F5’s BIG-IP and IBM Cloud Private Integration

Craig Scarborough

The application landscape has witnessed a dramatic shift in the past year or so. While the majority of applications that reside in the data center today still focus on legacy, monolithic applications, as adoption of the cloud continues, microservice architectures are becoming the de facto standard for the next generation of cloud native workloads. And while the application architecture has changed, the need for layer 4–7 services for these workloads has not. Scalability, availability, and security are still paramount no matter how applications are deployed or where they reside. Toward this end, IBM and F5 have been working together to bring BIG-IP application layer services to IBM’s Cloud Private solution.

IBM Cloud Private (ICP) is an architecture built on open source frameworks like Kubernetes and Cloud Foundry that enables the enterprise to build cloud-native or refactor legacy applications in days instead of weeks or months. The Cloud Private platform focuses on two key principles: a focus on the enterprise and pre-installed application services. For the client, this ensures that applications developed on ICP adhere to the best practices of building microservices (see IBM Bluemix Garage) but additionally have a wealth of tools pre-installed, including middleware, databases, and enhanced support for CPU-intensive workloads like data analytics. Both an open source and an enterprise class of the product are available.

The F5 BIG-IP fits nicely with IBM Cloud Private’s focus, as the platform has been providing layer 4-7 services to enterprise customers since its inception. Customers rely on these services to provide acceleration, high availability and security to their applications living in the data center, as well as public and private cloud. And, because of F5’s BIG-IP Controller software, application developers that embrace microservices can now take advantage of these same set of services that their legacy applications have standardized on for years.

What Is It?

A new component, F5’s BIG-IP Controller, is a containerized application that resides in your container environment, in this case IBM Cloud Private. Outside of this environment is a BIG-IP, providing ingress routing and layer 4–7 services to a series of application pools made up of Kubernetes pods. The Controller continually updates the BIG-IP with the status of these pods. As they are created and destroyed, the BIG-IP is kept apprised and provides advanced application performance and security services for Ingress control.

In early 2018, the F5 BIG-IP as Ingress Controller, the F5 BIG-IP Controller, and IBM Cloud Private were tested together in both F5 and IBM labs to confirm compatibility, adding to F5’s arsenal of supported microservices frameworks.

How Does It Work?

As seen in the picture above, a pair of BIG-IP virtual editions are deployed as ingress routers for the two IBM Cloud Private clusters. IBM Cloud Private defaults to Calico networking, and in our example we have set up our BIG-IPs as Calico nodes and created an iBGP mesh between the two clusters (you can see more about setting up BIG-IP to work with Kubernetes and Calico here). Once this has been done, you can now deploy your backend services as you normally do, and then deploy the BIG-IP as an ingress router on ICP. The F5 BIG-IP Controller will automatically create the virtual IPs on the BIG-IP, for both HTTP and HTTPS traffic:

Creates pool members for the individual containers in the cluster:

As well as the application monitors, routing policies, etc.

As those containers scale upwards and downwards, the BIG-IP Controller will automatically add and remove pool members, providing high availability for those particular services.

High availability for north/south transport is a requirement for the microservices that on rely on them, but F5 can add additional value by providing layer 4–7 services, long trusted by enterprise customers for their mission-critical applications (like Web Application Firewall, Access Policy, SAML, OAuth, DDoS, IP Intelligence, etc.) by supporting L7 Routing and ConfigMap.

While the integration with IBM Cloud Private is a new one, look for the complete documentation for this integration, including examples of the YAML files and best practices, to be added to our F5 Container Solutions documentation located here: http://clouddocs.f5.com/containers/v2/

Stay tuned, as IBM and F5 plan to further our relationship between the two platforms throughout the coming year, and F5 is also at the IBM Think conference in Las Vegas this week!

About the Author

Craig Scarborough

More blogs by Craig Scarborough