Last updated on: 2023-08-29 10:06:08.

Blueprint inputs reference guide¶

The following tables list the supported inputs used with F5® VNF Manager blueprint solutions. The tables describe the inputs, which blueprints use them, and in which version of VNF Manager the inputs were introduced (added). See the VNFM public GitHub repository.

Common VNFM inputs¶

Parameter	VNFM Version added	Required	Blueprint	VIM	Description
big_iq_pool_license	1.2.1	Yes	BIG-IQ and Gi-LAN/F	All	The base registration key code provided by F5 Networks after Purchase. Used to create RegKey Pool on the F5 BIG-IP system. You received this key in email from F5 Networks after purchase.
big_iq_primary_host_license	1.2.1-2.0.3	Yes	BIG-IQ and Gi-LAN/F	All	Base registration key used to license the primary BIG-IQ v6.0.1 ONLY system of an HA-pair. You received this key in email from F5 Networks after purchase. DEPRECATED in VNFM version 3.0, if using BIG-IQ v8.2.
big_iq_secondary_host_license	1.2.1-2.0.3	Yes	BIG-IQ	All	Base registration key used to license the secondary BIG-IQ v6.0.1 ONLY system of an HA-pair. You received this key in email from F5 Networks after purchase. DEPRECATED in VNFM version 3.0, if using BIG-IQ v8.2.
additional_commands	2.0.1	No	All	All	Add a list of tmsh/bash commands used to configure blueprint solutions beyond the F5® BIG-IP® Application Services 3 Extension (AS3) and REST capabilities. These commands will execute AFTER the AS3 declaration, during deployment installation in an NSD node. Find the command results in the deployment logs. Default value is empty []. Example list includes: - echo `date` F5 Virtual Network Functions Manager (VNFM) > /config/vnfm_command - cat vnfm_command - tmsh show sys soft > /config/bigip_software - cat bigip_software You can add running tmsh/bash command capabilities to existing deployments by executing the Update Declaration workflow on an NSD deployment type, set the type to CLI, and then add the list of commands using JSON or YAML in the payload text box; for example: ["self_ip_control_net=$(tmsh list net self control_net_self address \| grep address \| awk -F' ' '{print $2}'\|awk -F'/' '{print $1}') && echo Self ip of control_net interface is $self_ip_control_net"] For a workflow example, see the Add tmsh/bash commands to existing deployments topic.

Parameter	VNFM Version	Required	Blueprint	VIM	Description
big_iq_passphrase	1.2.1	Yes	BIG-IQ	All	The passphrase value that BIG-IQ uses to generate a Master Key (minimum of 16-characters, 1 or more capital letters 1 or more lowercase letters, 1 or more numbers, and 1 or more special characters). BIG-IQ REQUIRES a policy-compliant password. See knowledge article K49507549 for complete details.
big_iq_pool_name	1.2.1	Yes	BIG-IQ	All	The name of the RegKey Pool that is created on the BIG-IQ system and used for the VNFM.
default_sg_name	1.2.1	No	BIG-IQ	OpenStack	The name of the pre-existing default security group. This is created by OpenStack with every instance. Required for versions 1.2.1 and earlier.
key_name	1.2.1	Yes	BIG-IQ	OpenStack	The name of the local, private SSH key used for connecting to BIG-IQ.
sw_ref_bigiq	1.2.1	Yes	BIG-IQ	All	The dictionary that defines the BIG-IQ image name, flavor name, availability zone (OpenStack only), and revision value to use for the BIG-IQ HA pair instance. The revision number is used during the upgrade process. Instances with revision values lower than the number of the upgrade image provided, is considered as using an old version of the software.
floating_network_id	1.x	Yes	BIG-IQ, Gi-LAN/F, CGNAT-O, DNS	OpenStack	The OpenStack ID of the external network where you assigned a floating IP addresses (for example, external_net). IMPORTANT: This value is optional for VNFM version 1.3 and later and the default value is empty. This input is required for VNFM versions 1.2.1 and earlier.
mgmt_net	1.x	Yes	All	All	The name of the pre-existing management OpenStack network or VMware port group, connecting the BIG-IQ licensing utility, VNFM, and related blueprints that orchestrate BIG-IP VE service layers.
mgmt_net_sw_dist	1.2.1	Yes	BIG-IQ, CGNAT-O	vSphere	The vSphere setting (true/false) of the switch distributed flag for the management network.
mgmt_subnet	1.x	Yes	All	OpenStack	The name of the pre-existing management network subnet. OpenStack: Find in Project -> Network -> Networks -> mgmt
ntp_server	1.x	Yes	All	All	The IP address or DNS name of the NTP server, including specifying your local VNFM IP if VNFM will act as the NTP server. Tip: F5 recommends using a local NTP server on a device connected to the MGMT network, or configuring the NTP on your VNFM.
timezone	1.1.x	No	All	All	Enter the local timezone for the location of your BIG-IP application server; for example, Pacific/Pago_Pago. Default value is UTC. For acceptable values, consult the TZ database name in this list.
default_gateway	1.x	Yes	Base, Gi-LAN/F, CGNAT-O, DNS	All	The next hop IP address for outbound traffic egressing (EGW) the VNF. OpenStack: Find in Compute -> Instances -> egw_router name
ric_purchasing_model	1.1.x	Yes	Gi-LAN/F, CGNAT-O, DNS	All	The purchasing model for licensing (options include: subscription or perpetual).
ric_vnfm_serial	1.1.x	Yes	Gi-LAN/F, CGNAT-O, DNS	All	The VNFM license key provided in your email receipt from F5.
ric_throughput (deprecated)	1.0 - 1.1.1	Yes	Gi-LAN/F	OpenStack	DEPRECATED in version 1.2: Desired throughput for the VNF layer, in Gbps (options include: 5, 10, 50 Gbps).
auto_last_hop	1.x	Yes	Gi-LAN/F, CGNAT-O, DNS	All	Controls how the DAG receives return traffic from the Internet. Enable this input, if you are using an F5 device to NAT outbound connections; otherwise, disable.
bgp_dag_pgw_peer_ip	1.x	No	Gi-LAN/F and DNS	All	If your environment uses Border Gateway Protocol (BGP) on the client-side, then enter the IPv4 or IPv6 address of the DAG BGP peer/neighbor on the provider gateway to which the DAG BIG-IPs will advertise their default routes. OpenStack: Find in Compute -> Instances -> pgw_router name.
bgp_vnf_pgw_peer_ip	1.x	No	Gi-LAN/F, DNS, and CGNAT-O	All	If using BGP on the client-side, then enter the neighbor IPv4 or IPv6 address of the VNF BGP, enabling the VNF to send traffic directly back to the client without passing it back through the DAG. For CGNAT-Offering deployments BGP on the client-side, enter the neighbor address of the PGW to which the CGNAT VE BIG-IPs will advertise their default routes. OpenStack: Find in Compute -> Instances -> pgw_router name
bgp_pgw_peer_as	1.x	No	Gi-LAN/F and CGNAT-O, DNS	All	If using BGP on the client-side, then enter the BGP autonomous system number (ASN) of the provider gateway for the BGP neighbor (integer type).
bgp_dag_egw_peer_ip	1.x	No	Gi-LAN/F and DNS	All	If using BGP on the external-side, then enter the IPv4 or IPv6 address of the DAG BGP peer/neighbor on the external gateway. Example: 192.168.3.1. OpenStack: Find in Compute -> Instances -> egw_router name.
bgp_egw_peer_as	1.x	No	Gi-LAN/F, CGNAT-O, DNS	All	If using BGP on the external-side, then enter the BGP autonomous system number (ASN) of the external gateway (integer type).
external_net	1.x	No	Base	All	The name of the pre-existing external network that connects to your users.
external_sg_name	1.x	No	Base	All	The name of the pre-existing external security group.
external_subnet	1.x	No	Base	All	The subnet name for the pre-existing external network.
external_subnet_cidr	1.2	No	Base	vSphere	The network ID and subnet mask for the applicable network; for example, 10.6.149.0/24.
internal_net	1.x	No	Base	All	The name of the pre-existing internal network that connects to your servers.
internal_sg_name	1.x	No	Base	All	The name of the pre-existing internal security group.
internal_subnet	1.x	No	Base	All	The subnet name for the pre-existing internal network.
sw_ref_ltm	1.x	No	Base	All	The dictionary that defines the image/template name, flavor/configuration name, availability zone (OpenStack only), and revision number to use for the BIG-IP VE instances. The revision number is used during the upgrade process. Instances with revision values lower than the number of the upgrade image provided, is considered as using an old version of the software.
default_ltm_number	1.x	No	Base	All	The default number of BIG-IPs that will get deployed by this blueprint. Verify that the same number of license keys defined in the registration key pool matches this input value.
mgmt_subnet_cidr	1.2	No	Base, CGNAT-O	vSphere	The network ID and subnet mask for the applicable (management) network; for example, 10.6.149.0/24.
internal_subnet_cidr	1.2	No	Base	vSphere	The network ID and subnet mask for the applicable network; for example, 10.6.149.0/24.
internal_net_sw_dist	1.2	No	Base	vSphere	The vSphere switch distributed flag for internal network. Set to true if your system uses a distributed switch on this network or false if not.
external_net_sw_dist	1.2	No	Base	vSphere	The vSphere switch distributed flag for external network. Set to true if your system uses a distributed switch on this network or false if not.
ctrl_net	1.x	Yes	Gi-LAN/F, CGNAT-O, DNS	All	The name of the control network, where F5 NFV solutions connect to processes such as, your policy and control rules function engine, subscriber service-charging functions, signaling, and other similar processes. OpenStack: Find in Project -> Network -> Networks -> control
ctrl_subnet	1.x	Yes	Gi-LAN/F, CGNAT-O, DNS	OpenStack	The name of the control network subnet. OpenStack: Find in Project -> Network -> Networks -> control_subnet
ctrl_ip_range	1.2	Yes	Gi-LAN/F, CGNAT-O	vSphere	List of IP address ranges to use when assigning addresses to VMs in the specified (control) network; for example, 10.30.0.2-10.30.0.100.
ctrl_net_sw_dist	1.2	Yes	Gi-LAN/F, CGNAT-O	vSphere	The vSphere switch distributed flag for Control network. Set to true if your system uses a distributed switch on this network or false if not.
ctrl_subnet_cidr	1.2	Yes	Gi-LAN/F, CGNAT-O	vSphere	The network ID and subnet mask for the applicable network; for example, 10.6.149.0/24.
syslog_config	2.0	No	ALL (except Base)	All	String used for attaching additional BIG-IP VE syslog configuration file that updates the syslog configuration file directly on all BIG-IP VEs (DAGs and VNF/DNS). Example: `destination remote_server {tcp(\"172.28.68.42\" port (514));};filter f_alllogs {level (debug...emerg);};log {source(local);filter(f_alllogs);destination(remote_server);};` Caution: ONLY use this parameter with assistance from F5 Technical Support. If you use this parameter incorrectly, you risk proper system functionality. For complete details, consult the F5® BIG-IP® Telemetry Streaming topic.

Parameter	VNFM Version	Required	Blueprint	VIM	Description
ha_net	1.x	Yes	Gi-LAN/F and DNS	All	The name of the high availability network (for config. sync and network failover purposes). OpenStack: Find in Project -> Network -> Networks -> ha
ha_subnet	1.x	Yes	Gi-LAN/F and DNS	All	Name of the high availability network subnet. OpenStack: Find in Project -> Network -> Networks -> ha
ha_ip_range	1.2	Yes	Gi-LAN/F	vSphere	A list of IP address ranges to use when assigning addresses for the specified (high availability) network; for example, 10.40.0.2-10.40.0.100.
ha_net_sw_dist	1.2	Yes	Gi-LAN/F	vSphere	The vSphere switch distributed flag for HA network. Set to true if your system uses a distributed switch on this network or false if not.
ha_subnet_cidr	1.2	Yes	Gi-LAN/F	vSphere	The network ID and subnet mask for the applicable network; for example, 10.6.149.0/24.
centos_image_id (deprecated)	1.0-1.1	Yes	Gi-LAN/F	OpenStack	DEPRECATED in version 1.1.1: The OpenStack ID of the CentOS image to use when creating the monitoring nodes.
nagios_flavor_id (deprecated)	1.0-1.1	Yes	Gi-LAN/F	OpenStack	DEPRECATED in version 1.1.1: The OpenStack ID of the flavor to use when creating the monitoring nodes.
mgmt_default_gw	1.2	Yes	Base, Gi-LAN/F, CGNAT-O	vSphere	IP address of the default gateway for the Management network.
manager_mgmt_host	1.x	Yes	Base, DNS Gi-LAN/F, CGNAT-O	All	The internal IP address of the VNF Manager instance. OpenStack: Find in Project -> Compute -> Instances -> [instance name]
mgmt_ip_range	1.2	Yes	Base, CGNAT-O Gi-LAN/F	vSphere	A list of IP address ranges of the host IP addresses you will use to assign to BIG-IP VEs in the specified network; for example, 10.50.50.2-10.50.50.100, enabling you to assign 98 addresses. You can also create multiple, smaller IP address groups with that larger range; for example, 10.50.50.2-10.50.50.20 and 10.50.50.21-10.50.50.30, and so forth.

Parameter	VNFM Version	Required	Blueprint	VIM	Description
mgmt_dns	1.2	Yes	Base, Gi-LAN/F, CGNAT-O	vSphere	DNS server address used for management network.
bigip_ssh_key	1.2	Yes	Base, DNS, CGNAT-O, Gi-LAN/F	All	The name of the SSH key that you will import into the BIG-IP VE instances. OpenStack: Find in Project -> Compute -> Access & Security -> Key Pairs -> [key name]. MUST contain a string value, and NOT be left with the null (“”) default value.
bigip_os_ssh_key (deprecated)	1.0-1.1.1	Yes	Base and Gi-LAN/F	OpenSack	DEPRECATED in version 1.2: The name of the OpenStack SSH key that you will import into the BIG-IP VE instances.
big_iq_host	1.x	Yes	Base, Gi-LAN/F, CGNAT-O, DNS	All	The IP address of the BIG-IQ VE instance that will assign licenses to the BIG-IP VE instances. Find this IP address after deploying the BIG-IQ blueprint in VNF Manager: BIG-IQ Deployments -> Deployment Outputs -> Primary Host value. OpenStack: Find in Project -> Compute -> Instances -> [instance name]
big_iq_lic_pool	1.x	Yes	Gi-LAN/F, Base, DNS, CGNAT-O	All	The name of the BIG-IQ key or pool that will be used to assign licenses to the BIG-IP VE instances. Find this value after deploying the BIG-IQ blueprint in VNF Manager: BIG-IQ Deployments -> Deployment Outputs -> big_iq_lic_pool value.
sw_ref_dag	1.x	Yes	Gi-LAN/F and DNS	All	Depending upon your VIM: A JSON dictionary that defines the OpenStack image name, flavor name, and availability zone (version 1.2),and revision to use for the BIG-IP VE disaggregation instances. The revision number is used during the upgrade process. Instances with revision values lower than the number of the upgrade image provided, is considered as using an old version of the software. A JSON dictionary that defines the VMware template name and configuration to use for the BIG-IP VE disaggregation instances.
sw_ref_vnf	1.x	Yes	Gi-LAN/F, CGNAT-O, DNS	All	Depending upon your VIM: A JSON dictionary that defines the OpenStack image name, flavor name, availability zone (version 1.2), and revision to use for the BIG-IP VE virtual network functions instances. The revision number is used during the upgrade process. Instances with revision values lower than the number of the upgrade image provided, is considered as using an old version of the software. A JSON dictionary that defines the VMware template name, configuration, and revision to use for the BIG-IP VE virtual network functions instances. The revision number is used during the upgrade process. Instances with revision values lower than the number of the upgrade image provided, is considered as using an old version of the software.
sw_ref_nagios	1.1.1	Yes	Gi-LAN/F, CGNAT-O, DNS	All	Depending upon your VIM: A JSON dictionary that defines the OpenStack image name, flavor name, availability zone (version 1.2), and revision to use for the Nagios monitoring nodes. The revision number is used during the upgrade process. Instances with revision values lower than the number of the upgrade image provided, is considered as using an old version of the software. If using a connected environment, select the CentOS image name. If using a dark environment, select the prebuilt Nagios image name. A JSON dictionary that defines the VMware template name, configuration, and revision to use for the CentOS monitoring nodes. The revision number is used during the upgrade process. Instances with revision values lower than the number of the upgrade image provided, is considered as using an old version of the software.
security_groups	1.3.0.X	No	All	OpenStack	String value enabling/disabling security groups for ALL solution blueprints, except VNF-BIG-IQ. When set to enable, appropriate security groups are included for the Nagios, DAG, and VNF nodes. However, when set to disable the `default` Security Group created by OpenStack for every instance is disabled along with all other security groups that may exist. For VNF-BIG-IQ solution ONLY: For VNFM version 1.4.0 and later, when defining this input for the VNF-BIG-IQ solution ONLY, use 0 to disable security groups or 1 to enable security groups. Default value is 1 - enable.
nagios_pass	1.2 ONLY	Yes	Gi-LAN/F	vSphere	DEPRECATED in 1.2.1: Password for the Nagios server.
nagios_user	1.2 ONLY	Yes	Gi-LAN/F	vSphere	DEPRECATED in 1.2.1: Username for the Nagios server.
mgmt_sg_name	1.x	No	Gi-LAN/F, CGNAT-O, DNS	OpenStack	The name of the pre-existing management security group. Required for versions 1.2.1 and earlier. OpenStack: Find in Project -> Compute -> Access & Security -> Security Groups -> mgmt_sg
pgw_sg_name	1.x	No	Gi-LAN/F, CGNAT-O, DNS	OpenStack	The name of the pre-existing packet gateway (PGW) security group. Required for versions 1.2.1 and earlier. OpenStack: Find in Project -> Compute -> Access & Security -> Security Groups -> pgw_sg
pdn_sg_name	1.x	No	Gi-LAN/F, CGNAT-O, DNS	OpenStack	The name of the pre-existing provider data network (PDN) security group. Required for versions 1.2.1 and earlier. OpenStack: Find in Project -> Compute -> Access & Security -> Security Groups -> pdn_sg
snmp_sg_name	1.x	No	Gi-LAN/F, CGNAT-O, DNS	OpenStack	The name of the pre-existing SNMP security group. Required for versions 1.2.1 and earlier. OpenStack: Find in Project -> Compute -> Access & Security -> Security Groups -> snmp_sg
pgw_net	1.x	Yes	Gi-LAN/F, CGNAT-O, DNS	All	Name of the pre-existing PGW OpenStack network or the VMware port group. OpenStack: Find in Project -> Network -> Networks -> pgw
pgw_net_sw_dist	1.x	Yes	Gi-LAN/F, CGNAT-O, DNS	vSphere	The vSphere switch distributed flag for PGW DAG network. Set to true if your system uses a distributed switch on this network or false if not.
pgw_subnet	1.x	Yes	Gi-LAN/F, CGNAT-O, DNS	OpenStack	The name of the pre-existing PGW sub-network. OpenStack: Find in Project -> Network -> Networks -> pgw
pgw_ip_range	1.2.1	Yes	Gi-LAN/F, CGNAT-O	vSphere	A list of IP address ranges of host IP addresses you will use to assign to BIG-IP VEs in the specified network; for example, 10.0.0.2-10.0.0.100, enabling you to assign 98 addresses. You can also create multiple, smaller IP address groups with that larger range; for example, 10.0.0.2-10.0.0.20 and 10.0.0.21-10.0.0.30, and so forth.
internal_ip_range	1.3.1	Yes	BASE	vSphere	A list of IP address ranges of host IP addresses you will use to assign to BIG-IP VEs in the specified network; for example, 10.0.0.2-10.0.0.100, enabling you to assign 98 addresses. You can also create multiple, smaller IP address groups with that larger range; for example, 10.0.0.2-10.0.0.20 and 10.0.0.21-10.0.0.30, and so forth.
pdn_net	1.x	Yes	Gi-LAN/F, CGNAT-O	All	Name of the pre-existing PDN OpenStack network or the VMware port group. OpenStack: Find in Project -> Network -> Networks -> pdn
pdn_subnet	1.x	Yes	Gi-LAN/F, CGNAT-O, DNS	OpenStack	The name of the pre-existing PDN network subnet. OpenStack: Find in Project -> Network -> Networks -> pdn
pdn_ip_range	1.2.1	Yes	Gi-LAN/F, CGNAT-O	vSphere	A list of IP address ranges of the host IP addresses you will use to assign to BIG-IP VEs in the specified network; for example, 10.0.0.2-10.0.0.100, enabling you to assign 98 addresses. You can also create multiple, smaller IP address groups with that larger range; for example, 10.0.0.2-10.0.0.20 and 10.0.0.21-10.0.0.30, and so forth.
external_ip_range	1.3.1	Yes	BASE	vSphere	A list of IP address ranges of the host IP addresses you will use to assign to BIG-IP VEs in the specified network; for example, 10.0.0.2-10.0.0.100, enabling you to assign 98 addresses. You can also create multiple, smaller IP address groups with that larger range; for example, 10.0.0.2-10.0.0.20 and 10.0.0.21-10.0.0.30, and so forth.
pgw_dag_net	1.x	Yes	Gi-LAN/F and DNS	All	Name of the pre-existing PGW-DAG (VNF ingress) OpenStack network or the VMware port group. OpenStack: Find in Project -> Network -> Networks -> pgw_dag_net
pgw_dag_subnet	1.x	Yes	Gi-LAN/F and DNS	All	The name of the pre-existing PGW-DAG network subnet. OpenStack: Find in Project -> Network -> Networks -> pgw_dag_net
pgw_dag_subnet_cidr	1.2	Yes	Gi-LAN/F	vSphere	The network ID and subnet mask for the applicable network; for example, 10.6.149.0/24.
pgw_dag_ip_range	1.2	Yes	Gi-LAN/F	vSphere	A list of IP address ranges of the host IP addresses you will use to assign to BIG-IP VEs in the specified network; for example, 10.20.0.2-10.20.0.100, enabling you to assign 98 addresses. You can also create multiple, smaller IP address groups with that larger range; for example, 10.20.0.2-10.20.0.20 and 10.20.0.21-10.20.0.30, and so forth.
pgw_dag_net_sw_dist	1.2	Yes	Gi-LAN/F	vSphere	The vSphere switch distributed flag for PGW DAG network. Set to true if your system uses a distributed switch on this network or false if not.
pgw_subnet_cidr	1.2	Yes	Gi-LAN/F, CGNAT-O	vSphere	The network ID and subnet mask for the applicable network; for example, 10.6.149.0/24.
pdn_dag_net	1.x	Yes	Gi-LAN/F and DNS	All	Name of the pre-existing PDN-DAG (VNF egress) OpenStack network or the VMware port group. OpenStack: Find in Project -> Network -> Networks -> pdn_dag_net
pdn_dag_subnet	1.x	Yes	Gi-LAN/F and DNS	All	The name of the pre-existing PDN-DAG network subnet. OpenStack: Find in Project -> Network -> Networks -> pdn_dag_net
pdn_subnet_cidr	1.2	Yes	Gi-LAN/F, CGNAT-O	vSphere	The network ID and subnet mask for the applicable network; for example, 10.6.149.0/24.
pdn_dag_ip_range	1.2	Yes	Gi-LAN/F	vSphere	A list of ranges of the host IP addresses you will use to assign to BIG-IP VEs in the specified network; for example, 10.15.0.2-10.15.0.100, enabling you to assign 98 addresses. You can also create multiple, smaller IP address groups with that larger range; for example, 10.15.0.2-10.15.0.20 and 10.15.0.21-10.15.0.30, and so forth.
pdn_net_sw_dist	1.2	Yes	Gi-LAN/F and DNS	vSphere	The vSphere switch distributed flag for PDN network. Set to true if your system uses a distributed switch on this network or false if not.
pdn_dag_net_sw_dist	1.2	Yes	Gi-LAN/F	vSphere	The vSphere switch distributed flag for PDN DAG network. Set to true if your system uses a distributed switch on this network or false if not.
pdn_dag_subnet_cidr	1.2	Yes	Gi-LAN/F	vSphere	The network ID and subnet mask for the applicable network; for example, 10.6.149.0/24.
agent_user	1.2	Yes	Gi-LAN/F, CGNAT-O, DNS	vSphere	The user for the client agents. Default value is, centos.

Parameter	VNFM Version	Required	Blueprint	VIM	Description
ctrl_sg_name	1.x	No	Gi-LAN/F, CGNAT-O, DNS	OpenStack	The name of the pre-existing control security group. Required for versions 1.2.1 and earlier. OpenStack: Find in Project -> Compute -> Access & Security -> Security Groups -> control_sg
max_scale_dag_group	1.x	Yes	Gi-LAN/F and DNS	All	The maximum number (integer type) of layers to which the DAG group will scale (for example, 10).
max_scale_vnf_group	1.x	Yes	Gi-LAN/F CGNAT-O, DNS	All	The maximum number (integer type) of layers to which the VNF group will scale (for example, 10).
max_heal_vnfd_dag_ve	1.x	Yes	Gi-LAN/F and DNS	All	Maximum number (integer type) of times a DAG VE will heal before it stops trying and shows an error (for example, 10).
max_heal_vnf_layer	1.x	Yes	Gi-LAN/F, CGNAT-O, DNS	All	Maximum number (integer type) of times a layer will heal before it stops trying and returns an error (for example, 10).
max_heal_vnf_slave_ve	1.x	Yes	Gi-LAN/F CGNAT-O, DNS	All	Maximum number (integer type) of times a worker (follower/replica) VE will heal before it stops trying and returns an error (for example, 10).
vnf_layer_cpu_threshold	1.x	Yes	Gi-LAN/F, CGNAT-O, DNS	All	New instance is added to layer when percentage of average aggregate Global TMM CPU Usage of all layer instances exceeds this value (for example integer type, 85).
vnf_layer_cpu_threshold_check_interval	1.x	Yes	Gi-LAN/F, CGNAT-O, DNS	All	Interval between checks, in minutes (for example integer type, 1).
active_deployment_id	1.x	Yes	DNS/SEC	All	The Gi-LAN deployment ID (string value) to which you want to attach DNS. Default value is null (“”). If you have already deployed a Gi-LAN or Gi-Firewall blueprint, reuse the DAG Group ID of the Gi-LAN/F DAG Group. Otherwise, leave null so the blueprint can create its own DAG group.
vnf_group_throughput_check_interval	1.x	Yes	Gi-LAN/F, CGNAT-O, DNS	All	Interval between checks, in minutes (integer type).
vnf_group_throughput	1.x	Yes	Gi-LAN/F, CGNAT-O, DNS	All	The desired aggregate throughput (Gigabits In/Out) for every layer in the group. Example values: 5 for 5GB, 10 for 10GB, 50 for 50GB. Integer type.
vnf_group_throughput_threshold	1.x	Yes	Gi-LAN/F, CGNAT-O, DNS	All	New layer is added to group when the percentage of average aggregate layer throughput exceeds this value (for example, when the aggregate layer reaches 75%, a new layer is added). Integer type.
dag_group_cpu_threshold	1.x	Yes	Gi-LAN/F and DNS	All	New instance is added to group when the percentage of average aggregate Global TMM CPU usage of all DAG group instances exceeds this value (for example, when the TMM CPU usage reaches 75% (integer type), a new instance is added).
dag_group_cpu_threshold_check_interval	1.x	Yes	Gi-LAN/F and DNS	All	Interval (integer type) between checks, in minutes (for example, 1).
vnic_binding_type	1.3.1	Yes	Gi-LAN/F, CGNAT-O	OpenStack	A dictionary used to support single root input/output virtualization (SR-IOV). Use the port binding input to specify the binding type of ports to create on each subnet. Default value is set to “normal”. Possible binding type values include: normal, macvtap, direct, baremetal, direct-physical, virtio-forwarder, smart-nic, and other possible values found on the OpenStack instance. Be aware that F5 has tested only “normal” and “direct” binding types and recommends setting an SR-IOV enabled port to “direct”.
datacenter	2.0	No	All	All	String value used in a multi-VIM configuration, defining the target data center for this deployment, and identifying the group of secrets to use in a multi-VIM configuration (for example, `datacenter_southwest-region`).
vnf_as3_nsd_payload	1.x	Yes	Gi-LAN/F, CGNAT-O	All	The F5® BIG-IP® Application Services 3 Extension (AS3), in YAML format (VNFM will converted to JSON), that defines the service configuration of the VNF instances. Important: You will edit this declaration as appropriate for your solution; however, the VLAN names used in the `allowVlans` property for each service MUST correspond to the values of the `pgw_dag_net` (for outbound traffic) and `pdn_dag_net` inputs (for inbound traffic). Do NOT leave this dictionary undefined/null. For VNFM version 1.3 and later in an OpenStack VIM, if you want to enable your Gi LAN or Firewall blueprint with integrated CGNAT capabilities, you MUST define the AS3 declaration section in the OpenStack inputs files, and the following vnf_as3_nsd_payload definitions, using the following values: `trafficGroup` – Set as /Common/traffic-group-local-only for serviceAddress `routeAdvertisement` – Set as true for natSourceTranslation For a sample AS3 declaration, consult the supported inputs files in the VNFM public GitHub repository.

Parameter VNFM Version Required Blueprint VIM Description

telemetry_nsd_payload

2.0

All (not BASE)

All

Parameter	VNFM Version	Required	Blueprint	VIM	Description
telemetry_nsd_payload	2.0	No	All (not BASE)	All	A dictionary used for F5® BIG-IP® Telemetry Streaming declaration (JSON format) that defines the service configuration of the VNF instances. Example: `destination remote_server {tcp(\"172.28.68.42\" port (514));};filter f_alllogs {level (debug...emerg);};log` `{source(local);filter(f_alllogs);destination(remote_server);};`

A dictionary used for F5® BIG-IP® Telemetry Streaming declaration (JSON format) that defines the service configuration of the VNF instances. Example:

destination remote_server {tcp(\"172.28.68.42\" port (514));};filter f_alllogs {level (debug...emerg);};log {source(local);filter(f_alllogs);destination(remote_server);};

CGNAT-related inputs¶

Parameter	VNFM Version	Required	Blueprint	VIM	Description
starting_ip_number	1.3.X	Yes	Gi-LAN/F, CGNAT-O	All	Used for enabling CGNAT. Enter the number (integer type) of IP addresses initially assigned to each CGNAT VE, when instantiated. Default value is 8. The value is dependent upon your system needs, and you can configure them as large as CIDR blocks with an 8-bit prefix.
increment_ip_number	1.3.X	Yes	Gi-LAN/F, DNS, and CGNAT-O	All	Used for enabling CGNAT. Enter the number (integer type) of IP addresses to add during the Increment IPs workflow. Default value is 2. The value is dependent upon your system needs, and you can configure them as large as CIDR blocks with an 8-bit prefix.
cgnat_resource_id	1.3.X	Yes	Gi-LAN/F and CGNAT-O	All	Used for enabling CGNAT. Enter the reference to a NAT source translation pool that you want VNFM to manage and that you defined in your F5® BIG-IP® Application Services 3 Extension (AS3). This is a pointer to the IP pool that you want VNFM to manage; for example, `/Sample_22/A1/natSourceTranslation/addresses`. Note: The addresses value cannot be blank; therefore, the default value is a random IP address that is replaced during installation with the value defined in the `cgnat_ip_ranges` input. For more information, review this short video tip.
cgnat_ip_ranges	1.3.X	Yes	Gi-LAN/F and CGNAT-O	All	Used for enabling CGNAT. Enter a list of two IP address ranges separated by a dash for each address list. For example, ‘192.168.1.100-192.168.1.150’ and ‘192.168.1.155-192.168.1.160’.
bgp_vnf_egw_peer_ip	2.0	No	CGNAT-O	All	If your environment uses Border Gateway Protocol (BGP) on the server-side, then enter the IPv4 address of the neighboring EGW peer on the external gateway to which the CGNAT VE BIG-IPs will advertise their default routes.
cgnat_ve_default_instances	2.0	No	CGNAT-O	All	The number (must be greater than 0) of CGNAT VE instances to be created during deployment installation. Default value is 1.
vnf_layer_throughput	2.0	No	CGNAT-O	All	The desired aggregate throughput (in Gigabits In / Out) for a layer in the group (for example, values can include 5 for 5GB, 10 for 10GB, 50 for 50GB).
vnf_layer_throughput_check_interval	2.0	No	CGNAT-O	All	Interval between checks (in minutes).
vnf_layer_throughput_threshold	2.0	No	CGNAT-O	All	New instance is added to the layer when the percentage of average aggregate layer throughput exceeds this threshold value (for example, when the aggregate layer reaches 75%, a new instance is added). Integer type.
mgmt_net_dist_int	4.0.X	Yes	CGNAT-O		Distributed interface flag for Management network.
pdn_net_dist_int	4.0.X	Yes	CGNAT-O		Distributed interface flag for PDN network.
ctrl_net_dist_int	4.0.X	Yes	CGNAT-O		Distributed interface flag for Control network.
gw_id	4.0.X	Yes	CGNAT-O		Edge gateway ID for routed networks.
mgmt_net_mtu	4.0.X	Yes	CGNAT-O		MTU of the specified (Management) network.
pdn_net_mtu	4.0.X	Yes	CGNAT-O		MTU of the specified (PDN) network.
ctrl_net_mtu	4.0.X	Yes	CGNAT-O		MTU of the specified (Control) network.
mgmt_external_db_ip	4.0.X	Yes	CGNAT-O	All	IP address of the external database host. This feature is PREVIEW ONLY and the default value is disabled.

CGNAT Offering only inputs¶

Parameter	VNFM Version	Required	Blueprint	VIM	Description
bgp_vnf_egw_peer_ip	2.0	No	CGNAT-offering	All	If your environment uses Border Gateway Protocol (BGP) on the server-side, then enter the neighbor IPv4 or IPv6 address of the EGW to which the CGNAT VE BIG-IPs will advertise their default routes.
cgnat_ve_default_instances	2.0	No	CGNAT-offering	All	The number (must be greater than 0) of CGNAT VE instances to be created during deployment installation. Default value is 1.
vnf_layer_throughput	2.0	No	CGNAT-offering	All	The desired aggregate throughput (in Gigabits In / Out) for a layer in the group (for example, values can include 5 for 5GB, 10 for 10GB, 50 for 50GB).
vnf_layer_throughput_check_interval	2.0	No	CGNAT-offering	All	Interval between checks (in minutes).
vnf_layer_throughput_threshold	2.0	No	CGNAT-offering	All	New instance is added to the layer when the percentage of average aggregate layer throughput exceeds this threshold value (for example, when the aggregate layer reaches 75%, a new instance is added).

CGNAT-related AS3 Declaration¶

The F5® BIG-IP® Application Services 3 Extension (AS3) used for CGNAT solution deployments is slightly different and requires the following:

Parameter VNFM Version Required Blueprint VIM Description

CGNAT-specific AS3 Declaration

2.0.X

Yes

CGNAT-O

All

Parameter	VNFM Version	Required	Blueprint	VIM	Description
CGNAT-specific AS3 Declaration	2.0.X	Yes	CGNAT-O	All	You will edit this F5® BIG-IP® Application Services 3 Extension (AS3) as appropriate for your solution; however, the VLAN names used in the `allowVlans` property for each service MUST correspond to the values of the `pgw_net` (for outbound traffic) and `pdn_net` inputs (for inbound traffic). For a sample AS3 declaration, consult the supported inputs files in the VNFM public GitHub repository.
vnf_as3_nsd_payload	3.0.0	Yes	GiLAN/F, CGNAT-O	All	You will edit this F5® BIG-IP® Application Services 3 Extension (AS3) with CGNAT configuration for a Gi-LAN or Gi-Firewall deployment that you want enabled with CGNAT capabilities. For example: vnf_as3_nsd_payload: {"class":"ADC","remark":"VNF","schemaVersion":"3.0.0","id":"cfy_vnf_01", "label":"vnf","f5vnf":{"class":"Tenant","Shared":{"class":"Application","template":"shared", "lbSelectedRule":{"class":"iRule","iRule":"when LB_SELECTED {log local0. \"Selected server [LB::server]\"}"},"ServiceMain_TCP":{"remark":"VS TCP","layer4":"tcp","translateServerAddress": false,"translateServerPort":false,"class":"Service_L4","profileL4":{"bigip":"/Common/fastL4"}, "virtualAddresses":[{"use":"/f5vnf/Shared/serviceAddress"}],"virtualPort":0,"persistenceMethods" :[{"use":"/f5vnf/Shared/persistenceSourceCarp"}],"iRules":["/f5vnf/Shared/lbSelectedRule"], "snat":"none","lastHop":"disable","arpEnabled":true,"icmpEcho":"disable","spanningEnabled":true, "allowVlans":[{"use":"/Common/pgw_dag_net"}],"policyNAT":{"use":"/f5vnf/Shared/natPolicy"}}, "ServiceMain_UDP":{"remark":"VS UDP","layer4":"udp","translateServerAddress":false, "translateServerPort":false,"class":"Service_L4","profileL4":{"bigip":"/Common/fastL4"}, "virtualAddresses":[{"use":"/f5vnf/Shared/serviceAddress"}],"virtualPort":0, "persistenceMethods":[{"use":"/f5vnf/Shared/persistenceSourceCarp"}],"iRules": ["/f5vnf/Shared/lbSelectedRule"],"snat":"none","lastHop":"disable","arpEnabled": false,"icmpEcho":"disable","spanningEnabled":true,"allowVlans":[{"use":"/Common/pgw_dag_net"}], "policyNAT":{"use":"/f5vnf/Shared/natPolicy"}},"serviceAddress":{"class":"Service_Address", "arpEnabled":false,"icmpEcho":"disable","spanningEnabled":true,"routeAdvertisement":"enable", "virtualAddress":"0.0.0.0","trafficGroup":"/Common/traffic-group-local-only"},"profileL4": {"clientTimeout":30,"idleTimeout":300,"looseClose":false,"looseInitialization":false, "maxSegmentSize":0,"resetOnTimeout":true,"tcpCloseTimeout":5,"tcpHandshakeTimeout":5,"class": "L4_Profile"},"profileL4Loose":{"clientTimeout":30,"idleTimeout":300,"looseClose":true, "looseInitialization":true,"maxSegmentSize":0,"resetOnTimeout":true,"tcpCloseTimeout":5, "tcpHandshakeTimeout":5,"class":"L4_Profile","remark":"Log load balanced server"}, "persistenceDestinationCarp":{"class":"Persist","persistenceMethod":"destination-address", "hashAlgorithm":"carp"},"persistenceSourceCarp":{"class":"Persist","persistenceMethod": "source-address","hashAlgorithm":"carp"},"natDestinationAddressList":{"addresses":["0.0.0.0/0"], "class":"Firewall_Address_List"},"natSourceAddressList":{"addresses":["10.10.11.0/24"], "class":"Firewall_Address_List"},"natDestinationPortList":{"ports":["1-65535"],"class": "Firewall_Port_List"},"natSourcePortList":{"ports":["1-65535"],"class":"Firewall_Port_List"}, "natPolicy":{"class":"NAT_Policy","rules":[{"destination":{"addressLists":[{"use": "/f5vnf/Shared/natDestinationAddressList"}],"portLists":[{"use": "/f5vnf/Shared/natDestinationPortList"}]},"name":"nat_tcp","protocol":"tcp","source": {"addressLists":[{"use":"/f5vnf/Shared/natSourceAddressList"}],"portLists":[{"use": "/f5vnf/Shared/natSourcePortList"}]},"sourceTranslation":{"use": "/f5vnf/Shared/natSourceTranslation"}}]},"natSourceTranslation":{"addresses": ["10.10.200.101/32"],"patMode":"pba","ports":["1-65535"],"routeAdvertisement":true,"type": "dynamic-pat","class":"NAT_Source_Translation"}}}}

You will edit this F5® BIG-IP® Application Services 3 Extension (AS3) as appropriate for your solution; however, the VLAN names used in the allowVlans property for each service MUST correspond to the values of the pgw_net (for outbound traffic) and pdn_net inputs (for inbound traffic).

For a sample AS3 declaration, consult the supported inputs files in the VNFM public GitHub repository.

vnf_as3_nsd_payload

3.0.0

Yes

GiLAN/F, CGNAT-O

All

You will edit this F5® BIG-IP® Application Services 3 Extension (AS3) with CGNAT configuration for a Gi-LAN or Gi-Firewall deployment that you want enabled with CGNAT capabilities. For example:

vnf_as3_nsd_payload: {"class":"ADC","remark":"VNF","schemaVersion":"3.0.0","id":"cfy_vnf_01",
"label":"vnf","f5vnf":{"class":"Tenant","Shared":{"class":"Application","template":"shared",
"lbSelectedRule":{"class":"iRule","iRule":"when LB_SELECTED {log local0. \"Selected server
[LB::server]\"}"},"ServiceMain_TCP":{"remark":"VS TCP","layer4":"tcp","translateServerAddress":
false,"translateServerPort":false,"class":"Service_L4","profileL4":{"bigip":"/Common/fastL4"},
"virtualAddresses":[{"use":"/f5vnf/Shared/serviceAddress"}],"virtualPort":0,"persistenceMethods"
:[{"use":"/f5vnf/Shared/persistenceSourceCarp"}],"iRules":["/f5vnf/Shared/lbSelectedRule"],
"snat":"none","lastHop":"disable","arpEnabled":true,"icmpEcho":"disable","spanningEnabled":true,
"allowVlans":[{"use":"/Common/pgw_dag_net"}],"policyNAT":{"use":"/f5vnf/Shared/natPolicy"}},
"ServiceMain_UDP":{"remark":"VS UDP","layer4":"udp","translateServerAddress":false,
"translateServerPort":false,"class":"Service_L4","profileL4":{"bigip":"/Common/fastL4"},
"virtualAddresses":[{"use":"/f5vnf/Shared/serviceAddress"}],"virtualPort":0,
"persistenceMethods":[{"use":"/f5vnf/Shared/persistenceSourceCarp"}],"iRules":
["/f5vnf/Shared/lbSelectedRule"],"snat":"none","lastHop":"disable","arpEnabled":
false,"icmpEcho":"disable","spanningEnabled":true,"allowVlans":[{"use":"/Common/pgw_dag_net"}],
"policyNAT":{"use":"/f5vnf/Shared/natPolicy"}},"serviceAddress":{"class":"Service_Address",
"arpEnabled":false,"icmpEcho":"disable","spanningEnabled":true,"routeAdvertisement":"enable",
"virtualAddress":"0.0.0.0","trafficGroup":"/Common/traffic-group-local-only"},"profileL4":
{"clientTimeout":30,"idleTimeout":300,"looseClose":false,"looseInitialization":false,
"maxSegmentSize":0,"resetOnTimeout":true,"tcpCloseTimeout":5,"tcpHandshakeTimeout":5,"class":
"L4_Profile"},"profileL4Loose":{"clientTimeout":30,"idleTimeout":300,"looseClose":true,
"looseInitialization":true,"maxSegmentSize":0,"resetOnTimeout":true,"tcpCloseTimeout":5,
"tcpHandshakeTimeout":5,"class":"L4_Profile","remark":"Log load balanced server"},
"persistenceDestinationCarp":{"class":"Persist","persistenceMethod":"destination-address",
"hashAlgorithm":"carp"},"persistenceSourceCarp":{"class":"Persist","persistenceMethod":
"source-address","hashAlgorithm":"carp"},"natDestinationAddressList":{"addresses":["0.0.0.0/0"],
"class":"Firewall_Address_List"},"natSourceAddressList":{"addresses":["10.10.11.0/24"],
"class":"Firewall_Address_List"},"natDestinationPortList":{"ports":["1-65535"],"class":
"Firewall_Port_List"},"natSourcePortList":{"ports":["1-65535"],"class":"Firewall_Port_List"},
"natPolicy":{"class":"NAT_Policy","rules":[{"destination":{"addressLists":[{"use":
"/f5vnf/Shared/natDestinationAddressList"}],"portLists":[{"use":
"/f5vnf/Shared/natDestinationPortList"}]},"name":"nat_tcp","protocol":"tcp","source":
{"addressLists":[{"use":"/f5vnf/Shared/natSourceAddressList"}],"portLists":[{"use":
"/f5vnf/Shared/natSourcePortList"}]},"sourceTranslation":{"use":
"/f5vnf/Shared/natSourceTranslation"}}]},"natSourceTranslation":{"addresses":
["10.10.200.101/32"],"patMode":"pba","ports":["1-65535"],"routeAdvertisement":true,"type":
"dynamic-pat","class":"NAT_Source_Translation"}}}}

Common external database inputs¶

This feature and all related inputs are PREVIEW ONLY and the default values are set to disable.

Parameter	VNFM Version	Required	Blueprint	VIM	Description
db_host	4.0.0	Yes	All	All	String input with the default value left empty. When using external database Option A where VNF Manager auto-deploys your external database enter the IP address of the Centos VM hosting your database. Otherwise, for Option B, leave empty “”.
db_name	4.0.0	No	All	All	String value for the name of the external PostgreSQL database; for example, F5_db. Default value is empty “”. If using Option A enter [TBD] If using Option B enter [TBD]
db_user	4.0.0	No	All	All	String value for the username used to access the Centos VM hosting your external database; for example, F5user. Default value is empty “”. If using Option A enter [TBD] If using Option B enter [TBD]
db_password	4.0.0	No	All	All	String value for the password used to access the Centos VM hosting your external database; for example, F5password. Default value is empty “”. If using Option A enter [TBD] If using Option B enter [TBD] Input value is not used, if you set the CA certification.
db_port	4.0.0	No	All	All	Port number used for the Centos VM hosting your external database. Default value is empty “”. If using Option A enter ??? If using Option B enter [TBD]
db_sslmode	4.0.0	No	All	All	String value indicating whether SSL mode is disabled or enabled on the Centos VM hosting your external database. If using Option A enter [TBD] If using Option B enter [TBD]
db_ssh_key	4.0.0	No	All	OpenStack	SSH key used to access shell on the Centos VM hosting your external database. Default value is empty “”. If using Option A enter [TBD] If using Option B enter [TBD]
sw_ref_external_db	4.0.0	No	All	All	Dictionary used to define the following VIM parameters for the Centos VM hosting your external database: availability_zone: #nova, flavor: #f5.cloudify_small, image: #CentOS-7-x86_64-GenericCloud. If using Option A enter [TBD] If using Option B enter [TBD]
db_sslkey	4.0.0	No	Gi-LAN and CGNAT-O	All	This parameter specifies the secret key used for the client certificate. This parameter is ignored if an SSL connection is not made. If empty/undefined, the key is auto-generated.
db_sslcert	4.0.0	No	All	All	String value for the client SSL certificate used for the Centos VM hosting your external database. If left empty, a certificate is generated. If using Option A enter [TBD] If using Option B enter [TBD]
db_sslrootcert	4.0.0	No	All	All	String value for the SSL certificate used for the root account for the Centos VM hosting your external database. If using Option A enter [TBD] If using Option B enter [TBD]

What’s next?

REST API

Previous Next