Cloud Docs Home > F5 Agent for OpenStack Neutron Index
Global Routed mode¶
The F5 Agent for OpenStack Neutron L2 segmentation mode settings and L3 segmentation mode settings tell the F5 agent about BIG-IP devices’ L2 and L3 network configurations.
Caveats¶
- In global routed mode, the F5 Agent for OpenStack Neutron assumes that all L3 virtual IP addresses are globally routable. This means that all virtual IPs listen on all VLANs accessible to the BIG-IP (in other words, there is no VLAN segmentation).
- Global routed mode uses the BIG-IP global route domain (
0). This precludes the use of overlapping subnets/IP addresses amongst tenants.
Configuration¶
Edit the F5 Agent Configuration File
Use your text editor of choice to edit the F5 Agent Configuration File as appropriate for your environment.
vim /etc/neutron/services/f5/f5-openstack-agent.ini
Set up the Device driver settings and HA mode.
Define the L2- and L3-segmentation settings for Global Routed Mode.
Global Routed Mode settings¶ Setting Description global_routed_modeBoolean; set to True to make all VIPs and pool members globally routable use_namespacesBoolean; forced to False in global routed mode. f5_snat_modeBoolean; forced to True in global routed mode.
Uses automap SNATs to allocate self IP addresses for LBaaS objects.
f5_snat_addresses_per_subnetInteger; forced to 0in global routed mode; the BIG-IP device’s local self IP is also the SNAT address.f5_common_external_networksBoolean; when True, the agent adds all external Neutron networks to the global routing table (the BIG-IP /Common partition) and route domain 0.############################################################################### # L3 Segmentation Mode Settings ############################################################################### # # Global Routed Mode - No L2 or L3 Segmentation on BIG-IP # f5_global_routed_mode = True # use_namespaces = False # # SNAT Mode and SNAT Address Counts # f5_snat_mode = True # f5_snat_addresses_per_subnet = 0 # f5_common_external_networks = True #
Learn more¶
In global routed mode (f5_global_routed_mode=TRUE), the F5 Agent for OpenStack Neutron assumes the following:
- All LBaaS objects are accessible via global L3 routes.
- All virtual IPs are routable from clients.
- All pool members are routable from BIG-IP devices.
All required L2 and L3 Network objects (including routes) must exist on your BIG-IP devices before you deploy the F5 agent in OpenStack.
Global routed mode
Use Case¶
Global routed mode is generally used for undercloud BIG-IP hardware deployments. The BIG-IP device resides at the services tier in the external provider network.
BIG-IP “undercloud” deployment
In global routed mode, the F5 agent automatically uses BIG-IP Local Traffic Manager (LTM) secure network address translation (SNAT) ‘automapping’. The BIG-IP Local Traffic Manager automatically creates a SNAT pool of existing self IP addresses.
For incoming traffic, Local Traffic Manager maps the origin IP address to an IP address from the SNAT pool. This ensures that the server response returns to the client through the BIG-IP system. For server-initiated traffic, Local Traffic Manager maps the server IP address to an IP address from the SNAT pool, effectively hiding the server’s actual IP address from clients.
Important
Because SNAT automap allocates existing self IP addresses into a SNAT pool, you should create enough self IPs to handle anticipated connection loads before deploying the F5 Agent for OpenStack Neutron in global routed mode. [1]
Next steps¶
- If this is your initial launch, start the F5 agent.
- If you have updated the configurations for a running F5 agent instance, restart the service:
- systemctl systemctl start f5-openstack-agent \ CentOS
- service f5-oslbaasv2-agent start \ Ubuntu
See the F5 Integration for OpenStack documentation for more information.
Footnotes
| [1] | In an overcloud deployment, BIG-IP Virtual Edition (VE) may allocate IP addresses automatically. |