Bug 1543413

What problem/issue/behavior are you having trouble with?  What do you expect to see?

We are running 2 Big-IP instances in HA mode. We are unable to integrate it to OpenShift using the native F5 integration, because some of the configuration that the OpenShift F5 router pod puts in Big-IP is not considering that it is running in HA. 

We have identified the following issues (but there might be more):

1) FDB entries are created which tells the BIG-IP how to reach OpenShift nodes.

FDB entries are, as far as I know, always local-only.  Fair enough / not a bug, if the controller pod is only supposed to control a single BIG-IP.

2) VXLAN tunnels are created with a shared traffic-group.

Since it is non-local, the VXLAN tunnel will be replicated to the peer BIG-IP.  But it will not have any FDB entries (see #1 above), so it will never have connectivity with any OpenShift nodes.

3) The Layer 3 Self-IP created on top of the VXLAN tunnel (Layer 2) is local-only.

The BIG-IP will never use a local-only address, as long as a floating address exists, for anything other than health checks.  So any client traffic forwarded to the pods will always originate in an IP address that is not the one assigned by "F5 Native Integration".  Return traffic from the pods will therefore never be able to reach the BIG-IP systems.

We would need the F5 router pod to configure objects in Big-IP properly in a HA environment and also have documentation on how to set it up.

What information can you provide around timeframes and the business impact?

This will stop us from integrating OpenShift to Big-IP configured in the recommended way (HA).