Are you considering Network Functions Virtualization (NFV) solutions for your data center?

Are you wondering how your current F5 BIG-IP solutions can be translated into NFV environment?

What NFV platform can be used with F5 NFV solutions in your data center?

Good News!  F5 has certified its BIG-IP NFV solutions with Cisco Cloud Services Platform (CSP) 2100.

Cisco CSP 2100 is an open x86 Linux Kernel-based virtual machine (KVM) software and hardware platform is ideal for colocation and data center network functions virtualization (NFV).

F5 has a broad portfolio of VNFs available on BIG-IP which include Virtual Firewall (vFW), Virtual Application Delivery Controllers (vADC), Virtual Policy Manager (vPEM), Virtual DNS (vDNS) and other BIG-IP products.

F5 VNF + Cisco CSP 2100: together provides a joint solution that allow network administrators to quickly and easily deploy F5 VNFs through a simple, built-in, native web user interface (WebUI), command-line interface (CLI), or REST API.


BIG-IP VE Key Features in CSP 2100

  • 10G throughput with SR-IOV
  • PCIE or SR-IOV passthrough
  • Intel X710 NIC - Quad 10G port supported
  • All BIG-IP modules can run in CSP 2100

Minimum Requirements:

  • BIG-IP release 12.1.2
  • CSP version 2.1.0.5

Follow the steps below to onboard F5 BIG-IP VE in Cisco CSP 2100 (Version 2.3.1.112) with a Day0 file

Day0 file contents and creation

Sample user_data

 
#cloud-config

write_files:
 - path: /config/onboarding/waitForF5Ready.sh
   permissions: 0755
   owner: root:root
   content: |
     #!/bin/bash

     # This script checks the prompt while the device is
     # booting up, waiting until it is ready to accept
     # the provisioning commands.

     echo `date` -- Waiting for F5 to be ready
     sleep 5
     while [[ ! -e '/var/prompt/ps1' ]]; do
       echo -n '.'
       sleep 5
     done

     sleep 5

     STATUS=`cat /var/prompt/ps1`
     while [[ ${STATUS}x != 'NO LICENSE'x ]]; do
       echo -n '.'
       sleep 5
       STATUS=`cat /var/prompt/ps1`
     done

     echo -n ' '

     while [[ ! -e '/var/prompt/cmiSyncStatus' ]]; do
       echo -n '.'
       sleep 5
     done

     STATUS=`cat /var/prompt/cmiSyncStatus`
     while [[ ${STATUS}x != 'Standalone'x ]]; do
       echo -n '.'
       sleep 5
       STATUS=`cat /var/prompt/cmiSyncStatus`
     done
     echo
     echo `date` -- F5 is ready...

 - path: /config/onboarding/setupLogging.sh
   permissions: 0755
   owner: root:root
   content: |
     #!/bin/bash

     # This script creates a file to collect the output
     # of the provisioning commands for debugging.

     FILE=/var/log/onboard.log
     if [ ! -e $FILE ]
     then
       touch $FILE
       nohup $0 0<&- &>/dev/null &
       exit
     fi
     exec 1<&-
     exec 2<&-
     exec 1<>$FILE
     exec 2>&1

 - path: /config/onboarding/onboard.sh
   permissions: 0755
   owner: root:root
   content: |
     #!/bin/bash

     # This script sets up the logging, waits until the device
     # is ready to provision and then executes the commands
     # to set up networking, users and register with F5.

     . /config/onboarding/setupLogging.sh

     if [ -e /config/onboarding/waitForF5Ready.sh ]
     then
         echo "/config/onboarding/waitForF5Ready.sh exists"
         /config/onboarding/waitForF5Ready.sh
     else
         echo "/config/onboarding/waitForF5Ready.sh is missing"
         echo "Failsafe sleep for 5 minutes..."
         sleep 5m
     fi

     echo "Configure access"
     tmsh modify sys global-settings hostname <<hostname>>
     tmsh modify auth user admin shell bash password <<admin_password>>
     tmsh modify sys db systemauth.disablerootlogin value true
     tmsh save /sys config

     echo "Disable mgmt-dhcp..."
     tmsh modify sys global-settings mgmt-dhcp disabled
     echo "Set Management IP..."
     tmsh create /sys management-ip <<mgmt_ip/mask>> Example: 10.192.74.46/24
     tmsh create /sys management-route default gateway <<gateway_ip>>
     echo "Save changes..."
     tmsh save /sys config partitions all
     echo "Set NTP..."
     tmsh modify sys ntp servers add { 0.pool.ntp.org 1.pool.ntp.org }
     tmsh modify sys ntp timezone America/Los_Angeles
     echo "Add DNS server..."
     tmsh modify sys dns name-servers add { <<ntp_ip>> }
     tmsh modify sys httpd ssl-port 8443
     tmsh modify net self-allow defaults add { tcp:8443 }
     if [[ \ "8443\ " != \ "443\ " ]]
         then tmsh modify net self-allow defaults delete { tcp:443 }
     fi
     tmsh mv cm device bigip1 <<hostname>>
     tmsh save /sys config

     echo "Register F5..."
     tmsh install /sys license registration-key <<license_key>>
     tmsh show sys license

     date

runcmd: [nohup sh -c '/config/onboarding/onboard.sh' &]

 

Sample meta_data.json

 { "uuid": "1d9d6d3a-1d36-4db7-8d7c-63963d4d6f20", "hostname": "<<hostname>>" }

 

Preparation:

Assuming the content are in a directory named ‘example_files/iso_contents/openstack/2012-08-10’

  • Have values filled for the following in the file 'example_files/iso_contents/openstack/2012-08-10/user_data', Remove the 'Example: xxxx' and '<< >>' in the files above and fill in the values for
    • hostname
    • admin_password
    • mgm-ip/mask
    • gateway_ip
    • ntp_ip
    • bigip_license_key

Once the values above are entered into the user_data file, create the ISO file:

  • genisoimage -volid config-2 -rock -joliet -input-charset utf-8 -output f5.iso example_files/iso_contents/ or (depending on you OS)
  • mkisofs -R -V config-2 -o f5.iso example_files/iso_contents/

Process on CSP

  • Download F5 BIG-IP VE (release 12.1.2 of later) qcow image from http://downloads.f5.com
  • Log into Cisco CSP 2100

  • Go to "Configuration" -> "Repository" -> "+"

  • Click on “Browse” and locate the F5 BIG-IP VE qcow image, then click "Upload"

  • Go back to “Configuration” -> “Repository and follow the same upload process for the Day0 iso file. At this point you should be to view both the qcow and Day0 iso image in the repository tab 

  • To create a F5 BIG-IP virtual function, go to "Configuration" -> "Services" -> "+"
  • A wizard will pop up
    • Enter the name of the F5 BIG-IP VE virtual function
    • Enter the Target host name from a drop-down list , name of the CSP 2100 where the BIG-IP VE will be hosted
    • Select the BIG-IP VE image, which should be available from the image list
    • Click on the ‘+’ sign next to Day Zero Config. A pop up will open
      • Choose the Source File Name from the drop-down list
      • Leave the Destination File Name as black
      • ​Click submit

  • No of Cores – 4
  • RAM (MB) - 4096
  • Scroll below and go to the VNIC section, Click the ‘+’ sign, a pop up will open
  • VNIC1 - BIG-IP management IP configuration
    • VLAN Type: Access
    • Network Name: 1G interface being used by CSP 2100 as management 

  • VNIC2 - BIG-IP data port #1
    • VLAN Type: Access
    • If VLAN is to be tagged, enter the VLAN ID number
    • Network Name: 10G interface being used by CSP 2100
  • VNIC3 - BIG-IP data port #2
    • VLAN Type: AccessIf VLAN is to be tagged, enter the VLAN ID number
    • Network Name: 10G interface of the CSP 2100VNIC4- BIG-IP High Availability port if needed
  • Use default values for rest of the fields, then click "Deploy" 

After deployment

F5 BIG-IP VE virtual function deployment in Cisco CSP 2100 is completed, you can monitor the BIG-IP VE boot up progress by clicking "Console

Since the BIG-IP is being booted with a Day0 file, NTP/DNS configurations are already present on the BIG-IP. The BIG-IP will be licensed and ready to be configured. The MGMT IP, default username/password was specified in the Day0 file. The Day0 file can be enhanced to add more networking and other configuration parameters if needed by specifying the appropriate tmsh commands.

Make sure the BIG-IP interface mapping to CSP 2100 VNIC is correct by verifying the MAC address assignment.  Consult with CSP 2100 guide in obtaining CSP 2100 VF VNIC MAC address info.  

To check BIG-IP MAC address, go to "Network" -> "Interfaces"

To check on the CSP, click on the service deployed, scroll to the bottom, expand the VNIC information tab

Configure VLAN consistent with the CSP 2100 VLAN tag configuration, make sure VLANs are untagged at the BIG-IP level

After BIG-IP VE connectivity is established in the network rest of the configurations, such as Self-IP, default gateway, virtual servers are consistent with any BIG-IP VE configuration.

To learn more about the F5 and Cisco partnership and joint solutions, visit https://f5.com/solutions/technology-alliances/cisco

For more information about Cisco CSP 2100, visit http://www.cisco.com/go/csp