F5 Private Cloud Solution Package for Cisco Networking

Today's software-defined economy requires businesses to move faster than their competitors. Speed and agility are critical to keeping up with competitive demands for new applications, as well as maintaining existing infrastructure. Because an inability to scale and service networks can lead to escalating costs and increased time-to-service, many IT groups deploy private clouds to help them respond aggressively to business needs.

F5 and Cisco have partnered to provide a full-stack, end-to-end software-defined networking and policy-driven solution to accelerate the journey to the cloud. By integrating the F5® BIG-IP® platform, Cisco® Application Centric Infrastructure (Cisco ACI™), and F5 iWorkflow™, the two companies offer a market-leading solution that provides automation and orchestration up and down the stack—from layer 2 through layer 7.

Optimize applications with Cisco's networking architecture

Combining the advantages of the F5 and Cisco deployment models, organizations can deploy versatile, elastic network and application services—ultimately leading to quicker and more successful application rollouts. F5 and Cisco share a fabric-based approach that lets customers use their choice of physical, virtual, and cloud solutions to provide an environment that best suits their needs. This integrated solution enhances Cisco environments with comprehensive L2–7 policy controls to address application performance, scale, security, and orchestration.

The adoption of Cisco ACI with the Application Policy Infrastructure Controller (APIC) continues to gain traction in the market. Since the APIC 1.2 release in 2016, Cisco has streamlined how ADCs are connected to the fabric. The F5 Dynamic Device Package with F5 iWorkflow for Cisco APIC uses programmability and orchestration APIs, which enable customers to configure application policies and requirements for F5 appliances across L2–7 fabrics. This ensures that applications receive the services and resources they require throughout the network, while also enabling organizations to automate systems for further efficiency and cost savings.

Networking for cloud

With F5's industry-leading architecture, organizations can deploy multi-tenant solutions in their private cloud leveraging F5 virtual appliances, cloud-ready iSeries hardware platforms across L2–7 fabrics, and Cisco ACI multi-tenancy capabilities. With the ability to configure application policies throughout L2–7 for each tenant application, enterprises have granular control over how resources are deployed and prioritized to support software-defined networking. This frees IT teams from tying specific devices or resources to individual applications, while preserving the ability to isolate services if needed for compliance or other business requirements.

Accelerate application deployment with Cisco APIC and F5 iWorkflow

Some analysts believe that OPEX costs are doubling every eight years. This data is based on historical trends, and doesn't necessarily take into consideration the forthcoming explosions in applications and data resulting from technological shifts like the Internet of Things (IoT). Even so, it's no wonder that almost every study done on IT budgets pegs operating expenses—the "keep the lights on and apps running" kind of operating expenses—at upward of 70% of the total budget. Something, obviously, must change, and change radically. Cloud, DevOps and SDN all point organizations in the same direction: operationalization through automation, orchestration, and ultimately, integration via open, standards-based APIs and protocols.

That's the goal of Cisco's Application Centric Infrastructure (ACI) strategy, which seeks to address the challenges in scaling networks and services not only from a technology perspective, but from a people perspective. One reason that so much of IT budgets is spent on operations is that the configuration of the network is spread across tens and hundreds and sometimes thousands of network devices. From layer 2 to layer 7, organizations use a myriad of network and application services to deliver the applications upon which business relies.

Deploying an application can take days, weeks, or months, because of the coordination required across not just the devices themselves (whether they are virtual or physical makes no difference as configuration is agnostic with respect to form factor), but across what are increasingly siloed IT teams: operations, security, and networking.

To accelerate application deployment, it takes an ecosystem. Within that ecosystem, Cisco APIC and F5 iWorkflow are integrated members providing programmable networking infrastructure to communicate and coordinate application-specific policies. An F5 device package (similar to a plug-in) enables simplified integration with APIC—with virtually no disruption to existing service architectures. The F5 device package shown below consists of two pieces: the device model (an XML file) and a device script (written in Python). The device model describes, in an APIC-consumable format, what functions are available in the device script. The device package model is extensible, and can consume F5 iApps from iWorkflow for deploying services-based, template-driven configurations for L4–7 parameters configured via the APIC console.

Figure 1: F5 device package using open, standards-based API

While the magnitude of the tectonic shifts in technology today has never been more disruptive, organizations can't simply start over from scratch. This means implementing a hybrid model that can bridge the gap between the existing and the new. It's essential to insulate production applications from these seismic changes around the way organizations build and manage IT today. Private cloud and cloud interconnection services are excellent options to bridge the gap as part of a hybrid approach.

The F5 private cloud solution package for Cisco Networking is that bridge. It's the abstraction layer that provides the capabilities of delivering yesterday's applications while enabling tomorrow's architecture. By integrating with Cisco ACI or Cisco Nexus 9000 Series switches, F5 allows customers to operationalize the entire network and start migrating to the policy-based, application-driven network architectures necessary to succeed in a software-defined economy—without compromising on the security, performance, or availability of both existing and new applications.

F5 private cloud solution package for Cisco Networking

The F5 private cloud solution package for Cisco Networking includes deployment scenarios that have been validated, certified, and documented by Cisco and F5, such as the following:

  1. Cisco ACI Service Manager Mode (Managed)—Maintain L2–7 automation while providing operational flexibility with native management console experiences by integrating iWorkflow with APIC in Service Manager Mode.
  2. Cisco ACI Network Policy Mode (Unmanaged)—Gain flexibility for the networking administrator to only configure the provider and consumer VLANs through the APIC management console while allowing the application administrator to orchestrate the F5 L4–7 polices via Ansible playbooks.
  3. Cisco 9000 NX-OS (Standalone)—Allow for BIG-IP configuration of L4-7 polices in a Cisco Nexus standalone environment. The application administrator can also orchestrate the F5 L4–7 polices via Ansible playbooks.

Using these models, organizations can deploy a BIG-IP multi-tenant private cloud with Cisco using orchestration via APIC and Ansible playbooks. The private cloud package represents deployment models of the most common scenarios found in existing OpenStack integrations. The F5 solution validates these deployment models based on tests utilizing the Cisco ACI service insertion with a device package, unmanaged mode without a device package and Cisco Nexus 9000 standalone environments using Ansible playbooks for comprehensive L2–7 policy controls. This enables organizations to rapidly deploy the F5 private cloud solution for Cisco Networking, accelerating the migration of existing workloads to a private cloud utilizing BIG-IP i5800 ADC devices and deployment of a BIG-IP VE instance within an L2–7 fabric.

Implementing BIG-IP Local Traffic Manager

In these deployment models, BIG-IP users implement BIG-IP® Local Traffic Manager® (LTM) L4–L7 services through service insertion, unmanaged, and standalone architectures in a private cloud. The use case leverages standard F5 L4-7 load balancers, listeners, pools, members, monitors, and L7 policies and rules.

BIG-IP features tested include BIG-IP LTM standard virtual servers, client TLS decryption, server context re-encryption, HTTP profiles, multiple pools, cookie persistence, multiple F5 iRules® associations, and monitored pool members. Pool member state and virtual service statistics are collected through networking APIs.

Figure 2: F5 deployment model architecture

In Figure 2, the models deliver the agility to deploy a multi-tier architecture using both the BIG-IP multi-tenant iSeries and BIG-IP VE ADCs. The BIG-IP hardware devices in the diagram are cloud-ready i5800 ADCs, while the BIG-IP VE tenants are software ADCs, which utilize the F5 BIG-IQ® Centralized Management® license manager for manual licensing of the VEs and provisioning. The BIG-IP VE adds additional application-specific services for security. These additional polices can be enabled via Ansible playbooks.


The F5 private cloud package for Cisco Networking offers a validated and tested solution with attractive pricing, professional services consulting, and enterprise-class technical support. F5 and Cisco are committed to customer success and are continuously working together to expand features and functions portfolios.


  • Automate and accelerate infrastructure provisioning.
  • Simplify application deployment.
  • Tailor service levels for each application.
  • Easily update application policies throughout their lifecycle.
  • Preserve administrative boundaries while providing operational flexibility.