Monday, August 15, 2022
HomeCloud ComputingUtilizing Infrastructure as Code to deploy F5 Utility Supply and Cisco ACI...

Utilizing Infrastructure as Code to deploy F5 Utility Supply and Cisco ACI Service Chaining


Each information middle is constructed to host purposes and supply the required infrastructure for the purposes to run, talk with one another, be accessed by their customers from anyplace, and scale on demand.

To realize this, your information middle community should be capable of present various kinds of connectivity to completely different purposes. This consists of east-west connectivity between software tiers, in addition to north-south connectivity between customers and purposes. Each depend on further software supply Layer 4 to Layer 7 companies like load balancers and internet software firewalls.

Cisco ACI and F5 BIG-IP Service Insertion

Cisco ACI’s highly effective L4-L7 companies redirection capabilities will mean you can insert companies and redirect visitors from the supply to the vacation spot anyplace in your cloth with no need to vary any of the present cabling. That is the place you may insert F5 BIG-IP load balancer, to offer software availability, entry management, and safety.

That is doable utilizing the Coverage Based mostly Redirection (PBR) capabilities of the Cisco ACI cloth by configuring a Service Graph in APIC.

However PBR coverage and Service Graphs entail a collection of guide configurations. This may be tedious, error inclined, and inefficient particularly if the identical configuration occurs fairly often. On high of that, the configuration of the BIG-IP service itself requires info from the Cisco ACI Service Graph.

Simplified Service Insertion with Cisco and F5

Because of this Cisco partnered with F5—a frontrunner within the software supply and internet software firewall house across the Cisco ACI and the F5 BIGIP options—to simplify the deployment of F5-powered L4-L7 companies utilizing the F5 ACI ServiceCenter App for APIC.

This integration simplifies administration of Digital sever configuration on F5 BIG-IP and Service Graph configuration on Cisco ACI by offering a easy user-friendly UI.

All for extra particulars of the F5 ACI ServiceCenter take a look on the following Video.

On this weblog, we are going to focus on an evolution of this integration for patrons taking a look at Infrastructure as Code because the means to routinely deploy each Cisco ACI community infrastructure configuration and BIG-IP L4-L7 companies for his or her purposes and searching for alternatives to begin progressing of their IaC journey.

Finish-to-Finish Service Insertion Automation with Infrastructure as Code

As a reminder, Infrastructure as Code is a journey you can embark at completely different levels relying in your current automation data and wishes. The objective of this journey is to translate guide duties into reusable, sturdy distributable code and apply software program growth strategies resembling model management (git), automated testing and CI/CD to realize these objectives.

Step one in an Infrastructure as Code journey is to begin by deciding on a language or a toolset to specific our intent for our Infrastructure as precise code. For this integration, we determined to hitch forces with HashiCorp, the chief in infrastructure automation and a shared companion of Cisco and F5 and selected HashiCorp Terraform because the Infrastructure provisioning device and utilizing HCL (HashiCorp Configuration Language) to outline service configuration as our code.

F5 and Cisco each have verified HashiCorp Terraform suppliers, making it simple to create the wanted configuration on either side utilizing HCL (HashiCorp Configuration Language) as our code.

To additional simplify automation of the quite a few configuration gadgets, Cisco and F5 have labored collectively on a set of Terraform modules which offer greatest practices defaults for many of the configuration gadgets and permit customers to override particular gadgets of the configuration.

By offering a single workflow, all of the dependencies are taken care of, and the utilization of the general answer is simplified. Modules additionally defines outputs that may be handed from one module to the subsequent and modules can depend upon one another to characterize the dependency relationship they’ve with one another.

As a part of this answer, a easy workflow with 3 Terraform modules has been created:


  • The Cisco ACI Service Graph Terraform module enable the consumer to create and deploy a whole service graph for Coverage-Based mostly Redirection (PBR) with the required bridge domains and different obligatory constructs as documented within the Cisco ACI Coverage-Based mostly Redirect Service Graph Design white paper
  • The F5 BIG IP VLAN Self IP Terraform module configures the interfaces of the BIG-IP (bodily or digital) dealing with the ACI cloth with the right VLANs, and Self-Ips configuration.
  • The F5 BIG IP AS3 HTTP Service Terraform module configures an HTTP Service utilizing F5 Utility Providers 3 extension (AS3) to offer a load balancing operate with a particular Digital server (VIP) and the really useful configuration when used at the side of Cisco ACI PBR.

Instantiation of the modules permits the consumer to cross the parameters obligatory and use default parameters for the remainder of the configuration hiding all their inside complexity to the consumer. The next is an instance of the instantiation of the completely different modules and their dependencies:

module "cisco-aci-service-graph" {
    supply = "./modules/service-graph-lb-pbr"
    tenant              = var.aci_tenant
    vmm_provider_dn     = var.aci_vmm_provider_dn
    vmm_domain_name     = var.aci_vmm_domain_name
    vmm_controller_name = var.aci_vmm_controller_name
    vm_name             = var.aci_bigip_vm_name
    vnic                = var.aci_bigip_vnic
    device_name         = var.aci_bigip_device_name
    device_mac_address  = var.aci_bigip_provider_mac
    device_ip_address   = var.selfip_int
    provider_bd_subnets         = var.aci_provider_bd_subnets
    consumer_bd_subnets         = var.aci_consumer_bd_subnets
    provider_service_bd_subnets = var.aci_provider_service_bd_subnets
    consumer_service_bd_subnets = var.aci_consumer_service_bd_subnets

module "bigip_vlan_selfip" {
    supply       = "./modules/vlan_selfip"
    vlan_int_tag = exchange(module. cisco-aci-service-graph.internal_vlan, "vlan-", "")
    vlan_ext_tag = exchange(module. cisco-aci-service-graph.external_vlan, "vlan-", "")
    selfip_int   = var.selfip_int
    selfip_ext   = var.selfip_ext

module "as3_http_app" {
    supply      = "./modules/as3http"
    server1     = var.server1
    server2     = var.server2
    vip_address = var.vip_address
    snat        = var.snat

You possibly can see that the “bigip_vlan_selfip” module makes use of the output of the cisco-aci-service-graph module to cross the VLAN routinely derived from the ACI VMM area integration. This removes the necessity to statically outline a VLAN and permit the reuse of this plan time and again. You may also see that the module definition makes use of plenty of variables making a reusable piece of code that may be instantiated a number of instances with completely different units of variables.

With this joint answer, deploying BIG-IP software companies on an ACI community infrastructure with a Terraform workflow and making use of Infrastructure as Code ideas, can enormously simplify, automate, optimizes, and speed up your entire software deployment lifecycle in flip enhancing time to worth.

To raised collaborate with different members of your group on provisioning this answer, HashiCorp Terraform Cloud can be utilized to offer distant state storage permitting your state file (which gives a system of document for what you might have provisioned) to be saved securely and remotely.

If you’d like extra particulars on this answer or see it in motion, register to hitch us with the hyperlink beneath or in case you are all in favour of these ideas however want some assist with studying the fundamentals, go to Cisco DevNet to get began with Infrastructure as Code and the Nexus Dashboard API.

Register to hitch us for our joint Webinar with F5 and HashiCorp:

Sept 23, 2021 @ 9am PT / 12 midday ET

Extra Sources

Cisco DevNet

Webinar: Cisco-F5-HashiCorp joint webinar

Resolution Overview: Simplify F5 BIG-IP and Cisco ACI Operations Utilizing HashiCorp Terraform




Most Popular

Recent Comments