How to onboard F5 BIG-IP VE in Cisco CSP 2100/5000 for NFV solutions deployment
Are you considering Network Functions Virtualization (NFV) solutions for your data center?
Are you wondering how your current F5 BIG-IP solutions can be translated into NFV environment?
What NFV platform can be used with F5 NFV solutions in your data center?
Good News! F5 has certified its BIG-IP NFV solutions with Cisco Cloud Services Platform (CSP). Click here for a complete list of versions validated.
Cisco CSP is an open x86 Linux Kernel-based virtual machine (KVM) software and hardware platform is ideal for colocation and data center network functions virtualization (NFV).
F5 has a broad portfolio of VNFs available on BIG-IP which include Virtual Firewall (vFW), Virtual Application Delivery Controllers (vADC), Virtual Policy Manager (vPEM), Virtual DNS (vDNS) and other BIG-IP products.
F5 VNF + Cisco CSP 2100: together provides a joint solution that allow network administrators to quickly and easily deploy F5 VNFs through a simple, built-in, native web user interface (WebUI), command-line interface (CLI), or REST API.
BIG-IP VE Key Features in CSP
- 10G throughput with SR-IOV
- PCIE or SR-IOV passthrough
- Intel X710 NIC - Quad 10G port supported
- All BIG-IP modules can run in CSP 2100
Follow the steps below to onboard F5 BIG-IP VE in Cisco CSP with a Day0 file
Day0 file contents and creation
Sample user_data
#cloud-config write_files: - path: /config/onboarding/waitForF5Ready.sh permissions: 0755 owner: root:root content: | #!/bin/bash # This script checks the prompt while the device is # booting up, waiting until it is ready to accept # the provisioning commands. echo `date` -- Waiting for F5 to be ready sleep 5 while [[ ! -e '/var/prompt/ps1' ]]; do echo -n '.' sleep 5 done sleep 5 STATUS=`cat /var/prompt/ps1` while [[ ${STATUS}x != 'NO LICENSE'x ]]; do echo -n '.' sleep 5 STATUS=`cat /var/prompt/ps1` done echo -n ' ' while [[ ! -e '/var/prompt/cmiSyncStatus' ]]; do echo -n '.' sleep 5 done STATUS=`cat /var/prompt/cmiSyncStatus` while [[ ${STATUS}x != 'Standalone'x ]]; do echo -n '.' sleep 5 STATUS=`cat /var/prompt/cmiSyncStatus` done echo echo `date` -- F5 is ready... - path: /config/onboarding/setupLogging.sh permissions: 0755 owner: root:root content: | #!/bin/bash # This script creates a file to collect the output # of the provisioning commands for debugging. FILE=/var/log/onboard.log if [ ! -e $FILE ] then touch $FILE nohup $0 0<&- &>/dev/null & exit fi exec 1<&- exec 2<&- exec 1<>$FILE exec 2>&1 - path: /config/onboarding/onboard.sh permissions: 0755 owner: root:root content: | #!/bin/bash # This script sets up the logging, waits until the device # is ready to provision and then executes the commands # to set up networking, users and register with F5. . /config/onboarding/setupLogging.sh if [ -e /config/onboarding/waitForF5Ready.sh ] then echo "/config/onboarding/waitForF5Ready.sh exists" /config/onboarding/waitForF5Ready.sh else echo "/config/onboarding/waitForF5Ready.sh is missing" echo "Failsafe sleep for 5 minutes..." sleep 5m fi echo "Configure access" tmsh modify sys global-settings hostname <<hostname>> tmsh modify auth user admin shell bash password <<admin_password>> tmsh modify sys db systemauth.disablerootlogin value true tmsh save /sys config echo "Disable mgmt-dhcp..." tmsh modify sys global-settings mgmt-dhcp disabled echo "Set Management IP..." tmsh create /sys management-ip <<mgmt_ip/mask>> Example: 10.192.74.46/24 tmsh create /sys management-route default gateway <<gateway_ip>> echo "Save changes..." tmsh save /sys config partitions all echo "Set NTP..." tmsh modify sys ntp servers add { 0.pool.ntp.org 1.pool.ntp.org } tmsh modify sys ntp timezone America/Los_Angeles echo "Add DNS server..." tmsh modify sys dns name-servers add { <<ntp_ip>> } tmsh modify sys httpd ssl-port 8443 tmsh modify net self-allow defaults add { tcp:8443 } if [[ \ "8443\ " != \ "443\ " ]] then tmsh modify net self-allow defaults delete { tcp:443 } fi tmsh mv cm device bigip1 <<hostname>> tmsh save /sys config echo "Register F5..." tmsh install /sys license registration-key <<license_key>> tmsh show sys license date runcmd: [nohup sh -c '/config/onboarding/onboard.sh' &]
Sample meta_data.json
{ "uuid": "1d9d6d3a-1d36-4db7-8d7c-63963d4d6f20", "hostname": "<<hostname>>" }
Preparation:
Assuming the content are in a directory named ‘example_files/iso_contents/openstack/2012-08-10’
Once the values above are entered into the user_data file, create the ISO file:
- genisoimage -volid config-2 -rock -joliet -input-charset utf-8 -output f5.iso example_files/iso_contents/ or (depending on you OS)
- mkisofs -R -V config-2 -o f5.iso example_files/iso_contents/
Process on CSP
- Download F5 BIG-IP VE (release 12.1.2 of later) qcow image from http://downloads.f5.com
- Log into Cisco CSP 2100
- Go to "Configuration" -> "Repository" -> "+"
- Click on “Browse” and locate the F5 BIG-IP VE qcow image, then click "Upload"
- Go back to “Configuration” -> “Repository and follow the same upload process for the Day0 iso file. At this point you should be to view both the qcow and Day0 iso image in the repository tab
- To create a F5 BIG-IP virtual function, go to "Configuration" -> "Services" -> "+"
- A wizard will pop up
After deployment
F5 BIG-IP VE virtual function deployment in Cisco CSP 2100 is completed, you can monitor the BIG-IP VE boot up progress by clicking "Console
Since the BIG-IP is being booted with a Day0 file, NTP/DNS configurations are already present on the BIG-IP. The BIG-IP will be licensed and ready to be configured. The MGMT IP, default username/password was specified in the Day0 file. The Day0 file can be enhanced to add more networking and other configuration parameters if needed by specifying the appropriate tmsh commands.
Make sure the BIG-IP interface mapping to CSP 2100 VNIC is correct by verifying the MAC address assignment. Consult with CSP 2100 guide in obtaining CSP 2100 VF VNIC MAC address info.
To check BIG-IP MAC address, go to "Network" -> "Interfaces"
To check on the CSP, click on the service deployed, scroll to the bottom, expand the VNIC information tab
Configure VLAN consistent with the CSP 2100 VLAN tag configuration, make sure VLANs are untagged at the BIG-IP level
After BIG-IP VE connectivity is established in the network rest of the configurations, such as Self-IP, default gateway, virtual servers are consistent with any BIG-IP VE configuration.
To learn more about the F5 and Cisco partnership and joint solutions, visit https://f5.com/solutions/technology-alliances/cisco
For more information about Cisco CSP visit http://www.cisco.com/go/csp
Click here for a complete list of BIG-IP and CSP versions validated.
Updated Jun 06, 2023
Version 2.0
SynACk_128568Cirrostratus
Boot disk i think in above CSP deployment is IDE but i have seena rticle where F5 or in general recommends to use virtio.
Is there way to change IDE to virtio without any downtime , CSP in there new version has option for Virtio.
Sriram_ShanmugaAltostratus
Thanks for the detailed explanation of on boarding F5 in to CSP 2100 platform. We have CSP 2100 platform and deployed f5 VE and planning to add customers. we want to provide WAF as a service to customers. What kind of f5 platform is recommended for adding up to 50 customers. Assuming the customer throughput varies from 25 mbps to 1 gbps.
Do we need to deploy individual VE per customer .
Please advice.
Thanks Sriram
Watch for an update to this. Cisco has done new lab work and there is refreshed information. Contact the F5 Cisco BD team if needed at *CiscoBD <CiscoBD@f5.com>
