OpenStack cloud environment setup

Currently, F5 supports BIG-IP 13.1.0.5 Virtual-Edition or BIG-IP 14.1.X Virtual-Edition and BIG-IQ 6.0.1 on OpenStack Newton version 10 and Queens version 13 using the following setup:

Important

Due to a known issue with OpenStack Newton (version 10), you must add the F5 VNF Manager to your admin project.

OpenStack Newton Component Description
Flavors (OS v10 or OS v13)

Define flavors sized to accommodate the VNFM component images you previously uploaded. The minimum flavor requirements for deploying the F5 VNF Manager include:

  • vCPU: 4
  • RAM: 8GB
  • Root disk: 160GB
Networks (OS v10 or OS v13)

Define the following networks and one subnet for each, with sufficient IP address space in each network:

  • Management network (mgmt) – Configure the VNF Manager and BIG-IP VE management interfaces on this network, specifying at least one DNS server in the subnet configuration.
  • Provider gateway network (pgw_net) – Network used for the internal-facing DAG data plane interfaces.
  • Provider data network (pdn_net) – Network used for the external-facing DAG data plane interfaces.
  • DAG to provider gateway network (pgw_dag_net) – Network used for the internal-facing VNF data plane interfaces. VNFM creates this network automatically, during the launch process.
  • DAG to provider data network (pdn_dag_net) – Network used for the external-facing VNF data plane interfaces. VNFM creates this network automatically, during the launch process.
  • Control network (control_net) – Network used for communication with control and value-added services.
  • HA network (ha_net) – Network used for internal HA communication between clustered VNF BIG-IP VE instances.
  • External network (external_net) - Network used for accessing the VNFM externally. You assign this network when attaching a floating IP to the VNFM instance.
Security Groups (OS v10 or OS v13)

Security groups are required for versions 1.2.1 and earlier, but are OPTIONAL for version 1.3.0 and later for ALL blueprint solutions. To set up security groups, consider the following:

  • SNMP security group (snmp_sg) – Allow UDP ports 161/162.
  • Control security group (control_sg) – Configure as needed for your environment.
  • Management security group (mgmt_sg) – Allow TCP port 443, and add an Ingress rule for ALL ICMP.
  • Provider data network security group (pdn_sg) – Configure as needed for your environment.
  • Provider gateway security group (pgw_sg) – Configure as needed for your environment.

Default behavior for OpenStack is to create a default security group for every instance. If you are not using security groups, then in VNFM version 1.3.0 and later inputs files, set the security_groups input to disable, and for VNFM version 1.4.0 and later set the VNF-BIG-IQ solution blueprint, security_groups input to 0 (disable).
Key Pair (OS v10 or OS v13) Defined PEM-encoded key pairs for accessing VNFM instance remotely, using SSH.

What’s Next?

Back to setup.