Blueprint inputs reference guide

Use the following input descriptions to assist you when completing the BIG-IQ or Gi LAN, Gi Firewall and VNFM Base inputs YAML files. You require an inputs YAML file for each solution blueprint. See the VNFM public GitHub repository. The following table lists the supported inputs file for each release of VNF Manager:

Parameter VNFM Version Required Blueprint VIM Description
big_iq_pool_license 1.2.1 Yes BIG-IQ and Gi-LAN/F All The base registration key code provided by F5 Networks after Purchase. Used to create RegKey Pool on the F5 BIG-IP system. You received this key in email from F5 Networks after purchase.
big_iq_primary_host_license 1.2.1 Yes BIG-IQ and Gi-LAN/F All Base registration key used to license the primary BIG-IQ system of an HA-pair. You received this key in email from F5 Networks after purchase.
big_iq_secondary_host_license 1.2.1 Yes BIG-IQ All Base registration key used to license the secondary BIG-IQ system of an HA-pair. You received this key in email from F5 Networks after purchase.
big_iq_passphrase 1.2.1 Yes BIG-IQ All The passphrase value that BIG-IQ uses to generate a Master Key (minimum of 16-characters, 1 or more capital letters 1 or more lowercase letters, 1 or more numbers, and 1 or more special characters).
big_iq_pool_name 1.2.1 Yes BIG-IQ All The license pool name to use for the VNFM.
default_sg_name 1.2.1 No BIG-IQ OpenStack The name of the pre-existing default security group. This is created by OpenStack with every instance.
key_name 1.2.1 Yes BIG-IQ OpenStack The name of the local, private SSH key used for connecting to BIG-IQ.
sw_ref_bigiq 1.2.1 Yes BIG-IQ All The dictionary that defines the BIG-IQ image name, flavor name, availability zone (OpenStack only), and revision value to use for the BIG-IQ HA pair instance. The revision number is used during the upgrade process. Instances with revision values lower than the number of the upgrade image provided, is considered as using an old version of the software.
floating_network_id 1.x No BIG-IQ and Gi-LAN/F OpenStack The OpenStack ID or name of the external network where you assigned a floating IP addresses (for example, external_net). IMPORTANT: This value is optional for VNFM version 1.3 and later and the default value is empty. This input is required for VNFM versions 1.0-1.2.1.
mgmt_net 1.x Yes All All The name of the pre-existing management OpenStack network or VMware port group, connecting the BIG-IQ licensing utility, VNFM, and related blueprints that orchestrate BIG-IP VE service layers.
mgmt_net_sw_dist 1.2.1 Yes BIG-IQ vSphere The vSphere setting (true/false) of the switch distributed flag for the management network.
mgmt_sg_name 1.x No All OpenStack The name of the pre-existing management security group.
mgmt_subnet 1.x Yes All OpenStack The name of the pre-existing management network subnet.
ntp_server 1.x Yes All All The IP address or DNS name of the NTP server. If not specified, the default 132.163.96.1 value is used.
timezone 1.1.x No All All Enter the local timezone for the location of your application server; for example, Pacific/Pago_Pago. Default value is UTC. For acceptable values, consult the TZ database name in this list.
default_gateway 1.x Yes Base and Gi-LAN/F All The next hop IP address for outbound traffic egressing the VNF.
ric_purchasing_model 1.1.x Yes Gi-LAN/F All The purchasing model for licensing (options include: subscription or perpetual).
ric_vnfm_serial 1.1.x Yes Gi-LAN/F All The VNFM license key provided in your email from F5 (used for support purposes only).
ric_throughput (deprecated) 1.0 - 1.1.1 Yes Gi-LAN/F OpenStack DEPRECATED in version 1.2: Desired throughput for the VNF layer, in Gbps (options include: 5, 10, 50 Gbps).
auto_last_hop 1.x Yes Gi-LAN/F All Controls how the DAG receives return traffic from the internet. Enable this input, if you are using an F5 device to NAT outbound connections; otherwise, disable.
bgp_dag_pgw_peer_ip 1.x No Gi-LAN/F All If your environment uses Border Gateway Protocol (BGP) on the client-side, then enter the neighbor address of the PGW to which the DAG BIG-IPs will advertise their default routes.
bgp_vnf_pgw_peer_ip 1.x No Gi-LAN/F All If using BGP on the client-side, then enter the neighbor address of the PGW, enabling the VNF to send traffic directly back to the client without passing it back through the DAG.
bgp_pgw_peer_as 1.x No Gi-LAN/F All If using BGP on the client-side, then enter the autonomous system number (ASN) for the BGP neighbor.
bgp_dag_egw_peer_ip 1.x No Gi-LAN/F All If using BGP on the external-side, then enter the BGP neighbor address.
bgp_egw_peer_as 1.x No Gi-LAN/F All If using BGP on the external-side, then enter the BGP ASN.
external_net 1.x No Base All The name of the pre-existing external network that connects to your users.
external_sg_name 1.x No Base All The name of the pre-existing external security group.
external_subnet 1.x No Base All The subnet name for the pre-existing external network.
internal_net 1.x No Base All The name of the pre-existing internal network that connects to your servers.
internal_sg_name 1.x No Base All The name of the pre-existing internal security group.
internal_subnet 1.x No Base All The subnet name for the pre-existing internal network.
sw_ref_ltm 1.x No Base All The dictionary that defines the image/template name, flavor/configuration name, availability zone (OpenStack only), and revision number to use for the BIG-IP VE instances. The revision number is used during the upgrade process. Instances with revision values lower than the number of the upgrade image provided, is considered as using an old version of the software.
default_ltm_number 1.x No Base All The default number of BIG-IPs that will get deployed by this blueprint. Verify that the same number of license keys defined in the registration key pool matches this input value.
mgmt_subnet_cidr 1.2 No Base vSphere The network ID and subnet mask for the applicable network; for example, 10.6.149.0/24.
internal_subnet_cidr 1.2 No Base vSphere The network ID and subnet mask for the applicable network; for example, 10.6.149.0/24.
internal_net_sw_dist 1.2 No Base vSphere The vSphere switch distributed flag for internal network. Set to true if your system uses a distributed switch on this network or false if not.
external_net_sw_dist 1.2 No Base vSphere The vSphere switch distributed flag for external network. Set to true if your system uses a distributed switch on this network or false if not.
ctrl_net 1.x Yes Gi-LAN/F All The name of the control network, where F5 NFV solutions connect to processes such as, your policy and control rules function engine, subscriber service-charging functions, signaling, and other similar processes.
ctrl_subnet 1.x Yes Gi-LAN/F All The name of the control network subnet.
ctrl_ip_range 1.2 Yes Gi-LAN/F vSphere The IP range defined for the control network; for example, 10.30.0.2-10.30.0.100.
ctrl_net_sw_dist 1.2 Yes Gi-LAN/F vSphere The vSphere switch distributed flag for Control network. Set to true if your system uses a distributed switch on this network or false if not.
ctrl_subnet_cidr 1.2 Yes Gi-LAN/F vSphere The network ID and subnet mask for the applicable network; for example, 10.6.149.0/24.
ha_net 1.x Yes Gi-LAN/F All The name of the high availability network (for config. sync and network failover purposes).
ha_subnet 1.x Yes Gi-LAN/F All Name of the high availability network subnet.
ha_ip_range 1.2 Yes Gi-LAN/F vSphere The IP range defined for the high availability network; for example, 10.40.0.2-10.40.0.100.
ha_net_sw_dist 1.2 Yes Gi-LAN/F vSphere The vSphere switch distributed flag for HA network. Set to true if your system uses a distributed switch on this network or false if not.
ha_subnet_cidr 1.2 Yes Gi-LAN/F vSphere The network ID and subnet mask for the applicable network; for example, 10.6.149.0/24.
centos_image_id (deprecated) 1.0-1.1 Yes Gi-LAN/F OpenStack DEPRECATED in version 1.1.1: The OpenStack ID of the CentOS image to use when creating the monitoring nodes.
nagios_flavor_id (deprecated) 1.0-1.1 Yes Gi-LAN/F OpenStack DEPRECATED in version 1.1.1: The OpenStack ID of the flavor to use when creating the monitoring nodes.
mgmt_default_gw 1.2 Yes Base and Gi-LAN/F vSphere IP address of the default gateway for Management network
manager_mgmt_host 1.x Yes Base and Gi-LAN/F All The internal IP address of the VNF Manager instance.
manager_rest_password 1.x Yes Base and Gi-LAN/F All Password for the VNF Manager. Default value is admin.
manager_rest_username 1.x Yes Base and Gi-LAN/F All The user name of the VNF Manager project/tenant. Default value is admin.
mgmt_ip_range 1.2 Yes Base and Gi-LAN/F vSphere The range of host IP addresses you will use to assign to BIG-IP VEs; for example, 10.50.50.2-10.50.50.100, enabling you to assign 98 addresses. You can also create multiple, smaller IP address groups with that larger range; for example, 10.50.50.2-10.50.50.20, 10.50.50.21-10.50.50.30, and so forth.
mgmt_dns 1.2 Yes Base and Gi-LAN/F vSphere DNS server address used for management network.
bigip_ssh_key 1.2 Yes Base and Gi-LAN/F vSphere The name of the SSH key that you will import into the BIG-IP VE instances.
bigip_os_ssh_key (deprecated) 1.0-1.1.1 Yes Base and Gi-LAN/F OpenSack DEPRECATED in version 1.2: The name of the OpenStack SSH key that you will import into the BIG-IP VE instances.
big_iq_host 1.x Yes Base and Gi-LAN/F All The IP address of the BIG-IQ VE instance that will assign licenses to the BIG-IP VE instances. Find this IP address after deploying the BIG-IQ blueprint in VNF Manager: BIG-IQ Deployments -> Deployment Outputs -> Primary Host value.
big_iq_lic_pool 1.x Yes Base and Gi-LAN/F All The name of the BIG-IQ key or pool that will be used to assign licenses to the BIG-IP VE instances. Find this value after deploying the BIG-IQ blueprint in VNF Manager: BIG-IQ Deployments -> Deployment Outputs -> big_iq_lic_pool value.
sw_ref_dag 1.x Yes Gi-LAN/F All

Depending upon your VIM:

  • A dictionary that defines the OpenStack image name, flavor name, and availability zone (version 1.2),and revision to use for the BIG-IP VE disaggregation instances. The revision number is used during the upgrade process. Instances with revision values lower than the number of the upgrade image provided, is considered as using an old version of the software.
  • A dictionary that defines the VMware template name and configuration to use for the BIG-IP VE disaggregation instances.
sw_ref_vnf 1.x Yes Gi-LAN/F All

Depending upon your VIM:

  • A dictionary that defines the OpenStack image name, flavor name, availability zone (version 1.2), and revision to use for the BIG-IP VE virtual network functions instances. The revision number is used during the upgrade process. Instances with revision values lower than the number of the upgrade image provided, is considered as using an old version of the software.
  • A dictionary that defines the VMware template name, configuration, and revision to use for the BIG-IP VE virtual network functions instances. The revision number is used during the upgrade process. Instances with revision values lower than the number of the upgrade image provided, is considered as using an old version of the software.
sw_ref_nagios 1.1.1 Yes Gi-LAN/F All

Depending upon your VIM:

  • A dictionary that defines the OpenStack image name, flavor name, availability zone (version 1.2), and revision to use for the CentOS monitoring nodes. The revision number is used during the upgrade process. Instances with revision values lower than the number of the upgrade image provided, is considered as using an old version of the software.
  • A dictionary that defines the VMware template name, configuration, and revision to use for the CentOS monitoring nodes. The revision number is used during the upgrade process. Instances with revision values lower than the number of the upgrade image provided, is considered as using an old version of the software.
security_groups 1.3 No Gi-LAN/F OpenStack String value enabling/disabling security groups for the Gi LAN and Gi Firewall blueprint solutions. When set to enable, appropriate security groups are included for the Nagios, DAG, VNF nodes, but when set to disable the default Security Group created by OpenStack for every instance is disabled along with all other security groups that may exist.
nagios_pass 1.2 Yes Gi-LAN/F vSphere Password for the Nagios server.
nagios_user 1.2 Yes Gi-LAN/F vSphere Username for the Nagios server.
mgmt_sg_name 1.x No Gi-LAN/F All The name of the pre-existing management security group.
pgw_sg_name 1.x No Gi-LAN/F All The name of the pre-existing packet gateway (PGW) security group.
pdn_sg_name 1.x No Gi-LAN/F All The name of the pre-existing provider data network (PDN) security group.
snmp_sg_name 1.x No Gi-LAN/F All The name of the pre-existing SNMP security group.
pgw_net 1.x Yes Gi-LAN/F All Name of the OpenStack network or the VMware port group.
pgw_subnet 1.x Yes Gi-LAN/F All The name of the pre-existing PGW sub-network.
pgw_ip_range 1.2 Yes Gi-LAN/F vSphere The range of host IP addresses you will use to assign to BIG-IP VEs; for example, 10.0.0.2-10.0.0.100, enabling you to assign 98 addresses. You can also create multiple, smaller IP address groups with that larger range; for example, 10.0.0.2-10.0.0.20, 10.0.0.21-10.0.0.30, and so forth.
pdn_net 1.x Yes Gi-LAN/F All Name of the OpenStack network or the VMware port group.
pdn_subnet 1.x Yes Gi-LAN/F All The name of the pre-existing PDN network subnet.
pdn_ip_range 1.2 Yes Gi-LAN/F vSphere The range of host IP addresses you will use to assign to BIG-IP VEs; for example, 10.0.0.2-10.0.0.100, enabling you to assign 98 addresses. You can also create multiple, smaller IP address groups with that larger range; for example, 10.0.0.2-10.0.0.20, 10.0.0.21-10.0.0.30, and so forth.
pgw_dag_net 1.x Yes Gi-LAN/F All Name of the OpenStack network or the VMware port group.
pgw_dag_subnet 1.x Yes Gi-LAN/F All The name of the pre-existing PGW-DAG network subnet.
pgw_dag_subnet_cidr 1.2 Yes Gi-LAN/F vSphere The network ID and subnet mask for the applicable network; for example, 10.6.149.0/24.
pgw_dag_ip_range 1.2 Yes Gi-LAN/F vSphere The range of host IP addresses you will use to assign to BIG-IP VEs; for example, 10.20.0.2-10.20.0.100, enabling you to assign 98 addresses. You can also create multiple, smaller IP address groups with that larger range; for example, 10.20.0.2-10.20.0.20, 10.20.0.21-10.20.0.30, and so forth.
pgw_dag_net_sw_dist 1.2 Yes Gi-LAN/F vSphere The vSphere switch distributed flag for PGW DAG network. Set to true if your system uses a distributed switch on this network or false if not.
pgw_subnet_cidr 1.2 Yes Gi-LAN/F vSphere The network ID and subnet mask for the applicable network; for example, 10.6.149.0/24.
pdn_dag_net 1.x Yes Gi-LAN/F All Name of the OpenStack network or the VMware port group.
pdn_dag_subnet 1.x Yes Gi-LAN/F All The name of the pre-existing PDN-DAG network subnet.
pdn_subnet_cidr 1.2 Yes Gi-LAN/F vSphere The network ID and subnet mask for the applicable network; for example, 10.6.149.0/24.
pdn_dag_ip_range 1.2 Yes Gi-LAN/F vSphere The range of host IP addresses you will use to assign to BIG-IP VEs; for example, 10.15.0.2-10.15.0.100, enabling you to assign 98 addresses. You can also create multiple, smaller IP address groups with that larger range; for example, 10.15.0.2-10.15.0.20, 10.15.0.21-10.15.0.30, and so forth.
pdn_net_sw_dist 1.2 Yes Gi-LAN/F vSphere The vSphere switch distributed flag for PDN network. Set to true if your system uses a distributed switch on this network or false if not.
pdn_dag_net_sw_dist 1.2 Yes Gi-LAN/F vSphere The vSphere switch distributed flag for PDN DAG network. Set to true if your system uses a distributed switch on this network or false if not.
pdn_dag_subnet_cidr 1.2 Yes Gi-LAN/F vSphere The network ID and subnet mask for the applicable network; for example, 10.6.149.0/24.
agent_user 1.2 Yes Gi-LAN/F vSphere The user for the client agents.
Parameter VNFM Version Required Blueprint VIM Description
ctrl_sg_name 1.x No Gi-LAN/F All The name of the pre-existing control security group.
max_scale_dag_group 1.x Yes Gi-LAN/F All The maximum number of layers to which the DAG group will scale.
max_scale_vnf_group 1.x Yes Gi-LAN/F All The maximum number of layers to which the VNF group will scale.
max_heal_vnfd_dag_ve 1.x Yes Gi-LAN/F All Maximum number of times a DAG VE will heal before it stops trying and shows an error.
max_heal_vnf_layer 1.x Yes Gi-LAN/F All Maximum number of times a layer will heal before it stops trying and returns an error.
max_heal_vnf_slave_ve 1.x Yes Gi-LAN/F All Maximum number of times a slave VE will heal before it stops trying and returns an error.
vnf_layer_cpu_threshold 1.x Yes Gi-LAN/F All Maximum number of times a slave VE will heal before it stops trying and returns an error.
vnf_layer_cpu_threshold_check_interval 1.x Yes Gi-LAN/F All Interval between checks, in minutes.
vnf_group_throughput 1.x Yes Gi-LAN/F All The desired aggregate throughput (Gigabits In Out) for every layer in the group. Example values: 5 for 5 gig, 0 for 10 gig, 0.5 for 500mb.
vnf_group_throughput_threshold 1.x Yes Gi-LAN/F All New layer is added to group when the percentage of average aggregate layer throughput exceeds this value (for example, 75).
dag_group_cpu_threshold_check_interval 1.x Yes Gi-LAN/F All Interval between checks, in minutes.
binding:vnic_type 1.3 No Gi-LAN/F OpenStack Support for single root input/output virtualization (SR-IOV). Use the port binding extension (binding) to specify and retrieve physical binding information of ports. The extension defines several attributes whose names have a prefix binding parameters including, normal (default), macvtap, direct, baremetal, direct-physical, virtio-forwarder, and smart-nic.
starting_ip_number 1.3 Yes Gi-LAN/F All Used for enabling CGNAT. Enter the number of IP addresses initially assigned to each VNF VE. Default value is 5.
increment_ip_number 1.3 Yes Gi-LAN/F All Used for enabling CGNAT. Enter the number of IP addresses to add during the Increment IPs workflow. Default value is 2.
cgnat_resource_id 1.3 No Gi-LAN/F All Used for enabling CGNAT. Enter the reference to a NAT source translation pool that you want VNFM to manage and that you defined in your F5 AS3 Declaration. This is a pointer to the IP pool that you want VNFM to manage; for example, “/Sample_22/A1/natSourceTranslation/addresses”. Note: The “addresses” value cannot be blank; therefore, the default value is a random IP address that is replaced during installation with the value defined in the cgnat_ip_ranges input.
cgnat_ip_ranges 1.3 No Gi-LAN/F All Used for enabling CGNAT. Enter the IP address range for each LSN pool list. For example, ‘192.168.1.100-192.168.1.150’ and ‘192.168.1.155-192.168.1.160’.
vnf_as3_nsd_payload 1.x No Gi-LAN/F All The F5 AS3 Declaration, in YAML format, that defines the service configuration of the VNF instances. Important: You will edit this declaration as appropriate for your solution; however, the VLAN names used in the allowVlans property for each service MUST correspond to the values of the pgw_dag_net (for outbound traffic) a pdn_dag_net inputs (for inbound traffic). For VNFM version 1.3 and later there is an optional CGNAT-specific AS3 declaration section to complete, if you want to enable your Gi LAN or Firewall blueprint with CGNAT capabilities. For sample AS3 declaration, see the supported inputs files in the VNFM public GitHub repository.
Parameter VNFM Version Required Blueprint VIM Description
CGNAT-specific AS3 Declaration 1.3 No Gi-LAN/F All In the inputs_gilan_v1.3.yaml or inputs_firewall_v1.3.yaml inputs file, define the optional CGNAT-enabled F5 AS3 Declaration, define the CGNAT-related inputs, and then upload the inputs files into VNF Manager for a deployed F5-VNF-Service-Layer-GiLAN_v1.3 or F5-VNF-Service-Layer-Firewall_v1.3 blueprint. Important: You will edit this declaration as appropriate for your solution; however, the VLAN names used in the allowVlans property for each service MUST correspond to the values of the pgw_dag_net (for outbound traffic) a pdn_dag_net inputs (for inbound traffic). For VNFM version 1.3 and later there is an optional CGNAT-specific AS3 declaration section to complete, if you want to enable your Gi LAN or Firewall blueprint with CGNAT capabilities. For sample AS3 declaration, see the supported inputs files in the VNFM public GitHub repository.

What’s next?

Deploy local F5 (Gi LAN) blueprint.