Add BIG-IP device to OpenShift Cluster Network

This document provides step-by-step instructions for integrating a standalone BIG-IP device into an OpenShift Cluster Network.

Complete the following tasks to add a BIG-IP device to an OpenShift cluster network.

Task Table
Step Task

Create a Node for the BIG-IP device:

Set up the BIG-IP system:

Create a Node for the BIG-IP device

OpenShift SDN uses custom Annotations to identify Nodes as part of the Cluster network. When you include these Annotations in a HostSubnet manifest, the SDN recognizes the new Node and allocates a subnet to it.

  • pod.network.openshift.io/fixed-vnid-host: "0"
  • pod.network.openshift.io/assign-subnet: "true"

Create a HostSubnet

Define a HostSubnet manifest using valid YAML or JSON.

For the hostIP, provide an IP address from the BIG-IP network that will support the VXLAN overlay.

apiVersion: v1
kind: HostSubnet
metadata:
  name: f5-bigip-01
  annotations:
    pod.network.openshift.io/fixed-vnid-host: "0"
    pod.network.openshift.io/assign-subnet: "true"
# provide a name for the BIG-IP device's host Node
host: f5-bigip-node-01
# Provide an IP address to serve as the BIG-IP VTEP in the OpenShift SDN
hostIP: 172.16.1.28

HostSubnet - BIG-IP Standalone

Upload the Host Subnet to the OpenShift API server

Use the oc create <HostSubnet-filename.yaml> command to upload the HostSubnet file(s) to the OpenShift API server.

oc create -f f5-kctlr-openshift-hostsubnet.yaml
hostsubnet "f5-bigip-01" created

Verify creation of the HostSubnet(s)

Important

Note the subnet that the OpenShift SDN assigned to the BIG-IP host Node.

oc get hostsubnet
NAME                  HOST                  HOST IP         SUBNET
f5-big-ip             f5-bigip-node         172.16.1.28     10.129.2.0/23
master.internal.net   master.internal.net   172.16.1.10     10.129.0.0/23
node1.internal.net    node1.internal.net    172.16.1.24     10.130.0.0/23
node2.internal.net    node2.internal.net    172.16.1.25     10.128.0.0/23

Set up the BIG-IP system

Important

The steps in this section require either Administrator or Resource Administrator permissions on the BIG-IP system.

Create a VXLAN tunnel

  1. Create a BIG-IP VXLAN profile with flooding-type multi-point.

    create /net tunnels vxlan ose-vxlan flooding-type multipoint
    
  2. Create a BIG-IP VXLAN tunnel.

    • Set the local-address to the BIG-IP HostSubnet’s hostIP address.
    • Set the key to 0 to grant the BIG-IP device access to all OpenShift projects and subnets.
    create /net tunnels tunnel openshift_vxlan key 0 profile ose-vxlan local-address 172.16.1.28
    

Create a self IP in the VXLAN

Create a self IP address in the VXLAN tunnel. Use an IP address from the subnet that the OpenShift SDN allocated to the BIG-IP’s HostSubnet.

  • The subnet mask you assign to the self IP must match the one that the OpenShift SDN assigns to nodes (in this example, it’s /23).

    Warning

    The default subnet mask varies depending on which OpenShift platform you’re using (Origin/Online vs. Enterprise vs. OCP). Check the documentation for your platform before proceeding.

  • If you use the BIG-IP configuration utility to create a self IP, you may need to provide the full netmask instead of the CIDR notation.

  • If you don’t specify a traffic group, the self IP will use the BIG-IP system’s default (traffic-group-local-only).

create /net self 10.129.2.3/23 allow-service none vlan openshift_vxlan

Create a floating self IP in the VXLAN

Create a floating IP address on the BIG-IP device. Use an IP address from the subnet that the OpenShift SDN allocated to the BIG-IP’s HostSubnet.

create /net self 10.129.2.4/23 allow-service none traffic-group traffic-group-1 vlan openshift_vxlan

Note

All virtual servers created by the BIG-IP Controller use the BIG-IP SNAT automap feature, which prefers floating IP addresses over static IPs. See BIG-IP SNATs and SNAT automap for more information.

Verify creation of the BIG-IP objects

You can use a TMOS shell or the BIG-IP configuration utility to verify object creation.

show /net tunnels tunnel openshift_vxlan
show /net running-config self 10.129.2.3/23
show /net running-config self 10.129.2.4/23

You should now be able to successfully send traffic through the BIG-IP system to and from endpoints within your OpenShift Cluster.

See also

If you’re having trouble with your network setup, see Network troubleshooting.