Last updated on: 2023-08-29 10:06:08.

VMware Integrated Openstack (VIO) setup

Currently, F5 supports BIG-IP Virtual Edition 15.1.5.1 or BIG-IP Virtual Edition 16.1.2.1 and BIG-IQ Virtual Edition 6.0.1 or 8.2 on VMware VIO 5.1 using the following setup:

Component Description
Flavors

Define flavors sized to accommodate the VNFM component images you previously uploaded. The minimum flavor requirements for deploying the F5 VNF Manager include:

  • vCPU: 4
  • RAM: 8GB
  • Root disk: 160GB
Networks

Define the following networks and one subnet for each, with sufficient IP address space in each network:

  • Management network (mgmt) – Configure the VNF Manager and BIG-IP VE management interfaces on this network, specifying at least one DNS server in the subnet configuration.
  • Provider gateway network (pgw_net) – Network used for the internal-facing DAG data plane interfaces.
  • Provider data network (pdn_net) – Network used for the external-facing DAG data plane interfaces.
  • DAG to provider gateway network (pgw_dag_net) – Network used for the internal-facing VNF data plane interfaces. VNFM creates this network automatically, during the launch process.
  • DAG to provider data network (pdn_dag_net) – Network used for the external-facing VNF data plane interfaces. VNFM creates this network automatically, during the launch process.
  • Control network (control_net) – Network used for communication with control and value-added services.
  • HA network (ha_net) – Network used for internal HA communication between clustered VNF BIG-IP VE instances.
  • External network (external_net) - Network used for accessing the VNFM externally. You assign this network when attaching a floating IP to the VNFM instance.
Security Groups

Security groups are required for versions 1.2.1 and earlier, but are OPTIONAL for version 1.3.0 and later for ALL blueprint solutions. To set up security groups, consider the following:

  • SNMP security group (snmp_sg) – Allow UDP ports 161/162.
  • Control security group (control_sg) – Configure as needed for your environment.
  • Management security group (mgmt_sg) – Allow TCP port 443, and add an Ingress rule for ALL ICMP.
  • Provider data network security group (pdn_sg) – Configure as needed for your environment.
  • Provider gateway security group (pgw_sg) – Configure as needed for your environment.

Default behavior for VIO is to create a default security group for every instance. If you are not using security groups, then in VNFM version 1.3.0 and later inputs files, set the security_groups input to disable, and for VNFM version 1.4.0 and later set the VNF-BIG-IQ solution blueprint, security_groups input to 0 (disable).
Key Pair Defined PEM-encoded key pairs for accessing VNFM instance remotely, using SSH.

What’s Next?

Back to setup.