Application Centric Configuration of F5 BIG-IP in Cisco ACI Using BIG-IQ [End of Life]

The F5 and Cisco APIC integration based on the device package and iWorkflow is End Of Life.
The latest integration is based on the Cisco AppCenter named ‘F5 ACI ServiceCenter’.
Visit https://f5.com/cisco for updated information on the integration.

As part of the BIG-IQ 4.5.0 release, we are releasing an "Early Access" integration for Cisco APIC that allows users to build custom device packages to expose any functionality that can be expressed via an iApp using BIG-IQ. If you want to try it yourself, we recommend you join the BIG-IQ Early Access program for full details and support.

Background

Last fall, we released our 1.0 integration with the Cisco Application Policy Infrastructure (APIC), the cornerstone of the Cisco Application Centric Infrastructure (ACI). Our integration is provided through software called a "device package"--a plugin that runs on the APIC. It exposes a model that describes all the functionality we make available within APIC as well as code that talks to BIG-IPs to configure them appropriately. APIC "owns" the device, so the device package is capable of fully setting up BIG-IPs (it only assumes they have a license and management IP address), device clusters (currently limited to two BIG-IPs) and the application configuration provided by users. It provides two types of "applications" that can be configured: Virtual-Server and SharePoint. The Virtual-Server exposes a reasonable set of parameters you'd expect for a basic virtual server while the SharePoint configuration is built on top of our SharePoint iApp from DevCentral.

In December 2014, we released version 1.1.0 of the device package. It adds the ability to use vCMP and implements "dynamic endpoints", which will update the set of pool members as computers are added or removed from endpoint groups.

Here is an example of the set of parameters you can configure for the Virtual-Server. It's hard to show all the parameters at once due to the size of the APIC user interface. Each of the folders contains a set of parameters for the virtual server, and I've opened just one folder (Listener) to show you the address and port settings.

Providing More Functionality

Although our existing functionality is solid and useful, people want more. Users expect they can utilize their BIG-IPs to the fullest extent. They want use AFM, ASM, Web Acceleration, and any other feature that might be on a BIG-IP.

There are two ways we can provide more functionality. The first option is to directly expose more parameters to users. This could work and it provides perfect flexibility for all the functionality we provide on BIG-IP. It's also likely to be tremendously complex for users: we're essentially exposing everything in the BIG-IP UI through a new UI. We would also be fighting a perpetual game of catch-up, adding more features to the device package as they are added to BIG-IP.

Another option is to expose application-centric configuration using an F5 technology called iApps. iApps are a user-customizable templates for deploying application configurations. In this case, we are leveraging BIG-IQ to create a catalog of customized iApps, where the administrator can control which iApps are accessible to users. BIG-IQ allows the administrator to control which questions are exposed to users as well default answers for the questions. When the catalog of iApps has been created, the administrator can download a custom device package for APIC which exposes exactly those custom iApps to users within APIC. The use of customized iApps ensures both that users can correctly configure their applications and meet any internal requirements (e.g. the use of SSL). Here is an example of an iApp with just three parameters (VIP, pool members, and FQDN) for deploying an HTTP application.

Today, the use of BIG-IQ with Cisco APIC means that users have access to approximately 30 iApps that ship with BIG-IP as well as many more availble here on DevCentral. Users can also take advantage of any custom iApps they may have built.

We are releasing the ability to use iApps in Cisco APIC via BIG-IQ as "early access" as part of the upcoming BIG-IQ 4.5.0 release and we expect to release it for general availability by summer 2015. You can apply to the EA program for BIG-IQ here

Video Demo

This video shows you a walk-through of the BIG-IQ integration with APIC. You will see the creation of the catalog of customized iApps, the installation of the custom device package, and the use of iApps from within BIG-IQ.

 

Published Jan 27, 2015
Version 1.0

Was this article helpful?