How to onboard F5 BIG-IP VE in Cisco CSP 2100/5000 for NFV solutions deployment

Are you considering Network Functions Virtualization (NFV) solutions for your data center?

Are you wondering how your current F5 BIG-IP solutions can be translated into NFV environment?

What NFV platform can be used with F5 NFV solutions in your data center?

Good News!  F5 has certified its BIG-IP NFV solutions with Cisco Cloud Services Platform (CSP). Click here for a complete list of versions validated.

Cisco CSP is an open x86 Linux Kernel-based virtual machine (KVM) software and hardware platform is ideal for colocation and data center network functions virtualization (NFV).

F5 has a broad portfolio of VNFs available on BIG-IP which include Virtual Firewall (vFW), Virtual Application Delivery Controllers (vADC), Virtual Policy Manager (vPEM), Virtual DNS (vDNS) and other BIG-IP products.

F5 VNF + Cisco CSP 2100: together provides a joint solution that allow network administrators to quickly and easily deploy F5 VNFs through a simple, built-in, native web user interface (WebUI), command-line interface (CLI), or REST API.

BIG-IP VE Key Features in CSP

  • 10G throughput with SR-IOV
  • PCIE or SR-IOV passthrough
  • Intel X710 NIC - Quad 10G port supported
  • All BIG-IP modules can run in CSP 2100

Follow the steps below to onboard F5 BIG-IP VE in Cisco CSP with a Day0 file

Day0 file contents and creation

Sample user_data


 - path: /config/onboarding/
   permissions: 0755
   owner: root:root
   content: |

     # This script checks the prompt while the device is
     # booting up, waiting until it is ready to accept
     # the provisioning commands.

     echo `date` -- Waiting for F5 to be ready
     sleep 5
     while [[ ! -e '/var/prompt/ps1' ]]; do
       echo -n '.'
       sleep 5

     sleep 5

     STATUS=`cat /var/prompt/ps1`
     while [[ ${STATUS}x != 'NO LICENSE'x ]]; do
       echo -n '.'
       sleep 5
       STATUS=`cat /var/prompt/ps1`

     echo -n ' '

     while [[ ! -e '/var/prompt/cmiSyncStatus' ]]; do
       echo -n '.'
       sleep 5

     STATUS=`cat /var/prompt/cmiSyncStatus`
     while [[ ${STATUS}x != 'Standalone'x ]]; do
       echo -n '.'
       sleep 5
       STATUS=`cat /var/prompt/cmiSyncStatus`
     echo `date` -- F5 is ready...

 - path: /config/onboarding/
   permissions: 0755
   owner: root:root
   content: |

     # This script creates a file to collect the output
     # of the provisioning commands for debugging.

     if [ ! -e $FILE ]
       touch $FILE
       nohup $0 0<&- &>/dev/null &
     exec 1<&-
     exec 2<&-
     exec 1<>$FILE
     exec 2>&1

 - path: /config/onboarding/
   permissions: 0755
   owner: root:root
   content: |

     # This script sets up the logging, waits until the device
     # is ready to provision and then executes the commands
     # to set up networking, users and register with F5.

     . /config/onboarding/

     if [ -e /config/onboarding/ ]
         echo "/config/onboarding/ exists"
         echo "/config/onboarding/ is missing"
         echo "Failsafe sleep for 5 minutes..."
         sleep 5m

     echo "Configure access"
     tmsh modify sys global-settings hostname <<hostname>>
     tmsh modify auth user admin shell bash password <<admin_password>>
     tmsh modify sys db systemauth.disablerootlogin value true
     tmsh save /sys config

     echo "Disable mgmt-dhcp..."
     tmsh modify sys global-settings mgmt-dhcp disabled
     echo "Set Management IP..."
     tmsh create /sys management-ip <<mgmt_ip/mask>> Example:
     tmsh create /sys management-route default gateway <<gateway_ip>>
     echo "Save changes..."
     tmsh save /sys config partitions all
     echo "Set NTP..."
     tmsh modify sys ntp servers add { }
     tmsh modify sys ntp timezone America/Los_Angeles
     echo "Add DNS server..."
     tmsh modify sys dns name-servers add { <<ntp_ip>> }
     tmsh modify sys httpd ssl-port 8443
     tmsh modify net self-allow defaults add { tcp:8443 }
     if [[ \ "8443\ " != \ "443\ " ]]
         then tmsh modify net self-allow defaults delete { tcp:443 }
     tmsh mv cm device bigip1 <<hostname>>
     tmsh save /sys config

     echo "Register F5..."
     tmsh install /sys license registration-key <<license_key>>
     tmsh show sys license


runcmd: [nohup sh -c '/config/onboarding/' &]

Sample meta_data.json

{ "uuid": "1d9d6d3a-1d36-4db7-8d7c-63963d4d6f20", "hostname": "<<hostname>>" }


Assuming the content are in a directory named ‘example_files/iso_contents/openstack/2012-08-10’

Once the values above are entered into the user_data file, create the ISO file:

  • genisoimage -volid config-2 -rock -joliet -input-charset utf-8 -output f5.iso example_files/iso_contents/ or (depending on you OS)
  • mkisofs -R -V config-2 -o f5.iso example_files/iso_contents/

Process on CSP

  • Go to "Configuration" -> "Repository" -> "+"

  • Click on “Browse” and locate the F5 BIG-IP VE qcow image, then click "Upload"

  • Go back to “Configuration” -> “Repository and follow the same upload process for the Day0 iso file. At this point you should be to view both the qcow and Day0 iso image in the repository tab 

  • To create a F5 BIG-IP virtual function, go to "Configuration" -> "Services" -> "+"
  • A wizard will pop up

After deployment

F5 BIG-IP VE virtual function deployment in Cisco CSP 2100 is completed, you can monitor the BIG-IP VE boot up progress by clicking "Console

Since the BIG-IP is being booted with a Day0 file, NTP/DNS configurations are already present on the BIG-IP. The BIG-IP will be licensed and ready to be configured. The MGMT IP, default username/password was specified in the Day0 file. The Day0 file can be enhanced to add more networking and other configuration parameters if needed by specifying the appropriate tmsh commands.

Make sure the BIG-IP interface mapping to CSP 2100 VNIC is correct by verifying the MAC address assignment.  Consult with CSP 2100 guide in obtaining CSP 2100 VF VNIC MAC address info.  

To check BIG-IP MAC address, go to "Network" -> "Interfaces"

To check on the CSP, click on the service deployed, scroll to the bottom, expand the VNIC information tab

Configure VLAN consistent with the CSP 2100 VLAN tag configuration, make sure VLANs are untagged at the BIG-IP level

After BIG-IP VE connectivity is established in the network rest of the configurations, such as Self-IP, default gateway, virtual servers are consistent with any BIG-IP VE configuration.

To learn more about the F5 and Cisco partnership and joint solutions, visit

For more information about Cisco CSP visit

Click here for a complete list of BIG-IP and CSP versions validated.

Updated Jun 06, 2023
Version 2.0

Was this article helpful?


  • Boot disk i think in above CSP deployment is IDE but i have seena rticle where F5 or in general recommends to use virtio.


    Is there way to change IDE to virtio without any downtime , CSP in there new version has option for Virtio.


  • Thanks for the detailed explanation of on boarding F5 in to CSP 2100 platform. We have CSP 2100 platform and deployed f5 VE and planning to add customers. we want to provide WAF as a service to customers. What kind of f5 platform is recommended for adding up to 50 customers. Assuming the customer throughput varies from 25 mbps to 1 gbps.


    Do we need to deploy individual VE per customer .


    Please advice.


    Thanks Sriram


  • Watch for an update to this. Cisco has done new lab work and there is refreshed information. Contact the F5 Cisco BD team if needed at *CiscoBD <>