Deliver Complete Application Services in OpenStack

Organizations are increasingly turning to OpenStack, an open-source cloud-computing platform, to build and manage large cloud deployments. OpenStack-based clouds, which feature a flexible services architecture, plug-in support of third-party solutions, and a rich support community, can increase agility and improve operational efficiency. The challenge has been that features such as carrier-class application delivery services have not been readily available.

Now, organizations can use leading solutions from F5, including F5® BIG-IP® Application Delivery Controllers (ADCs), in OpenStack, relying on F5 OpenStack plug-ins, Heat templates, and RESTful APIs to achieve consistent application availability, performance, and security.


Neutron, the networking component for OpenStack, automates the management of L2/L3 switching as well as associated L4/L7 network services such as firewall, load balancing, and VPN. Neutron is still relatively immature and may not meet all the requirements to successfully deploy mission-critical workloads. The Neutron Load Balancing as a Service (LBaaS) API provides a basic feature set that, while adequate for simple load balancing and proxy use cases, lacks many of the features and support required in enterprise-class data center and service provider environments. Full, end-to-end orchestration and automation of the needed application delivery networking and security services are also critical to improve application time-to-market and operational efficiency.


Enterprises and service providers can now use OpenStack native Heat orchestration templates to automatically deploy and manage F5's full suite of application networking and security services in OpenStack environments on purpose-built, high performance hardware and virtual BIG-IP devices. For organizations desiring core F5 load balancing services, F5 provides Neutron LBaaS plug-ins. By taking advantage of these F5 integrations and templates, customers can extend the F5 TMOS® architecture into OpenStack clouds and network functions virtualization (NFV) infrastructure. The F5 solution dynamically inserts critical and consistent L4/L7 services, helping ensure application availability, performance, and security while improving operational efficiency.

Scale and orchestrate application services with ease

Orchestrating your infrastructure and app delivery networking services is critical to improving agility and time to market for new and existing workloads. OpenStack has a native orchestration service called Heat. It works with templates based on a declarative model that directly represents the infrastructure resources and the relationships between them. Heat is extendable to non-OpenStack resources and integrates with software configuration management tools such as Puppet, Chef, Ansible, and Salt. Heat enables you to treat your infrastructure as code.

With F5 Heat templates, you have access to all F5 application delivery and security services, with full deployment and configuration flexibility.

Figure 1: The F5 Heat plug-in for OpenStack

Available as a download via GitHub, F5 Heat templates provide the ability to:

  • Automate onboarding of BIG-IP virtual editions (VEs).
  • Deploy F5 BIG-IP devices or virtual editions in standalone, HA active/standby, or full cluster mode.
  • Instantiate advanced app networking and security services (via F5 iApps® templates) on the device or cluster.

F5 provides a LBaaS plug-in for provisioning and managing F5 load balancing services onF5 VIPRION® hardware or BIG-IP VE platforms through OpenStack Horizon. (Purpose-built BIG-IP ADC hardware provides multi-tenant capabilities, connection rate SLAs, and security policy enforcement.)

Available as a download via GitHub, this LBaaS plug-in supports:

  • Single- and multi-tenant deployments.
  • Orchestration integration via the F5 iControl® REST API.
  • Integrated Neutron network services.
  • Full virtual device onboarding.
  • Single-arm or dual-arm topologies.
  • SDN gateway functionality with Open vSwitch GRE and VXLAN.

Key features

  • Comprehensive set of RESTful APIs—Manage and provision BIG-IP devices in cloud development, management, and orchestration systems such as OpenStack
  • Programmatic automation and control of app services — Deploy Heat templates and LBaaS via Horizon
  • Certified integrations with leading OpenStack distributions, including Mirantis and RedHat
  • Tenant isolation through support for VXLAN and GRE tunnels, BIG-IP virtual Clustered Multiprocessing™ (vCMP) instances, route domains, and administrative partitions

Key benefits

  • Leverage your F5 investment in OpenStack environments, using current F5 solutions and skills in next-generation cloud and networking environments.
  • Orchestrate and automate end-to-end deployment and configuration of app services with Heat orchestration templates.
  • Bring consistency to app services across all data center, cloud, and virtual environments, including OpenStack, VMware, Cisco, SDN, AWS and Azure.

Key use cases

  • Extend BIG-IP application networking and security services into an OpenStack cloud.
  • Support service provider NFV infrastructure and virtual network function (VNF) deployments.
  • Use F5 LBaaS as a network services proxy between tenant GRE or VXLAN overlay networks.