In order to use F5® LBaaSv2 services, you will need the following:
Important
You must have the appropriate license for the BIG-IP features you wish to use.
The use of GRE or VxLAN tunnels requires an active BIG-IP SDN Services License.
Tip
pip and git installed on your Neutron controller in order to use these commands.sudo, depending on your environment.Warning
If the F5 service provider package isn’t installed on your Neutron controller, F5 LBaaSv2 will not work.
Download the F5 LBaaSv2 service provider package and add it to the python path for neutron_lbaas.
$ curl -O -L https://github.com/F5Networks/neutron-lbaas/releases/download/v9.1.0/f5.tgz
Install the service provider package on the Neutron controller.
- CentOS:
$ sudo tar xvf f5.tgz -C /usr/lib/python2.7/site-packages/neutron_lbaas/drivers/
- Ubuntu:
$ sudo tar xvf f5.tgz –C /usr/lib/python2.7/dist-packages/neutron_lbaas/drivers/
To install the f5-openstack-agent package for v 9.3.1.b1:
$ sudo pip install git+https://github.com/F5Networks/f5-openstack-agent@v9.3.1.b1
Tip
See the F5 Agent documentation for rpm and dpkg installation instructions.
Install the f5-openstack-lbaasv2-driver package for v 9.3.1.b1:
$ sudo pip install git+https://github.com/F5Networks/f5-openstack-lbaasv2-driver@v9.3.1.b1
Tip
You can install packages from HEAD on a specific branches by adding @<branch_name> to the end of the install command instead of the release tag.
Example:
$ sudo pip install git+https://github.com/F5Networks/f5-openstack-lbaasv2-driver@mitaka
Warning
You must install the f5-openstack-agent package, and its dependencies, before installing the f5-openstack-lbaasv2-driver via dpkg or rpm.
The f5-openstack-lbaasv2-driver package can be installed using dpkg.
$ curl –L –O https://github.com/F5Networks/f5-openstack-lbaasv2-driver/releases/download/v9.3.1.b1/python-f5-openstack-lbaasv2-driver_9.3.1.b1-1_1404_all.deb
$ sudo dpkg –i python-f5-openstack-lbaasv2-driver_9.3.1.b1-1_1404_all.deb
The f5-openstack-lbaasv2-driver package can be installed using rpm.
$ curl –L –O https://github.com/F5Networks/f5-openstack-lbaasv2-driver/releases/download/v9.3.1.b1/f5-openstack-lbaasv2-driver-9.3.1.b1-1.el7.noarch.rpm
$ sudo rpm –ivh f5-openstack-lbaasv2-driver-9.3.1.b1-1.el7.noarch.rpm
Tip
Release tags always use the format “vx.x.x”
Use your text editor of choice to edit the Agent Configuration File as appropriate for your environment.
Example:
$ sudo vi /etc/neutron/services/f5/f5-openstack-agent.ini
The table below contains a summary of the recommended F5 LBaaSv2 configuration settings.
Note
This table is not a comprehensive list of all available options. For additional information, and to view all available configuration options, please see Supported Features.
| Setting | Recommended Value | Description
|
|---|---|---|
| f5_global_routed_mode | FALSE | If you use VxLAN tenant networks with
dynamically configured subnets,
global routed mode must be set to
FALSE.
This setting is also referred to as
L2-adjacent mode.
When global routed mode is set to TRUE,
the F5 agent does not attempt to manage
any L2 or L3 network settings on the
BIG-IP dynamically. In this mode all
guest VMs are considered globally
routable and AutoMap SNAT is applied to
all virtual servers on the BIG-IP.
|
| f5_vtep_folder | Common | The BIG-IP partition/folder where the
preconfigured VTEP non-floating
SelfIP will be created.
|
| f5_vtep_selfip_name | vtep | The name of the preconfigured
non-floating SelfIP which will function
as the VTEP for the BIG-IP. This
address has to be able to route to the
underlay network VTEP addresses of the
compute and network nodes
(
local_ips in the OpenStack OVSconfiguration files).
|
| advertised_tunnel_types | vxlan | The agent will advertise the ability
to terminate these tunnel types through
the
tunnel_sync oslo messagequeues. This should match your agent’s
settings on the compute and network
nodes. The agent will register the
BIG-IPs as tunnel peers based on this
setting.
|
| f5_populate_static_arp | TRUE | When set to TRUE, the agent populates
the BIG-IP’s ARP table with the IP and
MAC information from the LBaaS service
definition. This reduces the amount of
flood learning required to discover
pool members for the BIG-IP.
|
| l2_population | TRUE | When set to TRUE, the agent registers
for ML2 L2 population messages, which
update the VTEP forwarding table when
pool members are migrated from one
compute node to another.
|
| use_namespaces | TRUE | Each tenant should be assigned one or
more route domains on the BIG-IP. This
allows dynamically configured IP
subnets to overlap without causing L3
forwarding issues in the BIG-IP.
|
| f5_route_domain_strictness | FALSE | While each tenant will be assigned its
own route domain(s), provider networks
with external routes should be
accessible through the proxy. This
requires route domain strictness to be
set to FALSE, thus allowing the global
routing table on the BIG-IP to be
referenced if no matching destination
routes for tenant traffic is discovered
within the tenant route domain.
|
| f5_snat_mode | TRUE | The agent should manage a SNAT
translation address pool on behalf of
the tenant. Proxy traffic heading
towards the pool members will use a
SNAT translation address from this
pool, as the BIG-IP will not be
assuming the subnet default gateway
address.
|
| f5_common_external_networks | TRUE | The agent places all provider
networks with the
route:externalattribute set to true (i.e., an
infrastructure router) and all
associated IP objects in the global
routing table (creates infrastructure-
based, not tenant-based, routes).
|
| cert_manager | commented out/ None | Commenting out this line, or setting
it to None, disables SSL offload
support so the F5 agent does not
attempt to communicate with the
Barbican service.
If you have Barbican configured and
want to use SSL offloading, uncomment
this line and configure the
authentication settings as appropriate
for your environment.
|
|
commented out | If you are using Barbican, uncomment
these lines and provide the
appropriate information for your
environment.
|
| icontrol_hostname | Comma separated
list of BIG-IP
hostnames/
IP addresses
|
This is how the agent knows what
BIG-IP(s) to manage.
|
| icontrol_username | BIG-IP admin
username
|
Used to manage the BIG-IP(s). This
must be an account with Administrator
role as the agent will create global
objects in the BIG-IP configuration.
|
| icontrol_password | BIG-IP admin
password
|
Used to manage the BIG-IP(s). This
must be an account with Administrator
role as the agent will create global
objects in the BIG-IP configuration.
|
For reference, we’ve provided here a set of ‘pre-configured’ agent config files. These examples can help guide you in setting up the F5 agent to work with your specific environment.
f5-openstack-agent.grm.inif5-openstack-agent.gre.inif5-openstack-agent.vxlan.inif5-openstack-agent.vlan.iniYou will need to make a few configurations in your Neutron environment in order to use the F5® OpenStack LBaasv2 driver and agent.
First, you’ll need to set F5 Networks® as the Neutron LBaaSv2 service provider driver. Then, add the LBaaSv2 plugin to the list of service plugins in the Neutron configuration file.
Edit the service_providers section of /etc/neutron/neutron_lbaas.conf as shown below to set ‘F5Networks’ as the LBaaSv2 service provider.
$ vi /etc/neutron/neutron_lbaas.conf ... [service_providers] service_provider = LOADBALANCERV2:F5Networks:neutron_lbaas.drivers.f5.driver_v2.F5LBaaSV2Driver:default ...
Note
If there is an active entry for the F5® LBaaSv1 service provider driver, comment (#) it out.
Edit the [DEFAULT] section of the Neutron config file – /etc/neutron/neutron.conf.
Add the lbaasv2 service plugin as shown below.
$ vi /etc/neutron/neutron.conf ... [DEFAULT] service_plugins = [already defined plugins],neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2 ...
Remove the entry for the LBaaSv1 service plugin (lbaas).
Use the command appropriate for your OS to restart the neutron-server service.
$ sudo service neutron-server restart \\ Ubuntu $ sudo systemctl restart neutron-server \\ CentOS
Important
The Neutron configurations required may differ depending on your OS. Please see our partners’ documentation for more information.
Once you have configured the F5 agent as appropriate for your environment, use the command(s) appropriate for your OS to start the agent.
CentOS
$ sudo systemctl enable f5-openstack-agent
$ sudo systemctl start f5-openstack-agent
Ubuntu
$ sudo service f5-oslbaasv2-agent start