F5 Container Connector - Cloud Foundry

This document provides general information regarding the F5 Integration for Cloud Foundry. For deployment and usage instructions, please refer to the guides below.

Overview

The BIG-IP Controller for Cloud Foundry (cf-bigip-ctlr) lets you use an F5 BIG-IP device(s) as an Application Delivery Controller (ADC) serving North-South traffic in Cloud Foundry or Pivotal Cloud Foundry (PCF). See the Container Connector compatibility table for compatibility information.

The BIG-IP Controller is a Docker container-based application that runs on a Cloud Foundry Diego cell. It uses a two-tier architecture:

  • One virtual server handles all ingress traffic for the cloud (tier 1);
  • this “ingress” virtual server uses URI routing and L7 forwarding policies to send traffic to the appropriate virtual server for each Route (tier 2).

For each Cloud Foundry Route, the BIG-IP Controller creates a set of forwarding policy rules, a virtual server, pool, and pool members.

A diagram showing how the BIG-IP Controller for Cloud Foundry sends traffic through the BIG-IP system. All traffic goes first to a single virtual server, which uses L7 policies to send requests on to the correct virtual server for each Route.

By default, the BIG-IP Controller creates a single HTTP virtual server in tier 1, which handles traffic on port 80. You can create an HTTPS virtual server (which uses port 443) by specifying a BIG-IP SSL profile in the Application manifest when you Deploy the BIG-IP Controller for Cloud Foundry.

The BIG-IP Controller creates an L4 (TCP) virtual server for each TCP route.

General Prerequisites

The F5 Container Connector for Cloud Foundry’s documentation set assumes that you:

  • already have a functional PCF or Cloud Foundry cloud;
  • are familiar with the Cloud Foundry CLI and API;
  • already have a BIG-IP device licensed and provisioned for your requirements; and
  • are familiar with BIG-IP LTM concepts and tmsh commands.

Installation

You can deploy the F5 BIG-IP Controller for Cloud Foundry using an Application Manifest. The Application Manifest tells Cloud Foundry and the BIG-IP Controller :

  • how to deploy the BIG-IP Controller into the Cloud Foundry environment,
  • how to log in to the BIG-IP device,
  • how to set up the BIG-IP device when you launch the BIG-IP Controller for the first time, and
  • how to access orchestration information from the environment.

Important

The BIG-IP Controller requires Administrator permissions in order to provide full functionality.

Upgrade

To upgrade to a newer version of the BIG-IP Controller for Cloud Foundry, take the steps below.

  1. Update the App manifest as desired.

  2. Deploy the cf-bigip-ctlr App using the cf push command.

    Be sure to use the -o flag to specify the Docker image and version you want to use.

    cf push cf-bigip-ctlr -o f5networks/cf-bigip-ctlr:1.1.0 -f manifest.yaml
    

Apply BIG-IP Services to Cloud Foundry Routes

You can use the BIG-IP Controller to apply existing BIG-IP services – health monitors, policies, profiles, and SSL profiles – to the virtual server(s) and pools for HTTP routes. (These configurations do not apply to TCP routes.) Likewise, you can select any BIG-IP load balancing mode for both HTTP and TCP pools.

The Cloud Foundry Application Manifest file provides the means of identifying the BIG-IP policies, profiles, etc., you want to apply. Some policy and profile configurations only apply to L7 (HTTP) virtual servers. See the cf-bigip-ctlr configuration parameters table for more information.

Tip

See Apply BIG-IP policies and profiles for an example using “x-forwarded-for” and “x-forwarded-proto” headers.

The BIG-IP Controller runs in global mode by default, meaning a single set of configurations apply to all of the pools/pool members created for Cloud Foundry Routes and Applications.

If you need a greater degree of control over the configurations for Routes associated with specific Apps, you can run the BIG-IP Controller in broker_mode as a Cloud Foundry Service Broker. See Deploy the BIG-IP Controller for Cloud Foundry with per-Route Virtual Servers for instructions.

BIG-IP High Availability and Multi-tenancy

If you’re using a BIG-IP device pair or cluster, you can use automatic configuration sync to back up your configurations across all devices. Be sure to use a BIG-IP floating IP address as the external address (bigip.external_addr) in your Application Manifest. It is possible to run multiple BIG-IP Controller instances – each of which would manage a separate BIG-IP device – provided you have not registered the Controller as a Service Broker. If you go this route, disable auto config sync.

You can use the BIG-IP Controller for Cloud Foundry to manage all of your Cloud Foundry Routes in one BIG-IP partition. You can create per-Route virtual servers – from different Service Plans – to achieve isolation within that partition.

See also

For information about high availability and App redundancy, see the PCF documentation:

Key Cloud Foundry Concepts

Routes, NATS, and Routing API

In Cloud Foundry, the Gorouter component routes all incoming L7 traffic. The TCP Router component routes all incoming L4 traffic. Similarly, the BIG-IP Controller uses Cloud Foundry’s routing tables to direct traffic to the correct virtual machine(s) for a requested application. The BIG-IP Controller watches the NATS bus and Routing API for route updates; when the Controller discovers changes, it configures the BIG-IP device(s) accordingly.

When you deploy a new application with a mapped HTTP route in Cloud Foundry, the BIG-IP Controller automatically creates a BIG-IP VIP, pool, pool members, and traffic policy rule for the route. When you deploy a new application with a mapped TCP route in Cloud Foundry, the BIG-IP Controller automatically creates a BIG-IP virtual server, pool, and pool members for the route.

See also

The Pivotal Cloud Foundry documentation provides instructions for adding an external load balancer to your Cloud Foundry deployment.

See Cloud Foundry’s Routes and Domains documentation for more information about how Gorouter creates and maps routes for applications.