Manage BIG-IP Clusters¶
Clustering provides a greater degree of redundancy than a standalone device offers. It helps to avoid service interruptions that could otherwise occur if a device should go down.
Administrator access to both BIG-IP devices and OpenStack cloud.
Licensed, operational BIG-IP device service cluster.
- The F5 Agent for OpenStack Neutron can manage clusters of two (2) to four (4) BIG-IP devices. Active-standby, or “pair”, mode applies to two-device clusters; scalen applies to clusters of more than two (2) devices.
- The administrator login must be the same on all BIG-IP devices in the cluster.
- F5 strongly advises against using configuration synchronization in clusters managed by the F5 Agent.
vi /etc/neutron/services/f5/f5-openstack-agent.ini ... # HA mode # f5_ha_type = pair \\ 2-device cluster f5_ha_type = scalen \\ 2-4 device cluster # #
Add the iControl endpoint (IP address) for each BIG-IP device in the cluster and the admin login credentials. Values must be comma-separated.
# icontrol_hostname = 22.214.171.124,126.96.36.199 # icontrol_username = myusername # icontrol_password = mypassword #
The F5 Agent expects to find a specific number of iControl endpoints (the
icontrol_hostname Agent configuration parameter) based on the
f5_ha_type, as noted below.
|HA type||Number of iControl endpoints expected|
F5 LBaaSv2 and BIG-IP Auto-sync¶
The F5 Agent for OpenStack Neutron applies LBaaS configuration changes to each BIG-IP device in a cluster at the same time, in real time. For this reason, do not use configuration synchronization (config sync) in clusters managed by the F5 Integration for OpenStack Neutron LBaaS.
For example, if you create a load balancer for a device group using config sync, the create command will succeed on the first device in the group and fail on the others. The failure occurs because config sync has already created the requested partition on each device in the cluster.
If you need to sync a BIG-IP device group, do so manually after making changes to Neutron LBaaS objects.
If you must use config sync mode, set the
standalone and enter the iControl endpoint for one (1) of the BIG-IP devices in the group.
If you choose to do so, you must manually replace the iControl endpoint in the F5 Agent configuration file with the iControl endpoint of another device in the group if the configured device should fail.
While it is possible to use config sync for a device group after creating a new load balancer, it is not recommended.
F5 has not tested or verified this functionality.