OpenStack with Cisco Application Centric Infrastructure and
F5 BIG-IP
Introduction
As companies big and small make the transition to cloud computing, they are looking for the right solution for
creating scalable, flexible, cloud environments. The overall solution must have a favorable cost structure,
management capabilities, ease of use, and the required application services their users demand. But not all cloud
solutions are equal. Many customers have been turning to OpenStack to deploy these new cloud environments.
And because all cloud deployments must be properly supported from the foundation, choosing the correct
hardware is critical to helping ensure predictable performance, reliability, and long-term success. When today’s
clouds run business-critical applications, failure is not an option, so solutions from the market leaders, Cisco and
F5, are the obvious choice.
The Cisco and F5 Solution
Cisco® Application Centric Infrastructure (Cisco ACI™) is an innovative architecture that radically simplifies,
optimizes, and accelerates application deployments through the use of a centralized policy-based framework. The
leaf-and-spine architecture of the fabric and high-throughput links provides uniform latency and high performance
for the application. The unique design offers an integrated overlay and underlay solution that transparently spans
both the physical and virtual environments. Additionally, Cisco ACI was built for open APIs to allow integration
with both new and existing infrastructure components.
F5 brings the BIG-IP application delivery controllers (ADCs) to OpenStack. These field-hardened, highperformance, programmable ADCs are available in both physical and virtual form factors. They provide the
reliable and consistently predictable service and performance that applications require. BIG-IP capabilities start
with application high availability (server load balancing [SLB]) and extend to other application services, including
denial-of-service(DoS) protection, firewall, cryptography (SSL), and web application firewall (WAF) services,
depending on your deployment topology and management requirements. Multitenancy and security are also built
in to BIG-IP from the foundation.
By using both Cisco ACI and F5 BIG-IP for the infrastructure, a high-performance cloud can be constructed that
supports the needs of users and their applications. This solution provides a highly flexible and secure multitenant
cloud environment with predictable performance for both cloud service providers and enterprises building clouds
for internal demand and applications.
Use Cases
One use for the Cisco and F5 solution is to build a highly available web application at scale. For this use case, the
capability to quickly provision the application and the supported back-end infrastructure is essential. The solution
will involve computing, storage, and networking resources and load balancers. To interface with the physical
components, OpenStack defines a standard mechanism, called plug-ins. Cisco provides a modular Layer 2 (ML2)
driver for the Cisco Application Policy Infrastructure Controller (APIC) that can work in conjunction with the BIG-IP
load-balancer-as-a-service (LBaaS) OpenStack Neutron plug-in to provide automation across the Cisco ACI fabric
and BIG-IP. OpenStack modules such as the OpenStack Horizon dashboard can then use the appropriate APIs to
configure the functions required in the infrastructure.
© 2016 Cisco | F5. All rights reserved.
Page 1
Figure 1 shows the interactions among OpenStack, APIC, and the computing hosts. The Neutron server works
with the Cisco APIC ML2 driver to configure the networking attributes needed for communication between
endpoints. These attributes include the network type, IP address, subnet, and policy.
Figure 1:
OpenStack ML2 Drivers
Figure 2 shows the interactions among OpenStack, the F5 LBaaS agent, and the BIG-IP appliance. The
OpenStack servers use the LBaaS agent to convert the OpenStack API calls into standard F5 iControl API calls
that the physical BIG-IP or BIG-IP Virtual Edition appliances can interpret. With these two components available
from Cisco and F5, you can now build a highly available and reliable system based on Cisco ACI and F5 BIG-IP.
Figure 2:
F5 LBaaS Agent Control Flow
© 2016 Cisco | F5. All rights reserved.
Page 2
Through coordination of OpenStack components, the APIC ML2 driver, and the LBaaS agent, application traffic
and application services can be defined. For networking, OpenStack informs both the APIC ML2 plug-in and the
LBaaS agent of the network parameters to use. They can then provide the respective configurations needed to
help ensure that traffic flows properly. BIG-IP appliances thus are attached to the fabric as network endpoint
devices with OpenStack providing single-pane management.
Figure 3 shows a typical deployment architecture for a web-based application. Here, BIG-IP is within the service
provider network. In this case, the provider owns and operates BIG-IP but allows tenants to use it as a cloud
provider service. This access is provided through the LBaaS agent and LBaaS API. In the figure, the tenant
(Yellow) is depicted by the shaded box that includes the back-end webservers and the tenant network Net100.
The tenant uses BIG-IP for high availability through the OpenStack LBaaS agent APIs provided by the cloud
provider. Because all the interfaces are within the cloud provider, floating IP addresses are used to provide
connectivity between the private tenant network and the outside world. All necessary configurations are made
through the OpenStack APIs or the Horizon dashboard provided to the tenant. This same approach is
implemented for both the Cisco ACI fabric and BIG-IP through their respective Neutron plug-ins.
Figure 3:
Public-Facing Application Using Floating IP Addresses
Figure 4 shows another typical deployment architecture. In this case, BIG-IP is completely within a tenant
environment. In this environment, as in the previous example, the cloud provider owns and manages BIG-IP. Also
as in the previous example, the tenant uses OpenStack APIs or the Horizon dashboard to configure the system.
The difference here is that the interfaces of the BIG-IP appliance are contained within a tenant. This design would
be useful for an internal application or an internal private development system used in a DevOps environment.
Figure 4:
BIG-IP Within a Tenant
© 2016 Cisco | F5. All rights reserved.
Page 3
Conclusion
As customers build and deploy additional cloud environments for users, the need to quickly provision, deploy, and
scale highly available and secure environments becomes paramount. These environments will be used for a
variety use cases, including production web applications, rapid DevOps environments, and applications to meet
various internal corporate needs. By relying on time-tested and field-hardened vendors such as Cisco and F5,
business requirements can be met and risks mitigated. The application is the business, and keeping the business
running is a top priority.
For More Information
For more information about OpenStack solutions with Cisco and F5, refer to the following:

Cisco ACI white paper: http://www.cisco.com/c/en/us/solutions/collateral/data-centervirtualization/application-centric-infrastructure/white-paper-c11-732041.pdf

OpFlex architecture: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1x/openstack/b_ACI_with_OpenStack_OpFlex_Architectural_Overview.html

F5 Networks:
– F5 OpenStack GitHub repository: http://f5-openstack-lbaasv1.readthedocs.org/en/1.0/index.html
– F5 OpenStack user guide: http://f5-openstack-lbaasv1.readthedocs.org/en/1.0/f5-oslbaasv1readme.html
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered
trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to
this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective
owners. The use of the word partner does not imply a partnership relationship between Cisco and any other
company. (1110R)
F5 (NASDAQ: FFIV) provides solutions for an application world. F5 helps organizations seamlessly scale cloud,
data center, and software defined networking (SDN) deployments to successfully deliver applications to
anyone, anywhere, at any time. F5 solutions broaden the reach of IT through an open, extensible framework
and a rich partner ecosystem of leading technology and data center orchestration vendors. This approach lets
customers pursue the infrastructure model that best fits their needs over time. The world's largest businesses,
service providers, government entities, and consumer brands rely on F5 to stay ahead of cloud, security, and
mobility trends. For more information, go to f5.com.
C22-737119-00
© 2016 Cisco | F5. All rights reserved.
04/16
Page 4