For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

F5 BIG-IP deployment with Red Hat OpenShift - keeping client IP addresses and egress flows

Introduction In this article it will be covered how to control the egress traffic in the Red Hat OpenShift cluster making use of the AdminPolicyBasedExternalRoute resource type introduced with Open...
Updated Jan 28, 2025
Version 2.0
application delivery
BIG-IP
cloud
devops
openshift
red hat
Red Hat OpenShift
Ulises_Alonso's avatar
Icon for Employee rankEmployee
Solutions architect in Business Development with focus in automation and integration with partner's technologies. Prior to this role I was consultant in Professional Services and escalations engineer in Technical Support. Outside F5, I worked in mobile and wired network operators as network engineer. I started my career in academic research. In all these years, no matter what I've been doing Linux has been always the best tool. Not the one in the picture :-)
View Profile
PaulVogt's avatar
PaulVogt
Icon for Altocumulus rankAltocumulus
Mar 15, 2025

This works nicely, but it requires an interface per gateway. If you want to use the AdminPolicyBasedExternalRoute option to achieve an egress ip address per namespace, you run quickly out of interfaces.

Ulises_Alonso's avatar
Ulises_Alonso
Icon for Employee rankEmployee
Jul 22, 2025

I´m checking the feasibility of using  AdminPolicyBasedExternalRoute with User Defined Networking (CUDN/UDN). If both OpenShift functionalities play together then we could have a single egress VIP which uses the source IP to assign the SNAT.

Would OpenShift CUDN/UDN play well in your scenario? https://www.youtube.com/watch?v=Xh6JvqSPM8c