Set up access and security groups for BIG-IP devices

To use BIG-IP device(s) in an OpenStack cloud, you’ll need to configure access and security groups.

SSH Keys

Hint

Follow the links below to view the appropriate topics in the OpenStack documentation.

Before deploying BIG-IP Virtual Edition “over-the-cloud” as an OpenStack Nova instance, add or import an SSH key-pair. The key pair allows you to access the management console for the BIG-IP VE instance.

Security Groups

You’ll need to create a security group and rules that allow traffic to pass through BIG-IP devices from OpenStack Neutron networks. Specifically, the security rules should allow the ICMP protocol and standard ports used by BIG-IP devices: 22, 80, and 443.

Example - create a security group and rules using the OpenStack CLI
openstack security group create --project <my_project> --description "security group for BIG-IP devices" bigip
openstack security group rule create --protocol icmp --ingress bigip
openstack security group rule create --protocol tcp --dst-port 22 --ingress bigip
openstack security group rule create --protocol tcp --dst-port 80 --ingress bigip
openstack security group rule create --protocol tcp --dst-port 443 --ingress bigip

If you’re using VXLAN and/or GRE, create the following rule(s):

neutron security group rule create --protocol udp --dst-port 4789 --ingress bigip
neutron security group rule create --protocol gre --ingress bigip