Add BIG-IP device to flannel VXLAN

This document provides step-by-step instructions for adding a BIG-IP device to a Kubernetes Cluster using flannel VXLAN. For more information about this integration, see BIG-IP and flannel VXLAN Integration.

Complete the following tasks to add a BIG-IP device to a Kubernetes Cluster Network using flannel.

Task Summary
Step Task
Deploy flannel for Kubernetes

Set up the BIG-IP system:

Add the BIG-IP device to the flannel overlay network

Deploy flannel for Kubernetes

If you haven’t already deployed flannel in your Kubernetes Cluster, you can do so using a kube-flannel manifest file. The manifest file defines all of the resources required to deploy flannel in Kubernetes.


In the netconf.json section of the ConfigMap, the Backend.Type must be vxlan. The BIG-IP Controller doesn’t support other backend modes.

Set up the BIG-IP system


The steps in this section require Administrator or Resource Administrator access to the BIG-IP system’s TMOS shell (tmsh).

Create a VXLAN tunnel

  1. Log in to the TMOS shell (tmsh).

  2. Create a VXLAN profile with flooding-type none.

    create net tunnels vxlan fl-vxlan port 8472 flooding-type none
  3. Create a VXLAN tunnel.

    • Set the local-address to an IP address from the network that will support the VXLAN overlay.
    • Set the key to 1 to grant the BIG-IP device access to all Cluster resources.
    create net tunnels tunnel flannel_vxlan key 1 profile fl-vxlan local-address

Create a self IP in the VXLAN

  1. Identify the flannel subnet you want to assign to the BIG-IP system. Make sure it doesn’t overlap with a subnet that’s already in use by existing Nodes in the Kubernetes Cluster. You will assign this subnet to a “dummy” Node for the BIG-IP device later.

  2. Log in to the TMOS shell (tmsh).

  3. Create a self IP using an address from the subnet you want to assign to the BIG-IP device.


  • The self IP range must fall within the cluster subnet mask. The flannel network’s default subnet mask is /16.
  • If you use the BIG-IP configuration utility to create a self IP, you may need to provide the full netmask instead of the CIDR notation.
create net self address allow-service none vlan flannel_vxlan

Create a floating self IP in the VXLAN

Create a floating IP address in the flannel subnet you assigned to the BIG-IP device.

create net self address allow-service none traffic-group traffic-group-1 vlan flannel_vxlan


By default, the BIG-IP Controller uses BIG-IP Automap SNAT for all of the virtual servers it creates. From k8s-bigip-ctlr v1.5.0 forward, you can designate a specific SNAT pool in the Controller Deployment instead of using SNAT automap.

In environments where the BIG-IP connects to the Cluster network, the self IP used as the BIG-IP VTEP serves as the SNAT pool for all origin addresses within the Cluster. The subnet mask you provide when you create the self IP defines the addresses available to the SNAT pool.

Verify creation of the BIG-IP objects

You can use a TMOS shell (tmsh) to verify object creation.

list net tunnels tunnel flannel_vxlan
list net self
list net self

Add the BIG-IP device to the flannel overlay network

Flannel uses a set of custom Annotations to identify Nodes as part of the Cluster network. When you create a dummy Node resource for the BIG-IP that contains these Annotations, flannel can discover the BIG-IP device and monitor it as part of the VXLAN.

Find the VTEP MAC address

You can find the MAC address of your BIG-IP VXLAN tunnel using a TMOS shell.

show net tunnels tunnel flannel_vxlan all-properties
Net::Tunnel: flannel_vxlan
MAC Address                   ab:12:cd:34:ef:56

Find the flannel Annotations

Run kubectl describe for any Node in the Cluster and make note of the flannel Annotations included in the Node description.

kubectl describe nodes
...'{"VtepMAC":"<mac-address>"}' 'vxlan' 'true' <node-ip-address>

Create a Kubernetes Node for the BIG-IP device

  1. Create a “dummy” Kubernetes Node resource.

    Include all of the flannel Annotations. Define the backend-data and public-ip Annotations with data from the BIG-IP VXLAN:'{"VtepMAC":"<BIG-IP_mac-address>"}' <BIG-IP_vtep-address>

    (This is the IP address you assigned to the VXLAN tunnel).

    apiVersion: v1
    kind: Node
      name: bigip
        # Provide the MAC address of the BIG-IP VXLAN tunnel '{"VtepMAC":"ab:12:cd:34:ef:56"}' "vxlan" "true"
        # Provide the IP address you assigned as the BIG-IP VTEP
      # Define the flannel subnet you want to assign to the BIG-IP device.
      # Be sure this subnet does not collide with any other Nodes' subnets.


  2. Upload the Node resource to the Kubernetes API server.

    kubectl create -f f5-kctlr-bigip-node.yaml
  3. Verify creation of the Node.

    kubectl get nodes
    NAME           STATUS    AGE       VERSION
    bigip          NotReady  5m        v1.7.5
    k8s-master-0   Ready     2d        v1.7.5
    k8s-worker-0   Ready     2d        v1.7.5
    k8s-worker-1   Ready     2d        v1.7.5

See also

  • If you’re having trouble with your network setup, see Network troubleshooting. (This troubleshooting issue references the OpenShift Cluster Network, but the concepts are the same.)