Cloud Docs Home > F5 OpenStack LBaaSv2 Index

F5 LBaaSv2 Quick Start Guide

Before You Begin

In order to use F5® LBaaSv2 services, you will need the following:

  • Operational OpenStack cloud (Mitaka release).
  • Licensed, operational BIG-IP® device or device cluster; can be deployed either as an OpenStack instance (BIG-IP VE) or external to the cloud (VE or hardware).

Important

You must have the appropriate license for the BIG-IP features you wish to use.

The use of GRE or VxLAN tunnels requires an active BIG-IP SDN Services License.

Tip

  • You must have both pip and git installed on your Neutron controller in order to use these commands.
  • It may be necessary to use sudo, depending on your environment.

Install the F5 Service Provider Package

Warning

If the F5 service provider package isn’t installed on your Neutron controller, F5 LBaaSv2 will not work.

Download the F5 LBaaSv2 service provider package and add it to the python path for neutron_lbaas.

  1. Download from GitHub.
$ curl -O -L https://github.com/F5Networks/neutron-lbaas/releases/download/v9.1.0/f5.tgz
  1. Install the service provider package on the Neutron controller.

    1. CentOS:
    $ sudo tar xvf f5.tgz -C /usr/lib/python2.7/site-packages/neutron_lbaas/drivers/
    
    1. Ubuntu:
    $ sudo tar xvf f5.tgz –C /usr/lib/python2.7/dist-packages/neutron_lbaas/drivers/
    

Install the F5 Agent

To install the f5-openstack-agent package for v 9.3.1.b1:

$ sudo pip install git+https://github.com/F5Networks/f5-openstack-agent@v9.3.1.b1

Tip

See the F5 Agent documentation for rpm and dpkg installation instructions.

Install the F5 LBaaSv2 Driver

Quick Start

Install the f5-openstack-lbaasv2-driver package for v 9.3.1.b1:

$ sudo pip install git+https://github.com/F5Networks/f5-openstack-lbaasv2-driver@v9.3.1.b1

Tip

You can install packages from HEAD on a specific branches by adding @<branch_name> to the end of the install command instead of the release tag.

Example:

$ sudo pip install git+https://github.com/F5Networks/f5-openstack-lbaasv2-driver@mitaka

Warning

You must install the f5-openstack-agent package, and its dependencies, before installing the f5-openstack-lbaasv2-driver via dpkg or rpm.

Debian Package

The f5-openstack-lbaasv2-driver package can be installed using dpkg.

  1. Download the package:
$ curl –L –O https://github.com/F5Networks/f5-openstack-lbaasv2-driver/releases/download/v9.3.1.b1/python-f5-openstack-lbaasv2-driver_9.3.1.b1-1_1404_all.deb
  1. Install the package on the Neutron controller:
$ sudo dpkg –i python-f5-openstack-lbaasv2-driver_9.3.1.b1-1_1404_all.deb

RPM Package

The f5-openstack-lbaasv2-driver package can be installed using rpm.

  1. Download the package:
$ curl –L –O https://github.com/F5Networks/f5-openstack-lbaasv2-driver/releases/download/v9.3.1.b1/f5-openstack-lbaasv2-driver-9.3.1.b1-1.el7.noarch.rpm
  1. Install the package on the Neutron controller:
$ sudo rpm –ivh f5-openstack-lbaasv2-driver-9.3.1.b1-1.el7.noarch.rpm

Tip

Release tags always use the format “vx.x.x”

Configure F5 LBaaSv2

Use your text editor of choice to edit the Agent Configuration File as appropriate for your environment.

Example:

$ sudo vi /etc/neutron/services/f5/f5-openstack-agent.ini

The table below contains a summary of the recommended F5 LBaaSv2 configuration settings.

Note

This table is not a comprehensive list of all available options. For additional information, and to view all available configuration options, please see Supported Features.

Setting Recommended Value
Description
f5_global_routed_mode FALSE
If you use VxLAN tenant networks with
dynamically configured subnets,
global routed mode must be set to
FALSE.
This setting is also referred to as
L2-adjacent mode.
When global routed mode is set to TRUE,
the F5 agent does not attempt to manage
any L2 or L3 network settings on the
BIG-IP dynamically. In this mode all
guest VMs are considered globally
routable and AutoMap SNAT is applied to
all virtual servers on the BIG-IP.
f5_vtep_folder Common
The BIG-IP partition/folder where the
preconfigured VTEP non-floating
SelfIP will be created.
f5_vtep_selfip_name vtep
The name of the preconfigured
non-floating SelfIP which will function
as the VTEP for the BIG-IP. This
address has to be able to route to the
underlay network VTEP addresses of the
compute and network nodes
(local_ips in the OpenStack OVS
configuration files).
advertised_tunnel_types vxlan
The agent will advertise the ability
to terminate these tunnel types through
the tunnel_sync oslo message
queues. This should match your agent’s
settings on the compute and network
nodes. The agent will register the
BIG-IPs as tunnel peers based on this
setting.
f5_populate_static_arp TRUE
When set to TRUE, the agent populates
the BIG-IP’s ARP table with the IP and
MAC information from the LBaaS service
definition. This reduces the amount of
flood learning required to discover
pool members for the BIG-IP.
l2_population TRUE
When set to TRUE, the agent registers
for ML2 L2 population messages, which
update the VTEP forwarding table when
pool members are migrated from one
compute node to another.
use_namespaces TRUE
Each tenant should be assigned one or
more route domains on the BIG-IP. This
allows dynamically configured IP
subnets to overlap without causing L3
forwarding issues in the BIG-IP.
f5_route_domain_strictness FALSE
While each tenant will be assigned its
own route domain(s), provider networks
with external routes should be
accessible through the proxy. This
requires route domain strictness to be
set to FALSE, thus allowing the global
routing table on the BIG-IP to be
referenced if no matching destination
routes for tenant traffic is discovered
within the tenant route domain.
f5_snat_mode TRUE
The agent should manage a SNAT
translation address pool on behalf of
the tenant. Proxy traffic heading
towards the pool members will use a
SNAT translation address from this
pool, as the BIG-IP will not be
assuming the subnet default gateway
address.
f5_common_external_networks TRUE
The agent places all provider
networks with the route:external
attribute set to true (i.e., an
infrastructure router) and all
associated IP objects in the global
routing table (creates infrastructure-
based, not tenant-based, routes).
cert_manager commented out/ None
Commenting out this line, or setting
it to None, disables SSL offload
support so the F5 agent does not
attempt to communicate with the
Barbican service.
If you have Barbican configured and
want to use SSL offloading, uncomment
this line and configure the
authentication settings as appropriate
for your environment.
  • auth_version
  • os_auth_url
  • os_username
  • os_password
  • os_user_domain_name
  • os_project_name
  • os_project_domain_name
commented out
If you are using Barbican, uncomment
these lines and provide the
appropriate information for your
environment.
icontrol_hostname
Comma separated
list of BIG-IP
hostnames/
IP addresses
This is how the agent knows what
BIG-IP(s) to manage.
icontrol_username
BIG-IP admin
username
Used to manage the BIG-IP(s). This
must be an account with Administrator
role as the agent will create global
objects in the BIG-IP configuration.
icontrol_password
BIG-IP admin
password
Used to manage the BIG-IP(s). This
must be an account with Administrator
role as the agent will create global
objects in the BIG-IP configuration.

For reference, we’ve provided here a set of ‘pre-configured’ agent config files. These examples can help guide you in setting up the F5 agent to work with your specific environment.

Configure Neutron for LBaaSv2

You will need to make a few configurations in your Neutron environment in order to use the F5® OpenStack LBaasv2 driver and agent.

First, you’ll need to set F5 Networks® as the Neutron LBaaSv2 service provider driver. Then, add the LBaaSv2 plugin to the list of service plugins in the Neutron configuration file.

Set ‘F5Networks’ as the LBaaSv2 Service Provider

Edit the service_providers section of /etc/neutron/neutron_lbaas.conf as shown below to set ‘F5Networks’ as the LBaaSv2 service provider.

$ vi /etc/neutron/neutron_lbaas.conf
...
[service_providers]
service_provider = LOADBALANCERV2:F5Networks:neutron_lbaas.drivers.f5.driver_v2.F5LBaaSV2Driver:default
...

Note

If there is an active entry for the F5® LBaaSv1 service provider driver, comment (#) it out.

Add the Neutron LBaaSv2 Service Plugin

Edit the [DEFAULT] section of the Neutron config file – /etc/neutron/neutron.conf.

  1. Add the lbaasv2 service plugin as shown below.

    $ vi /etc/neutron/neutron.conf
    ...
    [DEFAULT]
    service_plugins = [already defined plugins],neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2
    ...
    
  2. Remove the entry for the LBaaSv1 service plugin (lbaas).

Restart Neutron

Use the command appropriate for your OS to restart the neutron-server service.

$ sudo service neutron-server restart    \\ Ubuntu
$ sudo systemctl restart neutron-server  \\ CentOS

Important

The Neutron configurations required may differ depending on your OS. Please see our partners’ documentation for more information.

Start the F5 OpenStack Agent

Once you have configured the F5 agent as appropriate for your environment, use the command(s) appropriate for your OS to start the agent.

CentOS

$ sudo systemctl enable f5-openstack-agent
$ sudo systemctl start f5-openstack-agent

Ubuntu

$ sudo service f5-oslbaasv2-agent start

Next Steps