F5 Virtual Network Functions Manager (VNFM)

F5 utilizes an orchestration framework to bring you the F5 Virtual Network Functions Manager (VNFM). This cloud orchestration tool uses OASIS TOSCA-compliant blueprints and plugins to manage the processing resources between your packet gateway and the Internet (Gi-LAN), in a private cloud environment (such as, OpenStack-Newton, version 10), auto-scaling your BIG-IP VE virtual machines, during high-volume periods. VNFM relies on BIG-IQ 6.0.1 and BIG-IP 13.1.1 images to provide services such as, scaling services and resources, load-balancing, and high availability (HA).

F5 VNFM solutions

F5 offers the following VNFM solutions with built-in services that your system can utilize:

Solution Description

VNFM is comprised of an F5 blueprint with specific parameters plus a Gi LAN inputs YAML file that defines those parameters with your system requirements. These components use plugins, enabling you to automatically deploy all the necessary pieces to create a highly-available set of services, deployed in service layers. These layers auto-scale virtual machines and services to provide a complete and fully configured lifecycle management workflow:

  1. Install (push button)
  2. Auto-Scale (out and in)
  3. Auto-Heal (with quarantine of instances for troubleshooting)
  4. Update (push button)
  5. Upgrade (push button)
  6. Delete (push button)
Gi Firewall VNFM is comprised of an F5 blueprint with specific parameters plus this solution also uses the same Gi LAN inputs YAML file as the previous solution, which defines those parameters with your system requirements. These components use plugins enabling you to utilize firewall protection services only like, DDoS mitigation, DNS security, and intrusion protection.

VNFM is comprised of a base F5 blueprint and a base inputs YAML file, lacking monitoring and resource collecting parameters, plus a VNFM Base inputs file that defines those base parameters with your system requirements. The base blueprint will do the following:

  • Instantiate a group of standalone BIG-IP VEs that share a similar (but not synchronized) configuration; for example, all VEs configured on the same OpenStack networks, with similar system settings such as DNS, NTP, module provisioning, and routes.
  • On-board VEs, creating, licensing, provisioning, and configuring a network that installs AS3 RPM on a group of VEs.
  • Enable you to MANUALLY run the workflows that scale in/out VEs, heal VEs, upgrade VEs (start and finish), report utility usage, and uninstall/delete deployments.

When finished deploying your VNFM, you will have the following system:


F5 VNFM resides in the MANO layer. Once you upload BIG-IQ, BIG-IP, and the VNFM images into OpenStack, and deploy the VNFM blueprint, the BIG-IQ license manager, BIG-IPs deployed by the blueprint, and your VNFM will comprise the management network.

Traffic will pass through the disaggregation (DAG) tier and the predefined-throughput service layers, connecting your subscriber packet gateway with the Internet (Gi LAN). The service layers will auto-scale out or add virtual machine instances, depending on your traffic demands. BIG-IPs in the DAG tier load-balance the subscriber traffic across BIG-IP VEs providing the virtualized network functions (VNF) inside the VNF service layer. This diagram depicts an F5 blueprint setting for the Gilan solution, auto_last_hop set to disabled (default), routing the return traffic through the DAG tier. However, this is a configurable setting in the F5 blueprint, which you can enable, and route return traffic directly back to the VNF service layer (bypassing the DAG tier).

Processes like, your policy engines, your subscriber service-charging functions, and signaling will occur on the control network.

What’s Next?

Release notes