Neutron to BIG-IP Command Mapping¶
When you issue
neutron lbaas commands on your OpenStack Neutron controller, the F5 Agent for OpenStack Neutron configures objects on your BIG-IP device(s).
This document describes how OpenStack Neutron LBaaS objects correspond to BIG-IP objects and what actions the F5 Agent takes for each
neutron lbaas-loadbalancer CLI command.
F5 LBaaSv2 uses the f5-sdk to communicate with BIG-IP via the F5 iControl REST API. The table below shows the corresponding iControl endpoint and BIG-IP object for each neutron lbaas- ‘create’ command.
|Neutron command||iControl REST API endpoint|
The sections below cover the settings F5 Agent applies to a standalone, overcloud BIG-IP device. The actual settings applied for a given command can vary depending on your existing BIG-IP device configurations and network architecture.
To view the actual API calls the F5 Agent sends to the BIG-IP device(s), set the F5 agent’s DEBUG level to ‘True’ and view the logs (
Start the F5 Agent for OpenStack Neutron¶
- systemctl start f5-openstack agent
- When you first start the F5 Agent:
- it reads the
vtepself IP defined in the F5 Agent config file;
- the F5 Agent discovers the BIG-IP
vtepIP address and advertises it to Neutron as its
- the F5 Driver for OpenStack LBaaSv2 adds a new port for the
vtepto the OVS switch;
- the F5 Agent adds profiles for all tunnel types to the BIG-IP device(s).
Create a Neutron LBaaS Load Balancer¶
- neutron lbaas-loadbalancer-create
- The F5 Agent creates the following:
- new BIG-IP partition
- BIG-IP forwarding database (FDB) records for all peers in the network
- new BIG-IP route domain
- new BIG-IP self IP on the specified subnet (this is the IP address at which the BIG-IP device can receive traffic for this load balancer)
- new tunnel (uses the
vtepas the local address and the BIG-IP vxlan profile created when the F5 Agent started) 
- new SNAT pool list/SNAT translation list 
In addition, the F5 Driver adds a Neutron port for each SNAT address.
- If BIG-IP SNAT mode is off and you have
0, the BIG-IP acts as a gateway and handles all return traffic from members.
- If BIG-IP SNAT mode is on and you have
0, the BIG-IP device uses SNAT automap.
Create a Neutron LBaaS Listener¶
- neutron lbaas-listener-create
- The F5 Agent creates a new BIG-IP virtual server in the specified partition.
- uses the Fast L4 protocol
- uses the IP address Neutron assigned to the load balancer
- uses the route domain created for the load balancer
- if you’re using tunnels, traffic is only handled in the tunnel assigned to the load balancer
- for secure listeners using the
- fetches the certificate/key container from Barbican.
- adds the key and certificate to the BIG-IP device(s).
- creates a custom SSL profile using
clientsslas the parent profile.
- adds the new SSL profile to the virtual server.
Create a Neutron LBaaS Pool¶
- neutron lbaas-pool-create
- The F5 Agent adds a new pool to the specified virtual server.
Create a Neutron LBaaS Member¶
- neutron lbaas-member-create
- The F5 Agent adds a new member to the requested pool using the specified IP address and port.
- If there is a Neutron port associated with the specified IP address and subnet, the F5 Agent creates a forwarding database (FDB) entry for the member on the BIG-IP device(s). 
- When you add a member to a pool for the first time, the BIG-IP pool status changes.
- When you create a member with a specific IP address for the first time, the F5 Agent also creates a new BIG-IP node for that IP address.
Create a Neutron LBaaS Health Monitor¶
- neutron lbaas-healthmonitor-create
- The F5 Agent creates a new BIG-IP health monitor for the specified pool.
- Creating a health monitor for a pool for the first time makes the BIG-IP pool status change.
- Health monitors directly affect the status and availability of BIG-IP pools and pool members. Any additions or changes may change the status of the specified pool.
|||If using global routed mode, F5 Agent doesn’t create a tunnel. Instead, all traffic goes to the load balancer’s self IP address.|
|||You can set the number of SNAT addresses to create via the |
|||See Set up the F5 Agent for OpenStack Barbican.|
|||The F5 Agent will not create a FDB entry if the pool member IP address and subnet don’t have a corresponding Neutron port. In such cases, warning messages print to the |