The F5 Agent for OpenStack Neutron L2 segmentation mode settings and L3 segmentation mode settings tell the F5 agent about BIG-IP devices’ L2 and L3 network configurations.
0
).
This precludes the use of overlapping subnets/IP addresses amongst tenants.Edit the F5 Agent Configuration File
Use your text editor of choice to edit the F5 Agent Configuration File as appropriate for your environment.
vim /etc/neutron/services/f5/f5-openstack-agent.ini
Set up the Device driver settings and HA mode.
Define the L2- and L3-segmentation settings for Global Routed Mode.
Setting | Description |
---|---|
global_routed_mode |
Boolean; set to True to make all VIPs and pool members globally routable |
use_namespaces |
Boolean; forced to False in global routed mode. |
f5_snat_mode |
Boolean; forced to True in global routed mode. Uses automap SNATs to allocate self IP addresses for LBaaS objects. |
f5_snat_addresses_per_subnet |
Integer; forced to 0 in global routed
mode; the BIG-IP device’s local
self IP is also the SNAT address. |
f5_common_external_networks |
Boolean; when True, the agent adds all
external Neutron networks to the global
routing table (the BIG-IP /Common
partition) and route domain 0 . |
###############################################################################
# L3 Segmentation Mode Settings
###############################################################################
#
# Global Routed Mode - No L2 or L3 Segmentation on BIG-IP
#
f5_global_routed_mode = True
#
use_namespaces = False
#
# SNAT Mode and SNAT Address Counts
#
f5_snat_mode = True
#
f5_snat_addresses_per_subnet = 0
#
f5_common_external_networks = True
#
In global routed mode (f5_global_routed_mode=TRUE
), the F5 Agent for OpenStack Neutron assumes the following:
All required L2 and L3 Network objects (including routes) must exist on your BIG-IP devices before you deploy the F5 agent in OpenStack.
Global routed mode is generally used for undercloud BIG-IP hardware deployments. The BIG-IP device resides at the services tier in the external provider network.
In global routed mode, the F5 agent automatically uses BIG-IP Local Traffic Manager (LTM) secure network address translation (SNAT) ‘automapping’. The BIG-IP Local Traffic Manager automatically creates a SNAT pool of existing self IP addresses.
For incoming traffic, Local Traffic Manager maps the origin IP address to an IP address from the SNAT pool. This ensures that the server response returns to the client through the BIG-IP system. For server-initiated traffic, Local Traffic Manager maps the server IP address to an IP address from the SNAT pool, effectively hiding the server’s actual IP address from clients.
Important
Because SNAT automap allocates existing self IP addresses into a SNAT pool, you should create enough self IPs to handle anticipated connection loads before deploying the F5 Agent for OpenStack Neutron in global routed mode. [1]
See the F5 Integration for OpenStack documentation for more information.
Footnotes
[1] | In an overcloud deployment, BIG-IP Virtual Edition (VE) may allocate IP addresses automatically. |