not registered the Controller as a Service Broker. If you go this route, disable auto config sync.
You can use the BIG-IP Controller for Cloud Foundry to manage all of your Cloud Foundry Routes in one BIG-IP partition. You can create per-Route virtual servers – from different Service Plans – to achieve isolation within that partition.
In Cloud Foundry, the Gorouter component routes all incoming L7 traffic. The TCP Router component routes all incoming L4 traffic. Similarly, the BIG-IP Controller uses Cloud Foundry’s routing tables to direct traffic to the correct virtual machine(s) for a requested application. The BIG-IP Controller watches the NATS bus and Routing API for route updates; when the Controller discovers changes, it configures the BIG-IP device(s) accordingly.
When you deploy a new application with a mapped HTTP route in Cloud Foundry, the BIG-IP Controller automatically creates a BIG-IP VIP, pool, pool members, and traffic policy rule for the route. When you deploy a new application with a mapped TCP route in Cloud Foundry, the BIG-IP Controller automatically creates a BIG-IP virtual server, pool, and pool members for the route.