F5 Agent for OpenStack Neutron 10.1.0

Current Page

Contents

Cloud Docs Home > F5 Agent for OpenStack Neutron Index

Run the F5 Agent in L2-adjacent mode

L2-adjacent mode lets you use BIG-IP device(s) deployed in micro-segmentation architectures that require L2 and L3 routing, including software-defined networks (SDN).

L2-adjacent mode is the default mode of operation for the F5 agent.

Important

  • All Neutron and external network components should be set up before you deploy the F5 agent in L2-adjacent mode.
  • This mode of deployment may require a BIG-IP Better or Best license that supports SDN.

Warning

Many L3 segmentation mode parameters depend on other configuration parameters. Read about the F5 agent configuration parameters before changing these settings to ensure they don’t conflict.

Set-up

Important

The F5 agent cannot read existing BIG-IP configurations or non-Neutron network configurations. Be sure to set up the configuration file to correctly reflect the existing network architecture and the BIG-IP system configurations.

  1. Edit the F5 Agent Configuration File

    Use your text editor of choice to edit the F5 Agent Configuration File as appropriate for your environment.

vim /etc/neutron/services/f5/f5-openstack-agent.ini

  1. Set the desired F5 agent configuration parameter(s). The example below represents the settings used in the F5 agent functional tests.

    ###############################################################################
# Copyright 2015-2017 F5 Networks Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
###############################################################################
#
#                   ############
#                 ################
#               ###/ _ \###|     |#
#              ###| |#| |##| |######
#             ####| |######| |######
#             ##|     |####\    \###    AGILITY YOUR WAY!
#             ####| |#########| |###
#             ####| |#########| |##
#              ###| |########/ /##
#               #|    |####|  /## 
#                ##############
#                 ###########
#
#                  NETWORKS
#
###############################################################################
#
[DEFAULT]
# Show debugging output in log (sets DEBUG log level output).
debug = True
#
# periodic_interval = 10
#
service_resync_interval = 300
#
###############################################################################
#  Environment Settings
###############################################################################
#
environment_prefix = 'Test'
#
###############################################################################
#  Static Agent Configuration Setting
###############################################################################
#
static_agent_configuration_data =
#
###############################################################################
#  Device Setting
###############################################################################
#
# HA mode
#
# Device can be required to be:
#
# standalone - single device no HA
# pair - active/standby two device HA
# scalen - active device cluster
#
f5_ha_type = standalone
#
###############################################################################
#  L2 Segmentation Mode Settings
###############################################################################
#
# Device VLAN to interface and tag mapping 
#
f5_external_physical_mappings = default:1.1:True
#
# VLAN device and interface to port mappings
#
vlan_binding_driver =
#
interface_port_static_mappings =
#
# Device Tunneling (VTEP) selfips
#
f5_vtep_folder = Common
f5_vtep_selfip_name = selfip.client
#
# Tunnel types
#
advertised_tunnel_types = vxlan
#
# Static ARP population for members on tunnel networks
#
f5_populate_static_arp = False
#
# Device Tunneling (VTEP) selfips
#
l2_population = True
#
# Hierarchical Port Binding
#
# If hierarchical networking is not required, these settings must be commented
# out or set to None.
#
# Restrict discovery of network segmentation ID to a specific physical network
# name.
#
f5_network_segment_physical_network = <Neutron_physical_network_UUID>
#
f5_network_segment_polling_interval = 1
#
f5_pending_services_timeout = 5
#
###############################################################################
#  L3 Segmentation Mode Settings
###############################################################################
#
# Global Routed Mode - No L2 or L3 Segmentation on BIG-IP
f5_global_routed_mode = False
#
use_namespaces = True
#
max_namespaces_per_tenant = 1
#
f5_route_domain_strictness = False
#
# SNAT Mode and SNAT Address Counts
#
# This setting will force the use of SNATs. 
#
f5_snat_mode = True
#
f5_snat_addresses_per_subnet = 1
#
f5_common_external_networks = True
#
# Common Networks
#
common_network_ids =
#
# L3 Bindings
#
l3_binding_driver =
#
l3_binding_static_mappings =
#
###############################################################################
#  Device Driver Setting
###############################################################################
#
f5_bigip_lbaas_device_driver = f5_openstack_agent.lbaasv2.drivers.bigip.icontrol_driver.iControlDriver
#
###############################################################################
#  Device Driver - iControl Driver Setting
###############################################################################
#
icontrol_hostname = DEVICEIP
#
icontrol_username = USERNAME
#
icontrol_password = PASSWORD
#
###############################################################################
# Certificate Manager
###############################################################################
# COMMENT OUT THIS ENTRY IF NOT USING BARBICAN TO MANAGE CERTS
#
cert_manager = f5_openstack_agent.lbaasv2.drivers.bigip.barbican_cert.BarbicanCertManager
#
# Two authentication modes are supported for BarbicanCertManager:
#   keystone_v2, and keystone_v3
#
# Keystone v2 authentication:
#
# auth_version = v2
# os_auth_url = http://localhost:5000/v2.0
# os_username = USERNAME
# os_password = PASSWORD
# os_tenant_name = PROJECT
#
#
# Keystone v3 authentication:
#
auth_version = v3
os_auth_url = http://localhost:5000/v3
os_username = USERNAME
os_password = PASSWORD
os_user_domain_name = default
os_project_name = PROJECT
os_project_domain_name = default
#
#
# Parent SSL profile name
#
# An existing BIG-IP SSL profile you want to use as the parent SSL profile
# for the client SSL profiles created for TERMINATED_HTTPS LBaaS listeners.
#
f5_parent_ssl_profile = clientssl
#

    Download the example configuration file

  2. Restart the F5 agent service.

    CENTOS
    systemctl restart f5-openstack-agent
    UBUNTU
    service f5-oslbaasv2-agent restart

What’s Next

See F5 Agent modes for detailed information regarding each of the Agent’s modes of operation and example use cases. .. todo:: add Cisco APIC/ACI deployment solution guide and link to it here

Support Programs

Regionally located support centers enable F5 to provide support in a number of languages through native-speaking support engineers.

See more

Contact Support

North America: 1-888-882-7535
Outside North America: 800-11-275-435

Local Support Numbers

Feedback and Help

Have questions, suggestions, or just want to get something off your chest? Let us know.

Leave feedback

About F5

Education

F5 sites

Support Tasks

Connect with us

© Copyright 2017 by F5 Networks, Inc. | Policies | Trademarks