Cloud Docs Home > F5 OpenStack LBaaSv2 Index

Attention

The F5 OpenStack Integrations documentation is moving to clouddocs.f5.com. Thank you for your patience during construction.

Hierarchical Port Binding

Overview

Neutron hierarchical port binding [1] allows software-defined networking (SDN) users to dynamically configure VLANs and VLAN tags for a physical BIG-IP® device or device service cluster connected to a ‘top of rack’ L3 switch (a network ‘segment’). Telling the F5® agent what physical switch and port the BIG-IPs are connected to allows the agent to configure the BIG-IPs to process traffic for networks that are dynamically created in that segment.

Disconnected Services

Because it is possible for LBaaSv2 objects to be provisioned on a Neutron network which has not yet been bound to a segment, the F5 agent can provision LBaaSv2 services in a disconnected state. When the agent discovers the intended network(s), these ‘disconnected services’ will be connected to the VLAN(s) and BIG-IP(s) as intended. You can customize how often the F5 agent will poll, and the maximum amount of time it should wait, for the network to be created before the request fails. This is, essentially, a fail-safe built into the F5 agent that allows for a certain degree of variation in the timing of the VLAN deployment and the request to create the LBaaS objects for it.

Important

As of v9.3.1, the F5 LBaaSv2 driver no longer manages Neutron ports for LBaaS pool members.

For example, say you create a pool member using the command below:

neutron lbaas-member-create --subnet private-subnet --address 172.16.101.89 --protocol-port 80 pool1

If a Neutron port corresponding to the requested subnet and IP address exists, it will be allocated to the pool member. If no corresponding Neutron port exists, the following warnings print to the logs:

f5-openstack-agent.log -- “Member definition does not include Neutron port"
server.log -- “Lbaas member has no associated neutron port”

In addition, the F5 OpenStack Agent does not create a forwarding database (FBD) entry for the pool member if it doesn’t have a corresponding Neutron port.

If the requested subnet and IP address do not already have a corresponding Neutron port, you may need to create one manually. This depends on your deployment and use case.

Use Case

The most common use case for heirarchical port binding is an undercloud deployment of a physical BIG-IP device or device service cluster that processes traffic on networks dynamically created via SDN. When the F5 agent is configured with the name of a switch and the port(s) to which BIG-IP devices are connected, the LBaaSv2 driver discovers Neutron networks in that switch’s network segment. The driver provides the segmentation IDs of VLANs in the network segment to the F5 agent, which then dynamically creates the VLAN tags required to connect LBaaS services to the BIG-IPs.

F5 LBaaSv2 Hierarchical Port Binding

F5 LBaaSv2 Hierarchical Port Binding

Prerequisites

Caveats

  • In release v 9.3.1 of the F5 LBaaSv2 driver and agent, VLAN is the only supported ML2 network type when employing Hierarchical Port Binding.
  • Each F5 agent managing a BIG-IP device service cluster must have the same f5_network_segment_physical_network setting. [2]
  • If multiple F5 agents are managing the same environment, all of the agents must use the same binding settings (in other words, either the default global segmentation bindings or hierarchical port binding). [3]

Configuration

  1. Edit the Agent Configuration File:
$ sudo vi /etc/neutron/services/f5/f5-openstack-agent.ini
  1. Configure the heirarchical port binding settings (found in the L2 Segmentation Mode section of the agent config file).
Hierarchical Port Binding settings
Setting Description Default Value
f5_network_segment_physical_network
The name of the network segment in which
the agent will manage BIG-IP(s).
None
f5_network_segment_polling_interval
Seconds between polling Neutron for a
network_id to segmentation_id
mapping.
10
f5_network_segment_gross_timeout
Maximum seconds to wait for a network to
be bound before the LBaaS request fails.
300

Important

If you are running in ‘traditional mode’, the f5_network_segment_physical_network setting must be commented out. To use disconnected mode, the setting must be uncommented and configured with a valid network name.

Example

# Hierarchical Port Binding
#
# If hierarchical networking is not required, these settings must be commented
# out or set to None.
#
# Restrict discovery of network segmentation ID to a specific physical network
# name.
#
f5_network_segment_physical_network = edgeswitch002ports0305
#
# Periodically scan for disconected listeners (a.k.a virtual servers).  The
# interval is number of seconds between attempts.
#
f5_network_segment_polling_interval = 10
#
# Maximum amount of time in seconds for wait for a network to become connected.
#
f5_network_segment_gross_timeout = 300
  1. Configure the related L2 Segmentation Mode and/or L3 Segmentation Mode settings as appropriate for your environment.