Deploy a basic load balancer

The series of code samples provided here demonstrate how to configure a basic loadbalancer via the OpenStack Neutron CLI with the F5 Integration for OpenStack Neutron LBaaS. The OpenStack CLI documentation has a full list of all neutron lbaas commands.


The LBaaSv2 CLI commands begin with lbaas-. Commands beginning with lb- are part of the deprecated OpenStack LBaaS v1 project.

Example: Project_9572afc14db14c8a806d8c8219446e7b

Create a Neutron LBaaS load balancer


Neutron LBaaS load balancer == BIG-IP partition

The name assigned to the new BIG-IP partition follows the naming convention <environment-prefix>_<openstack-tenant-ID>. The default environment prefix is Project_. You can change the environment prefix in the F5 Agent configuration file.

Specify the name you want to assign to the load balancer and the existing OpenStack subnet you want to assign to it.

$ neutron lbaas-loadbalancer-create --name lb1 private-subnet

Add a BIG-IP virtual server


Neutron LBaaS listener == BIG-IP virtual server

Specify the name you want to assign to the virtual server; the name of the load balancer (BIG-IP partition) you want to create the virtual server for; and the protocol type and port you’d like to use.

$ neutron lbaas-listener-create --name vs1 --loadbalancer lb1 --protocol HTTP --protocol-port 8080

Add a secure BIG-IP virtual server


OpenStack uses the Transport Layer Security (TLS) protocol to secure network traffic. You must configure Barbican and Keystone before you can create a secure BIG-IP virtual server.

  1. Set up Keystone and Barbican, if you haven’t already. [1]

  2. Complete the Certificate Manager settings section of the F5 Agent configuration file.

  3. Create a listener using the TERMINATED_HTTPS protocol; specify the location of the Barbican container where the certificate you want to use for authentication lives.

    The F5 Agent will add this certificate to the BIG-IP device(s) and use it to create a new BIG-IP SSL profile.

    $ neutron lbaas-listener-create --name vs2 --protocol TERMINATED_HTTPS --protocol-port 8443 --loadbalancer lb1 --default-tls-container-ref  http://localhost:9311/v1/containers/db50dbb3-70c2-44ea-844c-202e06203488

Create a pool

When you create a pool, specify the name you want to assign to the pool; the load balancing method you want to use; the name of the virtual server (listener) you want to attach the pool to; and the protocol type the pool should use.

$ neutron lbaas-pool-create --name pool1 --lb-algorithm ROUND_ROBIN --listener vs1 --protocol HTTP
$ neutron lbaas-pool-create --name pool2 --lb-algorithm ROUND_ROBIN --listener vs2 --protocol HTTPS

Create a pool member

When creating a pool member, specify the existing OpenStack subnet you want to assign to it; the IP address the member should process traffic on; the protocol port; and the name or UUID of the pool you want to attach the member to.

$ neutron lbaas-member-create --subnet private-subnet --address --protocol-port 80 pool1

Create a health monitor

When creating a health monitor, specify the delay; monitor type; number of retries; timeout period; and the name of the pool you want to monitor.

$ neutron lbaas-healthmonitor-create --delay 3 --type HTTP --max-retries 3 --timeout 3 --pool pool1

What’s Next

Use the BIG-IP configuration utility to verify that all of your Neutron LBaaS objects appear on the BIG-IP device(s).

  1. Log in to the BIG-IP configuration utility at the management IP address (e.g.,
  2. Use the Partition drop-down menu to select the correct partition for your load balancer.
  3. Go to Local traffic ‣ Virtual Servers to view your new virtual server.
  4. Click on the virtual server name to view the pool, pool member, and health monitor.


[1]See OpenStack’s How to create a TLS load balancer for more information and configuration instructions.