Lab 1.2 - Configure VXLAN (OpenShift and Big-IP)

Important

This solution applies to BIG-IP devices v13.x and later only. To accomplish High Availability (HA) active-standby pair or device group with OpenShift the BIG-IP needs to create a floating vxlan tunnel address with is currently only available in BIG-IP 13.x and later.

Configure VXLAN on Openshift

HostSubnets must use valid YAML. You can upload the files individually using separate oc create commands.

Create one HostSubnet for each BIG-IP device. These will handle health monitor traffic.

Also create one HostSubnet to pass client traffic. You will create the floating IP address for the active device in this subnet as shown in the diagram above.

  1. Create new OpenShift HostSubnet’s for bigip.

    Attention

    We have created the YAML files to save time. The files are located at /home/centos/agilitydocs/openshift/advanced/ocp on ose-master1

    cd /home/centos/agilitydocs/openshift/advanced/ocp

    hs-bigip1.yaml

    {
    "apiVersion": "v1",
    "host": "openshift-f5-bigip1",
    "hostIP": "10.3.10.60",
    "kind": "HostSubnet",
    "metadata": {
        "name": "openshift-f5-bigip1"
    },
    "subnet": "10.131.0.0/23"
}

    hs-bigip2.yaml

    {
    "apiVersion": "v1",
    "host": "openshift-f5-bigip2",
    "hostIP": "10.3.10.61",
    "kind": "HostSubnet",
    "metadata": {
        "name": "openshift-f5-bigip2"
    },
    "subnet": "10.131.2.0/23"
}

    hs-bigip-float.yaml

    {
    "apiVersion": "v1",
    "host": "openshift-f5-bigip-float",
    "hostIP": "10.3.10.59",
    "kind": "HostSubnet",
    "metadata": {
        "name": "openshift-f5-bigip-float"
    },
    "subnet": "10.131.4.0/23"
}

    Create the HostSubnet files to the OpenShift API server. Run the following commands from the master

    oc create -f hs-bigip1.yaml
oc create -f hs-bigip2.yaml
oc create -f hs-bigip-float.yaml

  2. Verify creation of the HostSubnets:

    oc get hostsubnet
    ../../../_images/oc-get-hostsubnet.png

Configure VXLAN on BIG-IP

Important

The BIG-IP OpenShift Controller cannot manage objects in the /Common partition.

Its recommended to create all HA using the /Common partition

Tip

You can copy and paste the following commands to be run directly from the OpenShift master (ose-master1). To paste content into mRemoteNG; use your right mouse button.

  1. Create a new partition on your BIG-IP system

    ssh root@10.1.1.245 tmsh create auth partition ocp
ssh root@10.1.1.246 tmsh create auth partition ocp

  2. Creating ocp-profile

    ssh root@10.1.1.245 tmsh create net tunnels vxlan ocp-profile flooding-type multipoint
ssh root@10.1.1.246 tmsh create net tunnels vxlan ocp-profile flooding-type multipoint

  3. Creating floating IP for underlay network

    ssh root@10.1.1.245 tmsh create net self ose-float address 10.3.10.59/24 vlan external-ose traffic-group traffic-group-1 allow-service default
ssh root@10.1.1.245 tmsh run cm config-sync to-group device-group-ose

  4. Creating vxlan tunnel ocp-tunnel

    Note

    the delete commands are there to cleanup entries from the previous class.

    ssh root@10.1.1.245 tmsh delete net self ose-vxlan-selfip
ssh root@10.1.1.245 tmsh delete net fdb tunnel ose-tunnel all-records
ssh root@10.1.1.245 tmsh delete net tunnels tunnel ose-tunnel
ssh root@10.1.1.245 tmsh create net tunnels tunnel ocp-tunnel key 0 profile ocp-profile local-address 10.3.10.59 secondary-address 10.3.10.60 traffic-group traffic-group-1
ssh root@10.1.1.246 tmsh create net tunnels tunnel ocp-tunnel key 0 profile ocp-profile local-address 10.3.10.59 secondary-address 10.3.10.61 traffic-group traffic-group-1

  5. Creating overlay self-ip

    ssh root@10.1.1.245 tmsh create net self ocp-tunnel-selfip address 10.131.0.1/14 vlan ocp-tunnel allow-service all
ssh root@10.1.1.246 tmsh create net self ocp-tunnel-selfip address 10.131.2.1/14 vlan ocp-tunnel allow-service all

  6. Creating floating IP for overlay network

    ssh root@10.1.1.245 tmsh create net self ocp-tunnel-float address 10.131.4.1/14 vlan ocp-tunnel traffic-group traffic-group-1 allow-service all
ssh root@10.1.1.245 tmsh run cm config-sync to-group device-group-ose

  7. Saving configuration

    ssh root@10.1.1.245 tmsh save sys config
ssh root@10.1.1.246 tmsh save sys config

Before adding the BIG-IP controller to OpenShift validate the partition and tunnel configuration

  1. Validate that the OCP bigip partition was created

    ../../../_images/partition.png

  2. Validate bigip1 self IP configuration

    Note

    On the active device, there is floating IP address in the subnet assigned by the OpenShift SDN.

    ../../../_images/self-ip-bigip01-ha.png

  3. Validate bigip2 self IP configuration

    ../../../_images/self-ip-bigip02-ha.png

  4. Check the ocp-tunnel configuration (Network ‣ Tunnels ‣ Tunnel List).

    Note

    The local-address 10.3.10.59 and secondary-address are 10.3.10.60 for bigip1 and 10.3.10.61 for bigip2. The secondary-address will be used to send monitor traffic and the local address will be used by the active device to send client traffic.

    ../../../_images/bigip01-tunnel-ip.png