Blueprint inputs reference guide

Use the following input descriptions to assist you when completing the BIG-IQ or Gi LAN, Gi Firewall and VNFM Base inputs YAML files. You require an inputs YAML file for each solution blueprint. See the VNFM public GitHub repository. The following table lists the supported inputs file for each release of VNF Manager:

Common VNFM inputs

Parameter VNFM Version Required Blueprint VIM Description
big_iq_pool_license 1.2.1 Yes BIG-IQ and Gi-LAN/F All The base registration key code provided by F5 Networks after Purchase. Used to create RegKey Pool on the F5 BIG-IP system. You received this key in email from F5 Networks after purchase.
big_iq_primary_host_license 1.2.1 Yes BIG-IQ and Gi-LAN/F All Base registration key used to license the primary BIG-IQ system of an HA-pair. You received this key in email from F5 Networks after purchase.
big_iq_secondary_host_license 1.2.1 Yes BIG-IQ All Base registration key used to license the secondary BIG-IQ system of an HA-pair. You received this key in email from F5 Networks after purchase.
Parameter VNFM Version Required Blueprint VIM Description
big_iq_passphrase 1.2.1 Yes BIG-IQ All The passphrase value that BIG-IQ uses to generate a Master Key (minimum of 16-characters, 1 or more capital letters 1 or more lowercase letters, 1 or more numbers, and 1 or more special characters).
big_iq_pool_name 1.2.1 Yes BIG-IQ All The license pool name to use for the VNFM.
default_sg_name 1.2.1 No BIG-IQ OpenStack The name of the pre-existing default security group. This is created by OpenStack with every instance. Required for versions 1.2.1 and earlier.
key_name 1.2.1 Yes BIG-IQ OpenStack The name of the local, private SSH key used for connecting to BIG-IQ.
sw_ref_bigiq 1.2.1 Yes BIG-IQ All The dictionary that defines the BIG-IQ image name, flavor name, availability zone (OpenStack only), and revision value to use for the BIG-IQ HA pair instance. The revision number is used during the upgrade process. Instances with revision values lower than the number of the upgrade image provided, is considered as using an old version of the software.
floating_network_id 1.x Yes * BIG-IQ, Gi-LAN/F and DNS OpenStack The OpenStack ID of the external network where you assigned a floating IP addresses (for example, external_net). * IMPORTANT: This value is optional for VNFM version 1.3 and later and the default value is empty. This input is required for VNFM versions 1.2.1 and earlier.
mgmt_net 1.x Yes All All The name of the pre-existing management OpenStack network or VMware port group, connecting the BIG-IQ licensing utility, VNFM, and related blueprints that orchestrate BIG-IP VE service layers.
mgmt_net_sw_dist 1.2.1 Yes BIG-IQ vSphere The vSphere setting (true/false) of the switch distributed flag for the management network.
mgmt_subnet 1.x Yes All OpenStack The name of the pre-existing management network subnet.
ntp_server 1.x Yes All All The IP address or DNS name of the NTP server, including specifying your local VNFM IP if VNFM will act as the NTP server. Tip: F5 recommends using a local NTP server on a device connected to the MGMT network, or configuring the NTP on your VNFM.
timezone 1.1.x No All All Enter the local timezone for the location of your application server; for example, Pacific/Pago_Pago. Default value is UTC. For acceptable values, consult the TZ database name in this list.
default_gateway 1.x Yes Base, Gi-LAN/F, and DNS All The next hop IP address for outbound traffic egressing the VNF.
ric_purchasing_model 1.1.x Yes Gi-LAN/F and DNS All The purchasing model for licensing (options include: subscription or perpetual).
ric_vnfm_serial 1.1.x Yes Gi-LAN/F and DNS All The VNFM license key provided in your email from F5 (used for support purposes only).
ric_throughput (deprecated) 1.0 - 1.1.1 Yes Gi-LAN/F OpenStack DEPRECATED in version 1.2: Desired throughput for the VNF layer, in Gbps (options include: 5, 10, 50 Gbps).
auto_last_hop 1.x Yes Gi-LAN/F and DNS All Controls how the DAG receives return traffic from the internet. Enable this input, if you are using an F5 device to NAT outbound connections; otherwise, disable.
bgp_dag_pgw_peer_ip 1.x No Gi-LAN/F and DNS All If your environment uses Border Gateway Protocol (BGP) on the client-side, then enter the neighbor address of the PGW to which the DAG BIG-IPs will advertise their default routes.
bgp_vnf_pgw_peer_ip 1.x No Gi-LAN/F, DNS, and CGNAT-Offering All If using BGP on the client-side, then enter the neighbor address of the PGW, enabling the VNF to send traffic directly back to the client without passing it back through the DAG. For CGNAT-Offering deployments BGP on the client-side, enter the neighbor address of the PGW to which the CGNAT VE BIG-IPs will advertise their default routes.
bgp_pgw_peer_as 1.x No Gi-LAN/F and DNS All If using BGP on the client-side, then enter the autonomous system number (ASN) for the BGP neighbor.
bgp_dag_egw_peer_ip 1.x No Gi-LAN/F and DNS All If using BGP on the external-side, then enter the BGP neighbor address.
bgp_egw_peer_as 1.x No Gi-LAN/F and DNS All If using BGP on the external-side, then enter the BGP ASN.
external_net 1.x No Base All The name of the pre-existing external network that connects to your users.
external_sg_name 1.x No Base All The name of the pre-existing external security group.
external_subnet 1.x No Base All The subnet name for the pre-existing external network.
external_subnet_cidr 1.2 No Base vSphere The network ID and subnet mask for the applicable network; for example, 10.6.149.0/24.
internal_net 1.x No Base All The name of the pre-existing internal network that connects to your servers.
internal_sg_name 1.x No Base All The name of the pre-existing internal security group.
internal_subnet 1.x No Base All The subnet name for the pre-existing internal network.
sw_ref_ltm 1.x No Base All The dictionary that defines the image/template name, flavor/configuration name, availability zone (OpenStack only), and revision number to use for the BIG-IP VE instances. The revision number is used during the upgrade process. Instances with revision values lower than the number of the upgrade image provided, is considered as using an old version of the software.
default_ltm_number 1.x No Base All The default number of BIG-IPs that will get deployed by this blueprint. Verify that the same number of license keys defined in the registration key pool matches this input value.
mgmt_subnet_cidr 1.2 No Base vSphere The network ID and subnet mask for the applicable network; for example, 10.6.149.0/24.
internal_subnet_cidr 1.2 No Base vSphere The network ID and subnet mask for the applicable network; for example, 10.6.149.0/24.
internal_net_sw_dist 1.2 No Base vSphere The vSphere switch distributed flag for internal network. Set to true if your system uses a distributed switch on this network or false if not.
external_net_sw_dist 1.2 No Base vSphere The vSphere switch distributed flag for external network. Set to true if your system uses a distributed switch on this network or false if not.
ctrl_net 1.x Yes Gi-LAN/F and DNS All The name of the control network, where F5 NFV solutions connect to processes such as, your policy and control rules function engine, subscriber service-charging functions, signaling, and other similar processes.
ctrl_subnet 1.x Yes Gi-LAN/F and DNS All The name of the control network subnet.
ctrl_ip_range 1.2 Yes Gi-LAN/F vSphere A list of IP address ranges defined for the control network; for example, 10.30.0.2-10.30.0.100.
ctrl_net_sw_dist 1.2 Yes Gi-LAN/F vSphere The vSphere switch distributed flag for Control network. Set to true if your system uses a distributed switch on this network or false if not.
ctrl_subnet_cidr 1.2 Yes Gi-LAN/F vSphere The network ID and subnet mask for the applicable network; for example, 10.6.149.0/24.
syslog_config 2.0 No ALL (except Base) All

String used for attaching additional BIG-IP VE syslog configuration file that updates the syslog configuration file directly on all BIG-IP VEs (DAGs and VNF/DNS). Example: destination remote_server {tcp(\"172.28.68.42\" port (514));};filter f_alllogs {level (debug...emerg);};log {source(local);filter(f_alllogs);destination(remote_server);};

Caution: ONLY use this parameter with assistance from F5 Technical Support. If you use this parameter incorrectly, you risk proper system functionality. For complete details, see F5 Telemetry Streaming.

Parameter VNFM Version Required Blueprint VIM Description
ha_net 1.x Yes Gi-LAN/F and DNS All The name of the high availability network (for config. sync and network failover purposes).
ha_subnet 1.x Yes Gi-LAN/F and DNS All Name of the high availability network subnet.
ha_ip_range 1.2 Yes Gi-LAN/F vSphere A list of IP ranges defined for the high availability network; for example, 10.40.0.2-10.40.0.100.
ha_net_sw_dist 1.2 Yes Gi-LAN/F vSphere The vSphere switch distributed flag for HA network. Set to true if your system uses a distributed switch on this network or false if not.
ha_subnet_cidr 1.2 Yes Gi-LAN/F vSphere The network ID and subnet mask for the applicable network; for example, 10.6.149.0/24.
centos_image_id (deprecated) 1.0-1.1 Yes Gi-LAN/F OpenStack DEPRECATED in version 1.1.1: The OpenStack ID of the CentOS image to use when creating the monitoring nodes.
nagios_flavor_id (deprecated) 1.0-1.1 Yes Gi-LAN/F OpenStack DEPRECATED in version 1.1.1: The OpenStack ID of the flavor to use when creating the monitoring nodes.
mgmt_default_gw 1.2 Yes Base and Gi-LAN/F vSphere IP address of the default gateway for the Management network.
manager_mgmt_host 1.x Yes Base, DNS and Gi-LAN/F All The internal IP address of the VNF Manager instance.
mgmt_ip_range 1.2 Yes Base and Gi-LAN/F vSphere A list of IP address ranges of the host IP addresses you will use to assign to BIG-IP VEs; for example, 10.50.50.2-10.50.50.100, enabling you to assign 98 addresses. You can also create multiple, smaller IP address groups with that larger range; for example, 10.50.50.2-10.50.50.20 and 10.50.50.21-10.50.50.30, and so forth.
Parameter VNFM Version Required Blueprint VIM Description
mgmt_dns 1.2 Yes Base and Gi-LAN/F vSphere DNS server address used for management network.
bigip_ssh_key 1.2 Yes Base, DNS and Gi-LAN/F vSphere The name of the SSH key that you will import into the BIG-IP VE instances.
bigip_os_ssh_key (deprecated) 1.0-1.1.1 Yes Base and Gi-LAN/F OpenSack DEPRECATED in version 1.2: The name of the OpenStack SSH key that you will import into the BIG-IP VE instances.
big_iq_host 1.x Yes Base, Gi-LAN/F, and DNS All The IP address of the BIG-IQ VE instance that will assign licenses to the BIG-IP VE instances. Find this IP address after deploying the BIG-IQ blueprint in VNF Manager: BIG-IQ Deployments -> Deployment Outputs -> Primary Host value.
big_iq_lic_pool 1.x Yes Base, DNS and Gi-LAN/F All The name of the BIG-IQ key or pool that will be used to assign licenses to the BIG-IP VE instances. Find this value after deploying the BIG-IQ blueprint in VNF Manager: BIG-IQ Deployments -> Deployment Outputs -> big_iq_lic_pool value.
sw_ref_dag 1.x Yes Gi-LAN/F and DNS All

Depending upon your VIM:

  • A dictionary that defines the OpenStack image name, flavor name, and availability zone (version 1.2),and revision to use for the BIG-IP VE disaggregation instances. The revision number is used during the upgrade process. Instances with revision values lower than the number of the upgrade image provided, is considered as using an old version of the software.
  • A dictionary that defines the VMware template name and configuration to use for the BIG-IP VE disaggregation instances.
sw_ref_vnf 1.x Yes Gi-LAN/F and DNS All

Depending upon your VIM:

  • A dictionary that defines the OpenStack image name, flavor name, availability zone (version 1.2), and revision to use for the BIG-IP VE virtual network functions instances. The revision number is used during the upgrade process. Instances with revision values lower than the number of the upgrade image provided, is considered as using an old version of the software.
  • A dictionary that defines the VMware template name, configuration, and revision to use for the BIG-IP VE virtual network functions instances. The revision number is used during the upgrade process. Instances with revision values lower than the number of the upgrade image provided, is considered as using an old version of the software.
sw_ref_nagios 1.1.1 Yes Gi-LAN/F and DNS All

Depending upon your VIM:

  • A dictionary that defines the OpenStack image name, flavor name, availability zone (version 1.2), and revision to use for the Nagios monitoring nodes. The revision number is used during the upgrade process. Instances with revision values lower than the number of the upgrade image provided, is considered as using an old version of the software. If using a connected environment, select the CentOS image name. If using a dark environment, select the prebuilt Nagios image name.
  • A dictionary that defines the VMware template name, configuration, and revision to use for the CentOS monitoring nodes. The revision number is used during the upgrade process. Instances with revision values lower than the number of the upgrade image provided, is considered as using an old version of the software.
security_groups 1.3.0.X No All OpenStack

String value enabling/disabling security groups for ALL solution blueprints, except VNF-BIG-IQ. When set to enable, appropriate security groups are included for the Nagios, DAG, and VNF nodes. However, when set to disable the default Security Group created by OpenStack for every instance is disabled along with all other security groups that may exist.

For VNF-BIG-IQ solution ONLY: For VNFM version 1.4.0 and later, when defining this input for the VNF-BIG-IQ solution ONLY, use 0 to disable security groups or 1 to enable security groups. Default value is 1 - enable.

nagios_pass 1.2 ONLY Yes Gi-LAN/F vSphere DEPRECATED in 1.2.1: Password for the Nagios server.
nagios_user 1.2 ONLY Yes Gi-LAN/F vSphere DEPRECATED in 1.2.1: Username for the Nagios server.
mgmt_sg_name 1.x No Gi-LAN/F and DNS All The name of the pre-existing management security group. Required for versions 1.2.1 and earlier.
pgw_sg_name 1.x No Gi-LAN/F and DNS All The name of the pre-existing packet gateway (PGW) security group. Required for versions 1.2.1 and earlier.
pdn_sg_name 1.x No Gi-LAN/F and DNS All The name of the pre-existing provider data network (PDN) security group. Required for versions 1.2.1 and earlier.
snmp_sg_name 1.x No Gi-LAN/F and DNS All The name of the pre-existing SNMP security group. Required for versions 1.2.1 and earlier.
pgw_net 1.x Yes Gi-LAN/F and DNS All Name of the OpenStack network or the VMware port group.
pgw_subnet 1.x Yes Gi-LAN/F and DNS All The name of the pre-existing PGW sub-network.
pgw_ip_range 1.2.1 Yes Gi-LAN/F vSphere A list of IP address ranges of host IP addresses you will use to assign to BIG-IP VEs; for example, 10.0.0.2-10.0.0.100, enabling you to assign 98 addresses. You can also create multiple, smaller IP address groups with that larger range; for example, 10.0.0.2-10.0.0.20 and 10.0.0.21-10.0.0.30, and so forth.
internal_ip_range 1.3.1 Yes BASE vSphere A list of IP address ranges of host IP addresses you will use to assign to BIG-IP VEs; for example, 10.0.0.2-10.0.0.100, enabling you to assign 98 addresses. You can also create multiple, smaller IP address groups with that larger range; for example, 10.0.0.2-10.0.0.20 and 10.0.0.21-10.0.0.30, and so forth.
pdn_net 1.x Yes Gi-LAN/F All Name of the OpenStack network or the VMware port group.
pdn_subnet 1.x Yes Gi-LAN/F and DNS All The name of the pre-existing PDN network subnet.
pdn_ip_range 1.2.1 Yes Gi-LAN/F vSphere A list of IP address ranges of the host IP addresses you will use to assign to BIG-IP VEs; for example, 10.0.0.2-10.0.0.100, enabling you to assign 98 addresses. You can also create multiple, smaller IP address groups with that larger range; for example, 10.0.0.2-10.0.0.20 and 10.0.0.21-10.0.0.30, and so forth.
external_ip_range 1.3.1 Yes BASE vSphere A list of IP address ranges of the host IP addresses you will use to assign to BIG-IP VEs; for example, 10.0.0.2-10.0.0.100, enabling you to assign 98 addresses. You can also create multiple, smaller IP address groups with that larger range; for example, 10.0.0.2-10.0.0.20 and 10.0.0.21-10.0.0.30, and so forth.
pgw_dag_net 1.x Yes Gi-LAN/F and DNS All Name of the OpenStack network or the VMware port group.
pgw_dag_subnet 1.x Yes Gi-LAN/F and DNS All The name of the pre-existing PGW-DAG network subnet.
pgw_dag_subnet_cidr 1.2 Yes Gi-LAN/F vSphere The network ID and subnet mask for the applicable network; for example, 10.6.149.0/24.
pgw_dag_ip_range 1.2 Yes Gi-LAN/F vSphere A list of IP address ranges of the host IP addresses you will use to assign to BIG-IP VEs; for example, 10.20.0.2-10.20.0.100, enabling you to assign 98 addresses. You can also create multiple, smaller IP address groups with that larger range; for example, 10.20.0.2-10.20.0.20 and 10.20.0.21-10.20.0.30, and so forth.
pgw_dag_net_sw_dist 1.2 Yes Gi-LAN/F vSphere The vSphere switch distributed flag for PGW DAG network. Set to true if your system uses a distributed switch on this network or false if not.
pgw_subnet_cidr 1.2 Yes Gi-LAN/F vSphere The network ID and subnet mask for the applicable network; for example, 10.6.149.0/24.
pdn_dag_net 1.x Yes Gi-LAN/F and DNS All Name of the OpenStack network or the VMware port group.
pdn_dag_subnet 1.x Yes Gi-LAN/F and DNS All The name of the pre-existing PDN-DAG network subnet.
pdn_subnet_cidr 1.2 Yes Gi-LAN/F vSphere The network ID and subnet mask for the applicable network; for example, 10.6.149.0/24.
pdn_dag_ip_range 1.2 Yes Gi-LAN/F vSphere A list of ranges of the host IP addresses you will use to assign to BIG-IP VEs; for example, 10.15.0.2-10.15.0.100, enabling you to assign 98 addresses. You can also create multiple, smaller IP address groups with that larger range; for example, 10.15.0.2-10.15.0.20 and 10.15.0.21-10.15.0.30, and so forth.
pdn_net_sw_dist 1.2 Yes Gi-LAN/F and DNS vSphere The vSphere switch distributed flag for PDN network. Set to true if your system uses a distributed switch on this network or false if not.
pdn_dag_net_sw_dist 1.2 Yes Gi-LAN/F vSphere The vSphere switch distributed flag for PDN DAG network. Set to true if your system uses a distributed switch on this network or false if not.
pdn_dag_subnet_cidr 1.2 Yes Gi-LAN/F vSphere The network ID and subnet mask for the applicable network; for example, 10.6.149.0/24.
agent_user 1.2 Yes Gi-LAN/F and DNS vSphere The user for the client agents.
Parameter VNFM Version Required Blueprint VIM Description
ctrl_sg_name 1.x No Gi-LAN/F and DNS All The name of the pre-existing control security group. Required for versions 1.2.1 and earlier.
max_scale_dag_group 1.x Yes Gi-LAN/F and DNS All The maximum number of layers to which the DAG group will scale.
max_scale_vnf_group 1.x Yes Gi-LAN/F and DNS All The maximum number of layers to which the VNF group will scale.
max_heal_vnfd_dag_ve 1.x Yes Gi-LAN/F and DNS All Maximum number of times a DAG VE will heal before it stops trying and shows an error.
max_heal_vnf_layer 1.x Yes Gi-LAN/F and DNS All Maximum number of times a layer will heal before it stops trying and returns an error.
max_heal_vnf_slave_ve 1.x Yes Gi-LAN/F and DNS All Maximum number of times a slave VE will heal before it stops trying and returns an error.
vnf_layer_cpu_threshold 1.x Yes Gi-LAN/F and DNS All Maximum number of times a slave VE will heal before it stops trying and returns an error.
vnf_layer_cpu_threshold_check_interval 1.x Yes Gi-LAN/F and DNS All Interval between checks, in minutes.
vnf_group_throughput_check_interval 1.x Yes Gi-LAN/F and DNS All Interval between checks, in minutes.
vnf_group_throughput 1.x Yes Gi-LAN/F and DNS All The desired aggregate throughput (Gigabits In Out) for every layer in the group. Example values: 5 for 5 gig, 0 for 10 gig, 0.5 for 500mb.
vnf_group_throughput_threshold 1.x Yes Gi-LAN/F and DNS All New layer is added to group when the percentage of average aggregate layer throughput exceeds this value (for example, 75).
dag_group_cpu_threshold 1.x Yes Gi-LAN/F and DNS All New instance is added to group when the percentage of average aggregate Global TMM CPU usage of all DAG group instances exceeds this value (for example, 75).
dag_group_cpu_threshold_check_interval 1.x Yes Gi-LAN/F and DNS All Interval between checks, in minutes.
vnic_binding_type 1.3.1 Yes Gi-LAN/F OpenStack A dictionary used to support single root input/output virtualization (SR-IOV). Use the port binding input to specify the binding type of ports. Default value is set to “normal”. Possible binding type values include: normal, macvtap, direct, baremetal, direct-physical, virtio-forwarder, and smart-nic. Be aware that F5 has tested only “normal” and “direct” binding types and recommends setting an SR-IOV enabled port to “direct”. For example,
datacenter 2.0 No All All String value used in a multi-VIM configuration, defining the target data center for this deployment, and identifying the group of secrets to use in a multi-VIM configuration (for example, datacenter_southwest-region).
vnf_as3_nsd_payload 1.x Yes Gi-LAN/F All

The F5 AS3 Declaration, in YAML format, that defines the service configuration of the VNF instances. Important: You will edit this declaration as appropriate for your solution; however, the VLAN names used in the allowVlans property for each service MUST correspond to the values of the pgw_dag_net (for outbound traffic) and pdn_dag_net inputs (for inbound traffic).

For VNFM version 1.3 and later in an OpenStack VIM, if you want to enable your Gi LAN or Firewall blueprint with integrated CGNAT capabilities, you MUST define the AS3 declaration section in the OpenStack inputs files, and the following vnf_as3_nsd_payload definitions, using the following values:

  • trafficGroup – Set as /Common/traffic-group-local-only for serviceAddress
  • routeAdvertisement – Set as true for natSourceTranslation

For a sample AS3 declaration, see the supported inputs files in the VNFM public GitHub repository.

Parameter VNFM Version Required Blueprint VIM Description
telemetry_nsd_payload 2.0 No All (not BASE) All

A dictionary used for F5 Telemetry Streaming declaration (JSON format) that defines the service configuration of the VNF instances. Example:

destination remote_server {tcp(\"172.28.68.42\" port (514));};filter f_alllogs {level (debug...emerg);};log {source(local);filter(f_alllogs);destination(remote_server);};