Process to achieve service insertion with F5 BIG-IP and Cisco APIC [End of Life]

The F5 and Cisco APIC integration based on the device package and iWorkflow is End Of Life.
The latest integration is based on the Cisco AppCenter named ‘F5 ACI ServiceCenter’.
Visit https://f5.com/cisco for updated information on the integration.

As more joint F5 and Cisco customers are deploying our BIG-IP and ACI solution many questions have often come up about how it all works. How do things integrate?  To make your lives a bit easier I have collected a set of commonly asked questions and created videos to help explain.

Of course every deployment is different, but here are a few things to consider and learn


What is the F5 Device Package and how to upload it to Cisco APIC?

The Cisco APIC requires a device package that you can use to insert and configure network service functions on the F5 device.

A device package is a zip file that is uploaded to the APIC which helps translate APIC function/event calls to functions that BIG-IP understands.  The below document goes into details about how it all works.

Click here to learn how to install the device package to APIC


Can I use BIG-IP Virtual Edition instead of the BIG-IP physical device?

The BIG-IP VE can be used with ACI for L4-L7 service insertion. To do this a vCenter domain has to be integrated with the ACI deployment.

Learn how to integrate the vCenter (VMM domain) in Cisco APIC


What are the differences in getting the APIC to communicate with a BIG-IP physical or virtual edition?

Learn how to create logical device cluster – VE High Availability

Learn how to create logical device cluster – VE Stand Alone

Learn how to create a logical device cluster – Physical High Availability

Learn how to create a logical device cluster – Physical Stand Alone


What are the different options available for integration and how to go about defining the configuration parameters on the BIG-IP?

BIG-IP can be integrated with the ACI fabric in different modes – 1-ARM and 2-ARM. It can also be deployed as a single node or dual node service graph.

The video links below provide information on how to deploy each of these modes.

Learn how to deploy a 2 ARM BIG-IP node graph (Listener) using Cisco ACI

Learn how to deploy a 1 ARM BIG-IP node graph (Listener) using Cisco ACI

Learn how to deploy a two node graph (ASA+BIG-IP) in Cisco ACI


What are some of the best practices that should be followed and how should I go about debugging?

One best practice is to use a function profile for the purpose of re-using configuration in Cisco APIC while also reducing human errors during deployment

Learn how to create and use a function profile

Methods to troubleshoot issues encountered during configuration of service insertion in Cisco APIC


I hope you enjoy my videos answering these common questions.  Feel free to comment below.

Published Jul 31, 2015
Version 1.0

Was this article helpful?

No CommentsBe the first to comment