F5 Integration for OpenStack Neutron LBaaS

The F5 Integration for OpenStack Neutron LBaaS orchestrates BIG-IP Application Delivery Controllers (ADCs) with OpenStack Networking (Neutron) services. The Integration consists of the F5 Agent for OpenStack Neutron and F5 Driver for OpenStack LBaaSv2, which work together to configure F5 BIG-IP Local Traffic Manager (LTM) objects via the OpenStack Networking API.

General Prerequisites

This documentation set assumes that you:

See also

See the F5 OpenStack Solution Test Plan for information about minimum supported deployments.

F5 Driver for OpenStack LBaaSv2

The F5 Driver for OpenStack LBaaSv2, or F5 Driver, is F5’s OpenStack Neutron LBaaSv2 service provider driver. It picks up Neutron LBaaS calls from the RPC messaging queue and assigns them to the F5 Agent for OpenStack Neutron.

Diagram showing the architecture of the F5 Integration for OpenStack Neutron LBaaS. A user issues a neutron lbaas command; the F5 LBaaSv2 driver assigns the task from the Neutron RPC messaging queue to the F5 Agent for OpenStack Neutron. The F5 Agent periodically reports its status to the Neutron database.

F5 Agent for OpenStack Neutron

The F5 Agent, or F5 Agent, translates from “OpenStack” to “F5”. It receives tasks from the Neutron RPC messaging queue, converts them to iControl REST API calls (using the F5 Python SDK), and sends the calls to the BIG-IP device(s).

Diagram showing the operation of the F5 Agent for OpenStack Neutron. A user issues a neutron lbaas command; the F5 LBaaSv2 driver assigns the task to the F5 Agent for OpenStack Neutron; the F5 Agent sends the command to the BIG-IP device as an iControl REST API call to add or edit the requested object.

Important

The F5 Agent translates information from the OpenStack Neutron database into BIG-IP system configurations. It cannot, however, read existing BIG-IP configurations or non-Neutron network configurations. Use the F5 Agent configuration file to tell the Agent about the network architecture and the BIG-IP system configurations.

Key OpenStack Concepts

Agent-Tenant Affinity

When the Neutron LBaaS plugin loads the F5 Driver, it creates a global messaging queue. The F5 Agent for OpenStack Neutron sends all callbacks and status updates to this global queue. The F5 Driver picks up LBaaS requests from the global messaging queue in a round-robin fashion, then assigns the tasks to an available F5 Agent instance based on “agent-tenant affinity”.

Agent-tenant affinity is a relationship between an F5 Agent instance and an OpenStack “tenant”, or project. In brief, once an F5 Agent handles an LBaaS request for a particular OpenStack tenant, the F5 Agent has “agent-tenant affinity” with that tenant. That instance will handle all future LBaaS requests for that tenant (with a few caveats, noted below).

How “agent-tenant affinity” applies in LBaaS task assignment:

Agent-tenant affinity for a new loadbalancer
You request a new loadbalancer (neutron lbaas-loadbalancer-create).
The F5 LBaaSv2 driver checks the Neutron database to find out if an F5 Agent instance already has affinity with the tenant the loadbalancer request is for.
If the F5 LBaaSv2 driver finds an F5 Agent instance that has affinity with the loadbalancer’s tenant, it assigns the request to that instance.

If the F5 LBaaSv2 driver doesn’t find an F5 Agent instance that has affinity with the loadbalancer’s tenant_id, it selects an active F5 Agent instance at random.

The selected instance binds to the requested loadbalancer. It will handle all future LBaaS requests for that loadbalancer.
Agent-tenant affinity for an existing loadbalancer
You update an existing loadbalancer (neutron lbaas-loadbalancer-update).
The F5 LBaaSv2 driver checks the Neutron database to find out if an F5 Agent instance is already bound to the loadbalancer.
If the F5 LBaaSv2 driver doesn’t find a bound F5 Agent instance for the loadbalancer, it looks for an instance that has affinity with the loadbalancer’s tenant, then assigns the request to that instance.

If the F5 LBaaSv2 driver doesn’t find an F5 Agent instance that has affinity with the loadbalancer’s tenant_id, it selects an active F5 Agent instance at random.

The selected instance binds to the requested loadbalancer. It will handle all future LBaaS requests for that loadbalancer.

Important

If the F5 Agent bound to a Neutron loadbalancer is inactive, the F5 LBaaSv2 driver looks for other active agents with the same Set up F5 Agent to use the new environment. The F5 LBaaSv2 driver assigns the task to the first available agent it finds. The inactive F5 Agent remains bound to the loadbalancer, with the expectation that it will eventually come back online and be able to handle future requests.

If you delete an F5 Agent, you should also delete all of its bound loadbalancers.

To find all loadbalancers associated with a specific F5 Agent :

neutron lbaas-loadbalancer-list-on-agent <agent-id>

Partnerships and certifications

The F5 Integration for OpenStack Neutron LBaaS provides under-the-cloud multi-tenant infrastructure L4-L7 services for Neutron tenants. In addition to community OpenStack participation, F5 maintains partnerships with several OpenStack platform vendors. Each partner has a defined certification process that includes requirements for testing the F5 Integration for OpenStack Neutron LBaaS for vendor and community OpenStack compatibility. See the Solution Test Plan for more information.

See also

Footnotes

[1]Unsure how to get started with OpenStack? Consult one of F5’s OpenStack Platform Partners.