Here at F5’s Network Function Virtualisation (NFV) team we constantly think out of the box. Well, mostly, there are no boxes at all. I say mostly, as when looking at Software Defined Networking (SDN) switches and our programmable TMOS platform we thought it would be good to show how to combine these two technologies. Using iApp and iRule, we integrated a cluster of BIG-IP Virtual Editions with an SDN enabled switch.
BIG-IP TMOS Device Service Cluster (DSC) was introduced with the release of Version 11 in July 2011 as part of the ScaleN technology. BIG-IP DSC allows to aggregate BIG-IP Soft- and/or Hardware Devices into a cluster with a single management plane.
The Object Model of a Device Service Cluster is composed of Devices within a Trust Domain. Within this Trust Domain multiple Sync Groups or Failover Sync Groups can be defined. Inside the Failover Sync Group one can define Traffic Groups, in which Virtual Servers can live. However, a Virtual Address can be only claimed by one device at a time. That is right, one virtual address at a time.
While this is not too relevant for lots of medium capacity applications spread across a Device Service Cluster, would it not be great to have a Virtual Address spread across a set of BIG-IP Nodes?
Well, here is where the Software Defined Networking (SDN) devices comes into play. Imagine a deployment where there is a SDN Switch in front of a BIG-IP Device Service Cluster. Now imagine further that the BIG-IP DSC can control the SDN switch to split up the load towards a BIG-IP Virtual Address across a set of those DSC nodes. That would be great?
But what can an SDN Switch actually do? Let’s have a quick look at where SDN started. It was a Stanford research project, lead by Martin Casado. The original definition of Software Defined Networking was a networking device which had its specialised hardware data plane and x86 COTS control plane separated. The glue between those two entities, OpenFlow, allowed the programming of the Data plane with a match/action Domain Specific Language. An OpenFlow entry is a set of Matching Attributes like SrcIP Address combined with a set of Actions, like changing the destination Mac Address. Sounds like a great solution to scale Virtual Addresses across BIG-IP DSC nodes?
F5 actually developed an iApp Solution which integrates with current available SDN switches on the marked, and utilises this ability. The iApp needs only to know which nodes in the Device Service Cluster are passing traffic and which one is the Standby Device. Additionally, one needs to configure, for each customer traffic VLAN, the IP Address range, the VLAN ID as observed on the SDN switch and as well the Field which the SDN switch uses to divide the traffic upon, here IP Source – or IP Destination Address.
How did we integrate this? TMOS offers a programmable, customisable configuration layer called iApp. Using this iApp technology and the underlying clever architecture of the Device Service Cluster we were able to create an extension to TMOS which allows the configuration of the SDN switch data plane from within BIG-IP.
As an example here we are using an Arista Networks 7050SX-64 switch, running the Extensible Operation System (EOS). Using TMOS iApp and the EOS Software Development Kit (SDK) we are able to tightly integrate using JSON over HTTP as the communication layer.
See below the screenshot of the iApp running on BIG-IP, where one can configure the VLANs used by the BIG-IP Cluster. Provisioning the Subscriber Networks in the iApp allows the system to automatically subdivide then across the configured cluster nodes.
In the example above we have provisioned 3 nodes, however the solution scales horizontally, means we can add nodes to increase capacity. See below a 5 node example deployment of the SDN Scale iApp Solution, allowing the subscriber traffic from 10.42.0.0/16 automatically subdivided to the 4 active nodes, leaving the 5th node as standby device.
Using the TMOS programmable platform with iApp and iRule technology we have integrated with a Software Defined Networking (SDN) hardware switch, allowing the platform to scale a set of BIG-IP Virtual Edition.
The solution allows to add/remove nodes to scale, and takes full care of programming the SDN switch. Comparing this to a L3 ECMP solution, this not only reduces complexity, but also by not routing but switching the L2 source address is getting preserved, enabling the BIG-IP VE platforms to utilise autolasthop.
In the next article we discuss how iRule enabled also integration with OpenVSwitch, using TCL to implement OpenFlow 1.3.
Ready to play ? If you would like to have a look yourself at this Proof of Concept, you will be please to know that you can find the iApp Codeshare section.