VNFM deployment guide¶
To deploy F5 VNF Manager blueprint solutions, do the following:
Do one of the following to launch an instance in your private cloud environment:
Do one of the following to enable external access to the F5 VNF Manager:
- Add a floating IP in OpenStack. This step is optional for VNF Manager version 1.3.0 and later.
- Add an external IP in VMware
BEFORE continuing, create a snapshot/clone of your working instance in your VIM for backup and restoration purposes.
Define your system secrets. For help defining secrets, see the Secrets reference guide.
If using multiple VIMs for deploying blueprints in multiple data centers, see the grouped secrets section in the Secrets reference guide.
- Define parameters in the inputs file. For inputs definitions, see the Blueprint inputs reference guide.
- Deploy a local F5 blueprint solution.
- OPTIONAL: Once you deploy a solution, you can update the deployment and associate a new blueprint, change parameters, define additional workflow actions, and make other similar changes.
Once you complete these deployment steps, consult the supporting reference topics for more details about using the F5 VNFM.
Secure access to your F5 VNFM¶
To access your VNFM, using https point your browser to the IP address you created in the previous steps and assigned to your management network.
For example, in OpenStack, find your IP address here:
For example, in vSphere ESXi, find your IP address here:
Login to VNFM using username: admin and password: admin.
To change the admin password (you cannot change the username), do one of the following:
To update the admin password using the VNF Manager UI, in the top-right corner, click Admin, select Change Password, and then in the Change password for Admin dialog box enter a complex password.
To update the profile using the CLI type:
[admin@vnfm ~]$ vnfm users set-password admin -p new_admin_password
.
MANDATORY: To update the admin profile, using the CLI you MUST do the following:
[admin@vnfm ~]$ vnfm profile set -p new_admin_password Validating credentials... Credentials validated Setting password to <new_admin_password> Settings saved successfully [admin@vnfm ~]$ vnfm status Retrieving Manager services status... [ip=localhost] Services: +--------------------------------+--------+ | service | status | +--------------------------------+--------+ | VNFM Console | Active | | AMQP-Postgres | Active | | Manager Rest-Service | Active | | RabbitMQ | Active | | Webserver | Active | | Management Worker | Active | | PostgreSQL | Active | +--------------------------------+--------+
To learn more, consult the User Management topic, the Server Maintenance CLI guide, and the Tenant Management topic.
Important
F5 recommends managing your VNFM administration account using a role-based access control (RBAC) method, such as LDAP or Active Directory. Learn more about integrating with LDAP. At a minimum, set a complex admin password.
Define parameters in the inputs.yaml file¶
The F5 blueprints use an inputs.yaml file that you must edit, adding your system definitions:
You must configure a BIG-IQ before deploying a VNFM Gi LAN or Gi Firewall solution blueprint. You can do this manually, or use the F5 VNF BIG-IQ blueprint solution to automate the configuration. To use the F5 VNF BIG-IQ blueprint, open one of the following inputs file, copy and paste the sample inputs file into a new file, change the parameter values according to your application and network requirements, and then save the file locally:
VIM VNFM Solution Version YAML (for UI) VNFM Solution Version JSON (for REST API) OpenStack Version 10 or Version 13 VNF-BIG-IQ 1.3.1, 1.4.0, and 2.0.2 VNF-BIG-IQ 1.3.1, 1.4.0, and 2.0.2 VMware vSphere ESXi Version 6.5 VNF-BIG-IQ 1.3.1, 1.4.0, and 2.0.2 VNF-BIG-IQ 1.3.1, 1.4.0, and 2.0.2 Depending on your blueprint solution, VNFM version, and VIM, open one of the following YAML or JSON blueprint solution files:
VIM VNFM Solution Version YAML (for UI) VNFM Solution Version JSON (for REST API) OpenStack Version 10 or Version 13 Gi LAN 1.3.1, 1.4.0, and 2.0.2
Gi Firewall 1.3.1, 1.4.0, and 2.0.2
Base 1.3.1, 1.4.0, and 2.0.2
DNS 1.3.1, 1.4.0, and 2.0.2
DNS Security VNF Service 1.4.0 and 2.0.2
CGNAT-Offering 2.0.2Gi LAN 1.3.1, 1.4.0, and 2.0.2
Gi Firewall 1.3.1, 1.4.0, and 2.0.2
Base 1.3.1, 1.4.0, and 2.0.2
DNS 1.3.1 1.4.0, and 2.0.2
DNS Security VNF Service 1.4.0 and 2.0.2
CGNAT-Offering 2.0.2VMware vSphere ESXi Version 6.5 Gi LAN 1.3.1, 1.4.0, and 2.0.2
Gi Firewall 1.3.1, 1.4.0, and 2.0.2
Base 1.3.1, 1.4.0, and 2.0.2
DNS 1.3.1, 1.4.0, and 2.0.2
DNS Security VNF Service 1.4.0 and 2.0.2
CGNAT-Offering 2.0.2Gi LAN 1.3.1, 1.4.0, and 2.0.2
Gi Firewall 1.3.1, 1.4.0, and 2.0.2
Base 1.3.1, 1.4.0, and 2.0.2
DNS 1.3.1, 1.4.0, and 2.0.2
DNS Security VNF Service 1.4.0 and 2.0.2
CGNAT-Offering 2.0.2Copy and paste the contents of the sample inputs yaml file into a new file and change the parameter values according to your application and network requirements. See the Blueprint inputs reference guide for parameter descriptions to help you define your inputs.YAML file.
Save the inputs file(s) locally. You will upload blueprint YAML file(s) into VNFM in Step 6, Deploy local F5 (Gilan) blueprint.
Deploy local F5 blueprint¶
Once you change all the values in the blueprint inputs file(s) for your VIM and save it locally, upload the file into F5 VNF Manager. The inputs file will define all required parameters for the following blueprint files, depending on the solution you selected and your VIM:
- F5-VNF-BIG-IQ.yaml
- F5-VNF-Service-Layer-Base.yaml
- F5-VNF-Service-Layer-Firewall.yaml
- F5-VNF-Service-Layer-GiLAN.yaml
- F5-VNF-Service-Layer-DNS.yaml
- F5-VNF-Service-Layer-Secure-DNS.yaml
- F5-VNF-Service-Layer-CGNAT-Offering.yaml
- Open F5 VNFM, click Local Blueprints, and then in the F5-BIGIQ main blueprint tile click Deploy.
Tip
You can manually configure your own BIG-IQ utility; however, F5 recommends automating this process by deploying this F5-VNF-BIG-IQ blueprint. If deploying the F5-VNF-BIG-IQ blueprint from a VMware vSphere ESXi VIM, you must NOT use 192.168.1.200 and 192.168.1.245 IP addresses on the same network the F5 VNF Manager is connected, until AFTER you deploy the F5-VNF-BIG-IQ blueprint and the BIG-IQ HA pair is online. Once the BIG-IQ HA pair is online, those IP addresses become available.
- Enter a name, under Deployment Inputs, click
browse for the
inputs_[solution name].yaml
file you edited, and then click Open. The Deploy blueprint form is completed automatically with the values you entered in theinputs_[solution name].yaml
file.
Tip
Troubleshooting: If you receive an error at this point, then your inputs file is out of date and lacks the correct parameters.
- Click Deploy.
Tip
Troubleshooting: If you receive an error at this point, then it is related to a missing secrets value or a typo in a secrets value.
On the left-side menu click the Deployments blade, in the list next to the blueprint you created in the previous step, expand
, click Install, and then click Execute. The VNFM uses the configuration node, configuring the BIG-IQ, and the deployment outputs return the BIG-IQ licensing and addressing information required by the other main F5 solution blueprints.
Once the BIG-IQ blueprint finishes executing, repeat steps 1-4, selecting one of the following blueprints, depending on the solution you selected:
- F5-VNF-Service-Layer-Base.yaml main blueprint file
- F5-VNF-Service-Layer-Firewall.yaml main blueprint file
- F5-VNF-Service-Layer-GiLAN.yaml main blueprint file
- F5-VNF-Service-Layer-DNS.yaml main blueprint file
- F5-VNF-Service-Layer-Secure-DNS.yaml main blueprint file
- F5-VNF-Service-Layer-CGNAT-Offering.yaml main blueprint file
VNFM starts creating BIG-IP VEs according to the parameters you defined for your network. Also installed includes additional, sub-blueprints packaged with the F5 main blueprints.
Once your blueprint install finishes executing, to view a model of your VNF installation, on the Deployments blade, click a name from the list. A model of your VNF topology appears, along with a list of all the nodes and event logs.
To add an events and logs filtering widget to this page
- In the top-right corner click your login name, select Edit Mode, and then click Add Widget.
- Scroll the list and select Events/logs filter, and then click Add selected widget.
- Scroll to the top of the page, click and drag the Events/logs filter widget down the page, and place it just before the Deployment Events/Logs pane on the page.
- Close the Edit mode dialog box. You can now filter event/logs based on type, log level, and other similar criteria. Learn more about events and logs.
To view the list of applicable workflows (for example, scale out group, heal VE, etc.) that you can run, on the Deployments blade, click
next to your Gilan or Base deployment in the list. A list of applicable workflows for your solution appears. Learn more about workflows and which workflows to run for which deployments.
Using the same VNF Manager, you can download and define another inputs YAML file for another local F5 blueprint, and repeat these deploy blueprint steps.
Update existing deployment¶
You can update, delete/force delete, or define a site for any existing deployment using either .

Or
Click the Deployment to open the Deployment details page, and at the top of the page, select:

- Update deployment
- Delete deployment
- Set Site to define a site for this deployment (from the
menu only).
- Click the Deployments blade, click deployment name to open the details page, and then at the top of the window, click Update Deployment.
- The Update Deployment popup widow appears. Do one of the following:
- To edit input values directly in the form, click Show Data Types, to view the JSON or YAML formats for each input.
- Click Load Values, to browse for and upload a new/updated yml file.
- Scroll to the bottom of the dialog box and click Preview to view a deployment without executing operations, or Update to submit your changes.
Delete existing deployment¶
Use one of the following options:
- Click the Deployments blade, click deployment name to open the details page or click , and then at the top of the window, click Update Deployment.
- Click Force Delete (from the
menu only) will delete a deployment even if the deployment contains active nodes.
Set site¶
Use this option to associate a site/location for where you want to run this deployment. You must have defined sites in your environment, before assigning them to individual deployments. See Site Management for complete details.
What’s Next?