AI Inference for VLLM models with F5 BIG-IP & Red Hat OpenShift
This article shows how to perform Intelligent Load Balancing for AI workloads using the new features of BIG-IP v21 and Red Hat OpenShift. Intelligent Load Balancing is done based on business logic rules without iRule programming and state metrics of the VLLM inference servers gathered from OpenShift´s Prometheus.
CONVERT C113 TO r 4000
Hello, I have a cluster of two 4000 units (HW Type C113) that I need to convert to r4000s. As the architecture has changed (F5OS-A and Tenant on the r4000) I am just trying to get a tenant up and running to start with. Our config is that we have a dedicated network for management connected to the MGMT port - and it is working fine. Our data network is running at 10GB and is connected to 5.0 using a SFP - the GUI shows it as UP. However, when I try to create a tenant and put it on that network, I cannot get to it at all. If I change the IPs in the tenant definition to one on the MGMT network then I can reach it. There is one port group - 8x10GB. I've created a VLAN that matches what the switch uses, and whether I set it as TAGGED or UNTAGGED I see nothing. I upgraded the unit (as they are new) to F5OS-A 1.8.,3, and have both BIGIP-151.10.8-0.0.30-ALL and BIGIP-17.5.1.3-0.0.19-ALL available for tenants. Thanks, Brian
Question about adding VEs to existing physical appliance device group without ASM licenses
We're in the process of migrating our old physical appliances to virtual appliances. I'm at the point of adding the new VEs to the existing device group. Our physical appliances have ASM licenses, but we don't have ASM licenses for the VEs yet. Management is still in discussion about on-prem licenses or distributed cloud services. When attempting to sync the new VEs, I get a sync error for 'ASM feature not licensed'. Do I need the ASM license to sync these together, or is there another method I can use? The new VEs aren't in the ASM device group. If I need the license, would a trial license work momentarily? If they decide to opt for the distributed cloud services, what are my next steps to getting these appliances synced?Delivering Secure Application Services Anywhere with Nutanix Flow and F5 Distributed Cloud
Introduction F5 Application Delivery and Security Platform (ADSP) is the premier solution for converging high-performance delivery and security for every app and API across any environment. It provides a unified platform offering granular visibility, streamlined operations, and AI-driven insights — deployable anywhere and in any form factor. The F5 ADSP Partner Ecosystem brings together a broad range of partners to deliver customer value across the entire lifecycle. This includes cohesive solutions, cloud synergies, and access to expert services that help customers maximize outcomes while simplifying operations. In this article, we’ll explore the upcoming integration between Nutanix Flow and F5 Distributed Cloud, showcasing how F5 and Nutanix collaborate to deliver secure, resilient application services across hybrid and multi-cloud environments. Integration Overview At the heart of this integration is the capability to deploy a F5 Distributed Cloud Customer Edge (CE) inside a Nutanix Flow VPC, establish BGP peering with the Nutanix Flow BGP Gateway, and inject CE-advertised BGP routes into the VPC routing table. This architecture provides us complete control over application delivery and security within the VPC. We can selectively advertise HTTP load balancers (LBs) or VIPs to designated VPCs, ensuring secure and efficient connectivity. Additionally, the integration securely simplifies network segmentation across hybrid and multi-cloud environments. By leveraging F5 Distributed Cloud to segment and extend the network to remote locations, combined with Nutanix Flow Security for microsegmentation within VPCs, we deliver comprehensive end-to-end network security. This approach enforces a consistent security posture while simplifying segmentation across environments. In this article, we’ll focus on application delivery and security, and explore segmentation in the next article. Demo Walkthrough Let’s walk through a demo to see how this integration works. The goal of this demo is to enable secure application delivery for nutanix5.f5-demo.com within the Nutanix Flow Virtual Private Cloud (VPC) named dev3. Our demo environment, dev3, is a Nutanix Flow VPC with a F5 Distributed Cloud Customer Edge (CE) named jy-nutanix-overlay-dev3 deployed inside: *Note: CE is named jy-nutanix-overlay-dev3 in the F5 Distributed Cloud Console and xc-ce-dev3 in the Nutanix Prism Central. eBGP peering is ESTABLISHED between the CE and the Nutanix Flow BGP Gateway: On the F5 Distributed Cloud Console, we created an HTTP Load Balancer named jy-nutanix-internal-5 serving the FQDN nutanix5.f5-demo.com. This load balancer distributes workloads across hybrid multicloud environments and is protected by a WAF policy named nutanix-demo: We advertised this HTTP Load Balancer with a Virtual IP (VIP) 10.10.111.175 to the CE jy-nutanix-overlay-dev3 deployed inside Nutanix Flow VPC dev3: The CE then advertised the VIP route to its peer via BGP – the Nutanix Flow BGP Gateway: The Nutanix Flow BGP Gateway received the VIP route and installed it in the VPC routing table: Finally, the VMs in dev3 can securely access nutanix5.f5-demo.com while continuing to use the VPC logical router as their default gateway: F5 Distributed Cloud Console observability provides deep visibility into applications and security events. For example, it offers comprehensive dashboards and metrics to monitor the performance and health of applications served through HTTP load balancers. These include detailed insights into traffic patterns, latency, HTTP error rates, and the status of backend services: Furthermore, the built-in AI assistant provides real-time visibility and actionable guidance on security incidents, improving situational awareness and supporting informed decision-making. This capability enables rapid threat detection and response, helping maintain a strong and resilient security posture: Conclusion The integration demonstrates how F5 Distributed Cloud and Nutanix Flow collaborate to deliver secure, resilient application services across hybrid and multi-cloud environments. Together, F5 and Nutanix enable organizations to scale with confidence, optimize application performance, and maintain robust security—empowering businesses to achieve greater agility and resilience across any environment. This integration is coming soon in CY2026. If you’re interested in early access, please contact your F5 representative. Related URLs Simplifying and Securing Network Segmentation with F5 Distributed Cloud and Nutanix Flow | DevCentral F5 Distributed Cloud - https://www.f5.com/products/distributed-cloud-services Nutanix Flow Virtual Networking - https://www.nutanix.com/products/flow/networking
BIG-IP i11000 – License compatibility with TMOS versions above 14.1.2 and Web GUI inaccessible
We are currently working on the recovery of an F5 BIG-IP i11000 appliance and would like guidance. The device boots normally and console access is available. However, the system remains in an INOPERATIVE state and the Web GUI is not accessible. MCP and related services do not fully initialize. A valid license file exists locally at /config/bigip.license. The license is bound to TMOS version 14.1.2. We understand that this license may only be valid for TMOS 14.1.2.x hotfix versions. The system currently has installation images for TMOS versions 15.x, 16.x, 17.x and later available. We would like clarification on the following points. Does a license bound to TMOS 14.1.2 support only version 14.1.2.x, or can it run versions above that? If the license is limited to 14.1.2.x, is reinstalling TMOS 14.1.2 on a new volume the correct recovery approach? Can an incompatible TMOS version cause the Web GUI to fail, MCP not to start correctly, and the system to remain in an INOPERATIVE state? Our goal is to restore full functionality while remaining compliant with the existing license, without performing an upgrade. Any guidance would be appreciated. Thank you. Lucas Felipe de Jesus MouraSimplifying and Securing Network Segmentation with F5 Distributed Cloud and Nutanix Flow
Introduction Enterprises often separate environments—such as development and production—to improve efficiency, reduce risk, and maintain compliance. A critical enabler of this separation is network segmentation, which isolates networks into smaller, secured segments—strengthening security, optimizing performance, and supporting regulatory standards. In this article, we explore the integration between Nutanix Flow and F5 Distributed Cloud, showcasing how F5 and Nutanix collaborate to simplify and secure network segmentation across diverse environments—on-premises, remote, and hybrid multicloud. Integration Overview At the heart of this integration is the capability to deploy a F5 Distributed Cloud Customer Edge (CE) inside a Nutanix Flow VPC, establish BGP peering with the Nutanix Flow BGP Gateway, and inject CE-advertised BGP routes into the VPC routing table. This architecture provides full control over application delivery and security within the VPC. It enables selective advertisement of HTTP load balancers (LBs) or VIPs to designated VPCs, ensuring secure and efficient connectivity. By leveraging F5 Distributed Cloud to segment and extend networks to remote location—whether on-premises or in the public cloud—combined with Nutanix Flow for microsegmentation within VPCs, enterprises achieve comprehensive end-to-end security. This approach enforces a consistent security posture while reducing complexity across diverse infrastructures. In our previous article (click here) , we explored application delivery and security. Here, we focus on network segmentation and how this integration simplifies connectivity across environments. Demo Walkthrough The demo consists of two parts: Extending a local network segment from a Nutanix Flow VPC to a remote site using F5 Distributed Cloud. Applying microsegmentation within the network segment using Nutanix Flow Security Next-Gen. San Jose (SJ) serves as our local site, and the demo environment dev3 is a Nutanix Flow VPC with an F5 Distributed Cloud Customer Edge (CE) deployed inside: *Note: The SJ CE is named jy-nutanix-overlay-dev3 in the F5 Distributed Cloud Console and xc-ce-dev3 in the Nutanix Prism Central. On the F5 Distributed Cloud Console, we created a network segment named jy-nutanix-sjc-nyc-segment and we assigned it specifically to the subnet 192.170.84.0/24: eBGP peering is ESTABLISHED between the CE and the Nutanix Flow BGP Gateway in this segment: At the remote site in NYC, a CE named jy-nutanix-nyc is deployed with a local subnet of 192.168.60.0/24: To extend jy-nutanix-sjc-nyc-segment from SJ to NYC, simply assign the segment jy-nutanix-sjc-nyc-segment to the NYC CE local subnet 192.168.60.0/24 in the F5 Distributed Cloud Console: Effortlessly and in no time, the segment jy-nutanix-sjc-nyc-segment is now extended across environments from SJ to NYC: Checking the CE routing table, we can see that the local routes originated from the CEs are being exchanged among them: At the local site SJ, the SJ CE jy-nutanix-overlay-dev3 advertises the remote route originating from the NYC CE jy-nutanix-nyc to the Nutanix Flow BGP Gateway via BGP, and installs the route in the dev3 routing table: SJ VMs can now reach NYC VMs and vice versa, while continuing to use their Nutanix Flow VPC logical router as the default gateway: To enforce granular security within the segment, Nutanix Flow Security Next-Gen provides microsegmentation. Together, F5 Distributed Cloud and Nutanix Flow Security Next-Gen deliver a cohesive solution: F5 Distributed cloud seamlessly extends network segments across environments, while Nutanix Flow Security Next-Gen ensures fine-grained security controls within those segments: Our demo extends a network segment between two data centers, but the same approach can also be applied between on-premises and public cloud environments—delivering flexibility across hybrid multicloud environments. Conclusion F5 Distributed Cloud simplifies network segmentation across hybrid and multi-cloud environments, making it both secure and effortless. By seamlessly extending network segments across any environment, F5 removes the complexity traditionally associated with connecting diverse infrastructures. Combined with Nutanix Flow Security Next-Gen for microsegmentation within each segment, this integration delivers end-to-end protection and consistent policy enforcement. Together, F5 and Nutanix help enterprises reduce operational overhead, maintain compliance, and strengthen security—while enabling agility and scalability across all environments. This integration is coming soon in CY2026. If you’re interested in early access, please contact your F5 representative. Related URLs Delivering Secure Application Services Anywhere with Nutanix Flow and F5 Distributed Cloud | DevCentral F5 Distributed Cloud - https://www.f5.com/products/distributed-cloud-services Nutanix Flow Network Security - https://www.nutanix.com/products/flow
F5 Distributed Cloud L7 DoS Attack Mitigation Roundup
Ensuring availability for applications that are Layer7 connected and delivered with F5 Distributed Cloud Regional Edges (RE), DoS attack mitigation provides service resiliency. Attacks are mitigated at the F5 regional edge and global backbone before reaching bandwidth limited network segments and vulnerable services downstream. New capabilities have been added to L7 DoS protection in Distributed Cloud: Requests per second thresholds Requests Per Second (RPS) threshold is now configurable for L7 DDoS Detection. L7 DDoS Protection and Mitigation will engage when the defined RPS threshold is exceeded, and origin health degradation is detected. Alternate mitigation with JS or CAPTCHA Challenge You can now configure JS or CAPTCHA challenges as an L7 DDoS mitigation action, which is applied to all users when a Layer 7 DDoS attack is detected, providing an additional layer of security against such threats. When combined, DoS attack mitigation (RPS) tuning can trigger events sooner, and the custom mitigation action enables flexible protection settings. Either immediately block connectivity to the service or prompt clients with challenge, making using DoS protection adaptable for apps and services that have differing volumes of traffic and types of users. Under an attack? Distributed Cloud also supports custom service policies that apply only when being attacked. This makes it possible to configure exception-tier services by allowing apps to continue to be available to select groups of users and customers, while broadly mitigating unidentified users and traffic. The following video provides an example showing how custom service policies in Distributed Cloud can be used to provide different tiers of service while under a DoS attack. L7 DoS Settings & Streamlined Observability In addition to DoS attack mitigation capabilities, enhancements to the Distributed Cloud load balancer security dashboards make it easy to spot detected DoS attacks, their origin, and see auto-mitigations that have occurred. The following video provides an overview of recent security dashboard enhancements focusing on L7 DoS mitigation. An Interactive Product Experience The following interactive product experience provides an L3/L4 Volumetric (Routed) DDoS overview as well as a separate L7 DoS walkthrough. This shows more details for configuring L7 DoS in Distributed Cloud as well as where to go to observe mitigations, attack events, and security alerts. https://f5.navattic.com/mra0ud8 Additional Resources Easily Protect Your Applications from DDoS with F5 Distributed Cloud DDoS Auto-Mitigation Video: F5 Distributed Cloud (F5 XC) DoS Protection – Basic features F5 Distributed Cloud L3-L7 DDoS Mitigation – Basic setup and configuration
