F5 Solutions for Containers > Appendix > Appendix 4: Advanced OpenShift Topics > Module 1: Working with BIG-IP HA Pairs or Device Groups Source | Edit on
Lab 1.2 - Configure VXLAN (OpenShift and Big-IP)¶
Important
This solution applies to BIG-IP devices v13.x and later only. To accomplish High Availability (HA) active-standby pair or device group with OpenShift the BIG-IP needs to create a floating vxlan tunnel address with is currently only available in BIG-IP 13.x and later.
Configure VXLAN on Openshift¶
HostSubnets must use valid YAML. You can upload the files individually using separate oc create commands.
Create one HostSubnet for each BIG-IP device. These will handle health monitor traffic.
Also create one HostSubnet to pass client traffic. You will create the floating IP address for the active device in this subnet as shown in the diagram above.
Create new OpenShift HostSubnet’s for bigip.
Attention
We have created the YAML files to save time. The files are located at /home/centos/agilitydocs/openshift/advanced/ocp on ose-master1
cd /home/centos/agilitydocs/openshift/advanced/ocp
hs-bigip1.yaml
{ "apiVersion": "v1", "host": "openshift-f5-bigip1", "hostIP": "10.3.10.60", "kind": "HostSubnet", "metadata": { "name": "openshift-f5-bigip1" }, "subnet": "10.131.0.0/23" }
hs-bigip2.yaml
{ "apiVersion": "v1", "host": "openshift-f5-bigip2", "hostIP": "10.3.10.61", "kind": "HostSubnet", "metadata": { "name": "openshift-f5-bigip2" }, "subnet": "10.131.2.0/23" }
hs-bigip-float.yaml
{ "apiVersion": "v1", "host": "openshift-f5-bigip-float", "hostIP": "10.3.10.59", "kind": "HostSubnet", "metadata": { "name": "openshift-f5-bigip-float" }, "subnet": "10.131.4.0/23" }
Create the HostSubnet files to the OpenShift API server. Run the following commands from the master
oc create -f hs-bigip1.yaml oc create -f hs-bigip2.yaml oc create -f hs-bigip-float.yaml
Verify creation of the HostSubnets:
oc get hostsubnet
Configure VXLAN on BIG-IP¶
Important
The BIG-IP OpenShift Controller cannot manage objects in the /Common partition.
Its recommended to create all HA using the /Common partition
Tip
You can copy and paste the following commands to be run directly from the OpenShift master (ose-master1). To paste content into mRemoteNG; use your right mouse button.
Create a new partition on your BIG-IP system
ssh root@10.1.1.245 tmsh create auth partition ocp ssh root@10.1.1.246 tmsh create auth partition ocp
Creating ocp-profile
ssh root@10.1.1.245 tmsh create net tunnels vxlan ocp-profile flooding-type multipoint ssh root@10.1.1.246 tmsh create net tunnels vxlan ocp-profile flooding-type multipoint
Creating floating IP for underlay network
ssh root@10.1.1.245 tmsh create net self ose-float address 10.3.10.59/24 vlan external-ose traffic-group traffic-group-1 allow-service default ssh root@10.1.1.245 tmsh run cm config-sync to-group device-group-ose
Creating vxlan tunnel ocp-tunnel
Note
the delete commands are there to cleanup entries from the previous class.
ssh root@10.1.1.245 tmsh delete net self ose-vxlan-selfip ssh root@10.1.1.245 tmsh delete net fdb tunnel ose-tunnel all-records ssh root@10.1.1.245 tmsh delete net tunnels tunnel ose-tunnel ssh root@10.1.1.245 tmsh create net tunnels tunnel ocp-tunnel key 0 profile ocp-profile local-address 10.3.10.59 secondary-address 10.3.10.60 traffic-group traffic-group-1 ssh root@10.1.1.246 tmsh create net tunnels tunnel ocp-tunnel key 0 profile ocp-profile local-address 10.3.10.59 secondary-address 10.3.10.61 traffic-group traffic-group-1
Creating overlay self-ip
ssh root@10.1.1.245 tmsh create net self ocp-tunnel-selfip address 10.131.0.1/14 vlan ocp-tunnel allow-service all ssh root@10.1.1.246 tmsh create net self ocp-tunnel-selfip address 10.131.2.1/14 vlan ocp-tunnel allow-service all
Creating floating IP for overlay network
ssh root@10.1.1.245 tmsh create net self ocp-tunnel-float address 10.131.4.1/14 vlan ocp-tunnel traffic-group traffic-group-1 allow-service all ssh root@10.1.1.245 tmsh run cm config-sync to-group device-group-ose
Saving configuration
ssh root@10.1.1.245 tmsh save sys config ssh root@10.1.1.246 tmsh save sys config
Before adding the BIG-IP controller to OpenShift validate the partition and tunnel configuration
Validate that the OCP bigip partition was created
Validate bigip1 self IP configuration
Note
On the active device, there is floating IP address in the subnet assigned by the OpenShift SDN.
Validate bigip2 self IP configuration
Check the ocp-tunnel configuration (
).Note
The local-address 10.3.10.59 and secondary-address are 10.3.10.60 for bigip1 and 10.3.10.61 for bigip2. The secondary-address will be used to send monitor traffic and the local address will be used by the active device to send client traffic.