L2-adjacent mode (f5_global_routed_mode = False
) is the default mode of operation for the F5 Agent for OpenStack Neutron (F5 agent).
The F5 agent does not automatically detect any network or BIG-IP configurations.
You must provide the appropriate L2/L3 network settings for your BIG-IP device(s) in the L2 segmentation mode and L3 segmentation mode sections of the F5 agent configuration file.
You should have VLANs and VxLAN or GRE tunnels configured as appropriate for your environment. If you’re using GRE or VxLAN tunnels, you must have a BIG-IP Better or Best license that supports SDN.
Warning
Many L3 segmentation mode parameters depend on other configuration parameters. Read the text in the F5 Agent Configuration File carefully before changing these settings to ensure they don’t conflict.
Edit the F5 Agent Configuration File
Use your text editor of choice to edit the F5 Agent Configuration File as appropriate for your environment.
vim /etc/neutron/services/f5/f5-openstack-agent.ini
f5_external_physical_mappings
¶Maps Neutron networks with type VLAN
to a specific BIG-IP interface.
It follows the format physical_network:interface_name:tagged
, where:
physical_network
is the external provider network (Neutron’s provider:physical_network
).interface_name
is the name of a BIG-IP interface or LAG trunk.tagged
is a boolean indicating whether or not the BIG-IP should enforce VLAN tagging.# standalone example:
f5_external_physical_mappings = default:1.1:True
#
# pair or scalen example:
f5_external_physical_mappings = default:1.3:True
Note
If using pair or scalen on a 3-NIC device, use interface 1.3. Interface 1.1 usually maps to an external VLAN and 1.2 to internal VLANs.
vlan_binding_driver
¶Binds tagged VLANs to specific BIG-IP ports. For example, if an LBaaS iControl endpoint uses tagged VLANs, and you add a VLAN tagged network to a specific BIG-IP device, the facing switch port needs to allow traffic for that VLAN tag through to the correct BIG-IP port.
Caution
This setting requires a custom software hook. If you choose to write one, keep the following in mind:
vlan_binding_driver
class must reference an iControl VLANBindingBase
subclass.# the path to your custom software hook
vlan_binding_driver = f5-openstack-agent.drivers.bigip.vlan_binding.MyBindingDriver
f5_vtep_
¶f5_vtep_folder
: The name of the BIG-IP partition in which the VTEP (VxLAN tunnel endpoint) resides; the default partition is /Common
.
f5_vtep_selfip_name
: The name of the VTEP self IP.
Can be a single entry or a comma-separated list (one per BIG-IP device); must be in cidr (h/m) format. The VTEP self IPs must already exist on the BIG-IP device(s).
# Device Tunneling (VTEP) selfips
#
f5_vtep_folder = Common
f5_vtep_selfip_name = my_vtep
#
Hint
If you’re not using GRE or VxLAN tunneling, you can comment these settings out or set both to None
.
advertised_tunnel_types
¶Tells the F5 agent what type of tunnel(s) connect the BIG-IP device(s) to controller/compute node(s) in OpenStack (GRE or VxLAN). This can be a single entry or comma-separated values. If you are not using tunnels, leave this setting blank.
Note
The F5 Agent for OpenStack Neutron creates profiles for all available tunnel types on the BIG-IP device(s) when you start it for the first time. See Neutron to BIG-IP command mapping for more information.
# Tunnel types
#
# If you are using only gre tunnels:
#
advertised_tunnel_types = gre
#
# If you are using only vxlan tunnels:
#
advertised_tunnel_types = vxlan
#
# If you are using both gre and vxlan tunnel networks:
#
advertised_tunnel_types = gre,vxlan
#
# If you are NOT using tunnel networks (vlans only):
#
advertised_tunnel_types =
#
f5_populate_static_arp
¶A boolean indicating whether or not you want to create static arp entries for pool member IP addresses on VxLAN or GRE tunnel networks.
The static ARP entry is in addition to the tunnel forwarding database (FDB) entry for the pool member. It helps avoid the need to learn the member’s MAC address via flooding.
# Static ARP population for members on tunnel networks
#
f5_populate_static_arp = True
#
l2_population
¶A boolean indicating whether or not the BIG-IP device should use the L2 population service to update FBD tunnel entries.
Important
If you’re running any other OpenStack tunnel agents, be sure to set all of them up the same way.
#
l2_population = True
#
use_namespaces
¶A boolean indicating whether or not the BIG-IP should use tenant routing tables to route traffic. Set this value to True to allow overlapping subnet IP addresses.
#
use_namespaces = True
#
max_namespaces_per_tenant
¶An integer indicating the maximum number of route domains allowed per tenant. This allows a tenant to have overlapping IP subnets.
#
max_namespaces_per_tenant = 1
#
f5_route_domain_strictness
¶A boolean indicating whether VIPS and members in different tenants can communicate with each other. Set this value to True to force the BIG-IP to prefer tenant routing tables over the global routing table and provide tenant isolation.
#
f5_route_domain_strictness = False
#
f5_snat_addresses_per_subnet
¶An integer indicating the number of self IP addresses the BIG-IP device should add to a SNAT pool for each subnet.
#
f5_snat_mode = True
#
f5_snat_addresses_per_subnet = 1
#
f5_common_external_networks
¶A boolean that controls how the BIG-IP device routes traffic on Neutron networks.
Set this value to True to use the global routing table for traffic on all Neutron networks with the external
router type.
#
f5_common_external_networks = True
#
common_network_ids
¶A ‘name-value’ pair mapping BIG-IP VLANs to Neutron networks; multiple values can be comma-separated. The first value is the Neutron network ID; the second is the BIG-IP network name.
For example, if the Internet VLAN on your BIG-IP device, /Common/external
, has the Neutron uuid 71718972-78e2-449e-bb56-ce47cc9d2680
, the entry would look like this:
# Common Networks
#
common_network_ids = 71718972-78e2-449e-bb56-ce47cc9d2680:external
#
You can separate multiple values with commas, as shown below.
#
common_network_ids = 71718972-78e2-449e-bb56-ce47cc9d2680:external,396e06a0-05c7-4a49-8e86-04bb83d14438:vlan1222
#
l3_binding_driver
¶A software hook that binds L3 addresses to specific ports, allowing communications between Nova guest instances.
Important
If you’re managing overcloud BIG-IP VE instances, uncomment this line in the F5 Agent Configuration File.
#
l3_binding_driver = f5_openstack_agent.lbaasv2.drivers.bigip.l3_binding.AllowedAddressPairs
#
f5_network_segment_physical_network
¶The name of the network segment where the BIG-IP device resides.
f5_network_segment_polling_interval
¶The number of seconds to wait between polling Neutron for a network_id
to segmentation_id
mapping (default=10).
f5_pending_services_timeout
¶The maximum number of seconds to wait for network discovery before a pending service errors out (default=60).
Tip
These Hierarchical Port Binding settings allow you to integrate and manage SDN services using F5 LBaaS. If you’re not using this feature, comment out all three settings, or set them to None, to avoid errors.
# Hierarchical Port Binding
#
f5_network_segment_physical_network = <switch_name>
#
# Periodically scan for disconected listeners (a.k.a virtual servers). The
# interval is number of seconds between attempts.
#
f5_network_segment_polling_interval = 10
#
f5_pending_services_timeout = 60
#
Typically, the F5 Agent for OpenStack Neutron manages one (1) or more BIG-IP devices deployed in the services tier of an external provider network. The BIG-IP devices may have direct lines of communication with nodes in the OpenStack cloud (VXLAN or GRE tunnels) or they may connect to the same VLAN subnet(s) as OpenStack nodes.
The F5 agent can also manage BIG-IP Virtual Edition (VE) instances deployed ‘over the cloud’ (or overcloud) using L2-adjacent mode. These VE instances would connect to individual OpenStack nodes via VLANs, as opposed to VXLAN or GRE tunnels. This type of deployment is commonly used as part of a software-defined networking (SDN) solution, such as with Cisco ACI.
Important
The F5 agent L2/L3 segmentation mode settings must match the configurations of your existing external network and BIG-IP device(s).
See the F5 Integration for OpenStack documentation for more information.