Overview of F5 BIG-IP for OpenShift

From Genesys Documentation
Jump to: navigation, search

Learn about F5 BIG-IP, which is the recommended solution to integrate SBCs with the Genesys Multicloud CX private edition deployments on OpenShift.


When you use Red Hat OpenShift, a limitation in the Container Network Interface (CNI) prevents the pod's IPs from being exposed to external components, such as the Session Border Controller (SBC). The F5 BIG-IP provides a solution to overcome this limitation by acting as a SIP/RTP Application layer gateway. The solution is implemented by deploying an F5 BIG-IP between the external components and the OpenShift cluster. VXLAN/GENEVE tunnels are created from the F5 BIG-IP to the Red Hat OpenShift cluster. On the OpenShift cluster, host subnets are configured so that they are assigned to each of the F5 BIG-IPs.

In the inbound direction, you create a pair of virtual servers, one for SIP and one for RTP/Media. The IP assigned to the virtual server is in the host network that is accessible by external components (such as SBCs) using basic routing. The virtual server ensures load-balancing of the received traffic to the pod IPs that are reachable through the VXLAN/GENEVE tunnels. When the traffic leaves the F5 BIG-IP, network address translation is applied that translates the source IP to an IP that is part of the host subnet that was configured and assigned by the OpenShift cluster. The virtual server is configured with a message-routing SIP profile that helps perform the SIP-ALG function.

When using F5 BIG-IP with Red Hat OpenShift Kubernetes, a container component named Container Ingress Services (CIS) plugs the BIG-IP APIs with the Kubernetes APIs. The CIS component monitors the pods of namespaces that are configured and lets the F5 BIG-IP learn the reachability information as well as pod IP to MAC address translation of the pods through the VXLAN/GENEVE tunnels. When a user configuration is applied or when a status change occurs in the cluster, CIS automatically updates the configuration in the BIG-IP using the AS3 declarative API.

A single BIG-IP cluster can manage both VM and container workloads in the same cluster; separation between them can be set at an administrative level with partitions and at a network level with routing domains, if required.


Following are the prerequisites for setting up the F5 BIG-IP for OpenShift:

  • BIG-IP system
    • Version 16.1 or later with the SDN Services license
  • Virtual editions
    • Version 16.1 or later
  • OpenShift
    • Version 4.7 or later
  • Container Ingress Service
    • Version 2.5
  • AS3
    • Version 3.29
You can deploy the F5 BIG-IPs in many different ways depending on the environment: as independent appliances, scale-out chassis, or virtual-editions. Regardless of the deployment option you choose, the configuration specific to the SIP ALG functionality to support Genesys Multicloud CX private edition remains the same.

Reference setup example

Following is a configuration example based on a reference setup of two virtual edition F5s running in Azure (Azure ARO OpenShift 4.7 using OpenShiftSDN).

For the purpose of this documentation, F5 is assumed to use IP addresses as follows for reference:

  • External Subnet:
  • Internal Subnet: IP with Openshift diagram.pngReference setup example:
Internal Self-IP
Internal Floating-IP
External Self-IP
External Floating-IP
Comments or questions about this documentation? Contact us for support!