F5 Integration for OpenStack Neutron LBaaS¶
The F5 Integration for OpenStack Neutron LBaaS orchestrates BIG-IP Application Delivery Controllers (ADCs) with OpenStack Networking (Neutron) services. The Integration consists of the F5 Agent for OpenStack Neutron and F5 Driver for OpenStack LBaaSv2, which work together to configure F5 BIG-IP Local Traffic Manager (LTM) objects via the OpenStack Networking API.
General Prerequisites¶
This documentation set assumes that you:
- already have an operational OpenStack Deployment with OpenStack Neutron and OpenStack Heat installed; [1]
- are familiar with OpenStack Horizon and the OpenStack CLI; and
- are familiar with BIG-IP LTM concepts, the BIG-IP configuration utility, and
tmsh
commands.
See also
See the F5 OpenStack Solution Test Plan for information about minimum supported deployments.
F5 Driver for OpenStack LBaaSv2¶
The F5 Driver for OpenStack LBaaSv2, or F5 Driver, is F5’s OpenStack Neutron LBaaSv2 service provider driver. It picks up Neutron LBaaS calls from the RPC messaging queue and assigns them to the F5 Agent for OpenStack Neutron.
F5 Agent for OpenStack Neutron¶
The F5 Agent, or F5 Agent, translates from “OpenStack” to “F5”. It receives tasks from the Neutron RPC messaging queue, converts them to iControl REST API calls (using the F5 Python SDK), and sends the calls to the BIG-IP device(s).
Important
The F5 Agent translates information from the OpenStack Neutron database into BIG-IP system configurations. It cannot, however, read existing BIG-IP configurations or non-Neutron network configurations. Use the F5 Agent configuration file to tell the Agent about the network architecture and the BIG-IP system configurations.
Key OpenStack Concepts¶
Agent-Tenant Affinity¶
When the Neutron LBaaS plugin loads the F5 Driver, it creates a global messaging queue. The F5 Agent for OpenStack Neutron sends all callbacks and status updates to this global queue. The F5 Driver picks up LBaaS requests from the global messaging queue in a round-robin fashion, then assigns the tasks to an available F5 Agent instance based on “agent-tenant affinity”.
Agent-tenant affinity is a relationship between an F5 Agent instance and an OpenStack “tenant”, or project. In brief, once an F5 Agent handles an LBaaS request for a particular OpenStack tenant, the F5 Agent has “agent-tenant affinity” with that tenant. That instance will handle all future LBaaS requests for that tenant (with a few caveats, noted below).
How “agent-tenant affinity” applies in LBaaS task assignment:
You request a new loadbalancer (neutron lbaas-loadbalancer-create ). |
|
The F5 LBaaSv2 driver checks the Neutron database to find out if an F5 Agent instance already has affinity with the tenant the loadbalancer request is for. | |
If the F5 LBaaSv2 driver finds an F5 Agent instance that has affinity with the loadbalancer’s tenant, it assigns the request to that instance. | |
If the F5 LBaaSv2 driver doesn’t find an F5 Agent instance that has affinity
with the loadbalancer’s The selected instance binds to the requested loadbalancer. It will handle all future LBaaS requests for that loadbalancer. |
You update an existing loadbalancer
(neutron lbaas-loadbalancer-update ). |
|
The F5 LBaaSv2 driver checks the Neutron database to find out if an F5 Agent instance is already bound to the loadbalancer. | |
If the F5 LBaaSv2 driver doesn’t find a bound F5 Agent instance for the loadbalancer, it looks for an instance that has affinity with the loadbalancer’s tenant, then assigns the request to that instance. | |
If the F5 LBaaSv2 driver doesn’t find an F5 Agent instance that has affinity
with the loadbalancer’s The selected instance binds to the requested loadbalancer. It will handle all future LBaaS requests for that loadbalancer. |
Important
If the F5 Agent bound to a Neutron loadbalancer is inactive, the F5 LBaaSv2 driver looks for other active agents with the same Set up F5 Agent to use the new environment. The F5 LBaaSv2 driver assigns the task to the first available agent it finds. The inactive F5 Agent remains bound to the loadbalancer, with the expectation that it will eventually come back online and be able to handle future requests.
If you delete an F5 Agent, you should also delete all of its bound loadbalancers.
To find all loadbalancers associated with a specific F5 Agent :
neutron lbaas-loadbalancer-list-on-agent <agent-id>
Partnerships and certifications¶
The F5 Integration for OpenStack Neutron LBaaS provides under-the-cloud multi-tenant infrastructure L4-L7 services for Neutron tenants. In addition to community OpenStack participation, F5 maintains partnerships with several OpenStack platform vendors. Each partner has a defined certification process that includes requirements for testing the F5 Integration for OpenStack Neutron LBaaS for vendor and community OpenStack compatibility. See the Solution Test Plan for more information.
Footnotes
[1] | Unsure how to get started with OpenStack? Consult one of F5’s OpenStack Platform Partners. |