F5 Container Connector - Marathon

This document provides general information regarding the F5 Integration for Marathon. Please refer to the guides below for deployment and usage instructions.


The BIG-IP Controller for Marathon (marathon-bigip-ctlr) configures BIG-IP objects for Applications in a Mesos cluster, serving North-South traffic. The BIG-IP Controller is a container-based Marathon Application that runs within the Marathon cluster. It configures the BIG-IP device as needed to handle traffic for Apps within the cluster. You can launch the BIG-IP Controller in Marathon via the Marathon REST API or the Marathon Web Interface [1].

Solution design: The Container Connector runs as an App within the cluster; it configures the BIG-IP device as needed to handle traffic for Apps in the cluster

The BIG-IP Controller watches the Marathon API for special “F5 Application Labels” that tell it:

  • what Marathon Application we want it to manage, and
  • what BIG-IP LTM objects we want to create for that specific Application.

When the BIG-IP Controller discovers new or updated Marathon Applications with the F5 Application Labels, it dynamically applies the desired settings to the BIG-IP device.

Diagram demonstrating how the BIG-IP Controller picks up configurations from F5 Application labels and applies the desired config to BIG-IP devices.

You can use the BIG-IP Controller to:

General Prerequisites

The F5 Container Integration for Mesos Marathon documentation set assumes that you:

  • already have a Mesos cluster running;
  • are familiar with the Marathon Web Interface ;
  • are comfortable using HTTP methods to make REST API calls;
  • already have a BIG-IP device licensed and provisioned for your requirements; and
  • are familiar with BIG-IP Local Traffic Manager (LTM) concepts and tmsh commands.


The BIG-IP Controller requires Administrator permissions in order to provide full functionality.

[1]Per the Marathon documentation, the Marathon Web Interface is no longer actively developed. Use the Marathon REST API to access the latest Marathon features.

BIG-IP High Availability and Multi-tenancy

If you want to manage a BIG-IP device pair or cluster with the BIG-IP Controller, you should run one Controller instance per BIG-IP device.

The basic deployment steps are:

  1. Set up RBAC.
  2. Deploy a JSON Application file for each marathon-bigip-ctlr instance.
    • Provide a unique name for each Controller instance.
    • Use a different BIG-IP IP address/hostname for each Controller instance.
    • Use the same BIG-IP partition for each Controller instance.

Download a sample Application file

Key Apache Mesos/Marathon Concepts

Application Labels

In Marathon, you can associate labels with Application tasks for tracking/reporting purposes. The custom “F5 Application Labels” notify the BIG-IP Controller that it has work to do. When the BIG-IP Controller discovers Applications with new or updated F5 Application Labels, it dynamically creates BIG-IP virtual servers, pools, pool members, and HTTP health monitors for each of the Application’s tasks.

See the marathon-bigip-ctlr reference documentation for the full list of F5 Application Labels.


You can download the code example used in the following sections and modify it to suit your environment.


iApps Application Labels

You can use the BIG-IP Controller to deploy BIG-IP iApps using a special set of customizable iApps Application Labels. The iApp you want to deploy must already exist on the BIG-IP device (can be in the /Common partition).

A few of the key iApp Application Labels depend on the iApp you want to deploy, as well as your environment and needs. See the marathon-bigip-ctlr reference documentation for more information about the Application labels required for iApp deployment.

Port Mapping

In Marathon, container-based applications using Docker BRIDGE mode must have port mappings configured. [2] For Applications proxied by the BIG-IP Controller, these port mappings make it possible for the BIG-IP device to route external traffic to service ports inside the Apache Mesos cluster. You can define multiple port mappings for a Marathon Application.

Most F5 Application Labels let you specify an index into the port mapping array, beginning at 0. These parameters include {n} in the label key; simply replace {n} with the port index to which you want the setting to apply.

For example:

The code sample below defines an Application with three (3) port indices.

Define an Application 3 port indices
  "id": "server-app4",
  "cpus": 0.1,
  "mem": 16.0,
  "instances": 2,
  "container": {
    "type": "DOCKER",
    "docker": {
      "image": "docker-user/node-web-app",
      "network": "BRIDGE",
      "forcePullImage": false,
      "portMappings": [
        { "containerPort": 8088,
          "hostPort": 0,
          "protocol": "tcp" },
        { "containerPort": 8188,
          "hostPort": 0,
          "protocol": "tcp" },
        { "containerPort": 8288,
          "hostPort": 0,
          "protocol": "tcp" }

In the labels section, we specify that we want to create HTTP virtual servers on the BIG-IP device for port indices 0 and 1. In this example, 0 refers to the first mapping defined above ("containerPort": "8088") and 1 refers to the second ("containerPort": "8188").

BIG-IP Controller labels defining BIG-IP objects for two port indices
  "labels": {
    "F5_PARTITION": "mesos",
    "F5_0_BIND_ADDR": "",
    "F5_0_MODE": "http",
    "F5_0_BALANCE": "least-connections-node",
    "F5_0_PORT": "8080",
    "F5_1_BIND_ADDR": "",
    "F5_1_MODE": "http",
    "F5_1_PORT": "8090"
[2]See the Docker Networking documentation for more information.

Marathon Health Checks

The BIG-IP Controller provides compatibilty with existing Marathon Health Checks. For ports configured with Marathon health checks, the BIG-IP Controller:

  • creates corresponding BIG-IP health monitors;
  • checks the specified port’s health status before adding it to a BIG-IP pool. [3]
Create health checks for each of the Application’s port indices
  "healthChecks": [
      "protocol": "HTTP",
      "portIndex": 0,
      "path": "/",
      "gracePeriodSeconds": 5,
      "intervalSeconds": 20,
      "maxConsecutiveFailures": 3
      "protocol": "HTTP",
      "portIndex": 1,
      "path": "/",
      "gracePeriodSeconds": 5,
      "intervalSeconds": 20,
      "maxConsecutiveFailures": 3
      "protocol": "HTTP",
      "portIndex": 2,
      "path": "/",
      "gracePeriodSeconds": 5,
      "intervalSeconds": 20,
      "maxConsecutiveFailures": 3
[3]Occurs when F5_CC_USE_HEALTHCHECK’s value is “True”.