Updated Date: 05/27/2026
BIG-IQ Standalone — OpenShift SR-IOV
This guide describes how to deploy a standalone BIG-IQ Central Manager Virtual Edition (VE) instance on Red Hat OpenShift Virtualization (KubeVirt) using SR-IOV networking.
This deployment model uses SR-IOV virtual functions (VFs) to provide direct access to physical NIC resources for high-performance networking. It is recommended for:
- Production environments requiring higher throughput
- Performance-sensitive deployments
- OpenShift clusters with SR-IOV-capable NIC hardware
| Component | Version |
|---|---|
| BIG-IQ | 8.4.2 |
| OpenShift Container Platform | 4.14 or later |
| OpenShift Virtualization | 4.14 or later |
| SR-IOV Network Operator | Supported release for OCP 4.14+ |
| Multus CNI | Included with OpenShift |
| Requirement | Notes |
|---|---|
| SR-IOV capable NIC | Must support SR-IOV; verify with lspci | grep -i ethernet |
| SR-IOV enabled in BIOS/UEFI | Look for “SR-IOV” or “VT-d” under PCIe settings in server BIOS |
| IOMMU is enabled on the host | Required for VF passthrough to VMs |
| Known-good NIC | Tested on ens103f0; update pfNames in nncp.yaml for your NIC |
Verify IOMMU is enabled:
# On the worker node
cat /proc/cmdline | grep -o 'intel_iommu=on\|amd_iommu=on'
# Must return a value — if empty, IOMMU is not enabled (check BIOS and kernel args)Ensure the following requirements are met before deployment.
| Requirement | Notes |
|---|---|
| OpenShift Virtualization | Installed and operational |
| SR-IOV Network Operator | Installed through OperatorHub |
| SR-IOV-capable NICs | Configured on worker nodes |
| Virtual Functions (VFs) | Created and available |
| Worker node CPU | Minimum 8 vCPUs available |
| Worker node memory | Minimum 16 GiB |
| Worker node storage | Minimum 200 GiB available |
| BIG-IQ VE image | QCOW2 image accessible through HTTP |
| Management IP address | Available IP address for BIG-IQ management |
Verify OpenShift Virtualization is running:
oc get pods -n openshift-cnv | grep -E "virt-operator|virt-controller|virt-handler"Verify the SR-IOV Network Operator is running:
oc get pods -n openshift-sriov-network-operatorVerify the physical NIC name on your worker node:
oc debug node/<WORKER_NODE_NAME> -- ip link show
# Note the name of your SR-IOV capable NIC (for example: ens103f0, ens1f0, enp3s0f0)
# Update pfNames in nncp.yaml to matchThe deployment process consists of the following steps:
- Configure SR-IOV virtual functions on worker nodes
- Create the BIG-IQ namespace
- Configure SR-IOV network policies
- Create the SR-IOV NetworkAttachmentDefinition
- Import the BIG-IQ QCOW2 image
- Deploy the BIG-IQ virtual machine
- Verify VM connectivity and access
- Complete post-deployment configuration
Create the namespace used for BIG-IQ resources:
oc create namespace f5-bigiq --dry-run=client -o yaml | oc apply -f -Create an SR-IOV Network Node Policy to allocate virtual functions from the physical NIC.
Example nncp.yaml:
apiVersion: sriovnetwork.openshift.io/v1
kind: SriovNetworkNodePolicy
metadata:
name: sriov-net-mgmt
namespace: openshift-sriov-network-operator
spec:
resourceName: sriov_net_mgmt
nodeSelector:
node-role.kubernetes.io/worker: ''
numVfs: 4
nicSelector:
pfNames:
- ens103f0
deviceType: vfio-pciApply the policy:
oc apply -f nncp.yaml# The SR-IOV operator will drain and reboot affected nodes to apply the VF configuration
# This can take several minutes per node
oc get sriovnetworknodestates -n openshift-sriov-network-operator -w
# Wait for: syncStatus = Succeeded on all nodesApplying the
SriovNetworkNodePolicymay cause worker nodes to reboot. Plan this step during a maintenance window in production environments.
Verify VFs were created on the node:
oc debug node/<WORKER_NODE_NAME> -- cat /sys/class/net/ens103f0/device/sriov_numvfs
# Should return: 4Create an SR-IOV network for BIG-IQ connectivity.
Example nad.yaml:
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
name: net-mgmt
namespace: f5-bigiq
annotations:
k8s.v1.cni.cncf.io/resourceName: openshift.io/sriov_net_mgmt
spec:
config: '{
"cniVersion": "1.0.0",
"name": "net-mgmt",
"type": "sriov",
"resourceName": "openshift.io/sriov_net_mgmt"
}'Apply the SR-IOV network:
oc apply -f nad.yaml -n f5-bigiqVerify the NetworkAttachmentDefinition:
oc get network-attachment-definitions -n f5-bigiq
# NAME AGE
# net-mgmt <time>Verify the SR-IOV resource is visible on the node:
# Requires jq — install if needed: sudo dnf install -y jq
oc get node <WORKER_NODE_NAME> -o json | \
jq '.status.allocatable | with_entries(select(.key | contains("sriov")))'Create a DataVolume to import the BIG-IQ QCOW2 image.
Example bigiq-datavolume.yaml:
apiVersion: cdi.kubevirt.io/v1beta1
kind: DataVolume
metadata:
name: bigiq842-datavolume
namespace: f5-bigiq
annotations:
cdi.kubevirt.io/storage.usePopulator: "false"
spec:
pvc:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 200Gi
source:
http:
url: http://<YOUR_HTTP_SERVER>/BIG-IQ-<VERSION>.qcow2Update the image URL before applying the configuration.
Apply the DataVolume:
oc apply -f bigiq-datavolume.yaml -n f5-bigiqMonitor the import process:
oc get datavolume bigiq842-datavolume -n f5-bigiq -wWait until the DataVolume phase changes to Succeeded.
If the import is stuck, check the importer pod logs:
oc get pods -n f5-bigiq
oc logs -n f5-bigiq -l app=containerized-data-importerDeploy the standalone BIG-IQ virtual machine using the SR-IOV network.
Example bigiq.yaml:
apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
name: bigiq1-vm
namespace: f5-bigiq
labels:
f5type: bigiq-ve
annotations:
k8s.v1.cni.cncf.io/networks: "f5-bigiq/net-mgmt"
spec:
runStrategy: Always
template:
metadata:
labels:
f5type: bigiq-ve
bigiq-unit: unit-1
spec:
domain:
cpu:
sockets: 1
# Adjust cores to the desired number of vCPUs
cores: 4
threads: 2
resources:
requests:
memory: 16Gi
openshift.io/sriov_net_mgmt: "1"
limits:
memory: 32Gi
openshift.io/sriov_net_mgmt: "1"
devices:
disks:
- name: bigiq1-datavolume
disk:
bus: virtio
interfaces:
- name: mgmt
sriov: {}
volumes:
- name: bigiq1-datavolume
dataVolume:
name: "bigiq842-datavolume"
networks:
- name: mgmt
multus:
networkName: f5-bigiq/net-mgmtApply the VM configuration:
oc apply -f bigiq.yaml -n f5-bigiqMonitor VM startup:
oc get vm,vmi -n f5-bigiq -wWait until the VM status is Running.
Verify the VM and VMI status:
oc get vm bigiq1-vm -n f5-bigiq
oc get vmi bigiq1-vm -n f5-bigiqRetrieve the management IP address:
oc get vmi bigiq1-vm -n f5-bigiq \
-o jsonpath='{.status.interfaces[*].ipAddress}'Verify HTTPS access:
curl -skL --max-time 15 -o /dev/null -w "HTTP %{http_code}\n" \
https://<VM_IP>/ui/login/Access the BIG-IQ UI:
https://<VM_IP>/ui/login/Access the VM through SSH:
ssh root@<VM_IP>| Username | Password |
|---|---|
| admin | admin |
| root | default |
You are prompted to change the passwords during initial login.
Complete the following tasks after deployment:
- Apply a valid BIG-IQ license
- Change default passwords
- Configure DNS settings
- Configure NTP settings
- Configure the system hostname
For production deployments using SR-IOV:
- Allocate dedicated CPU and memory resources
- Use NUMA-aligned resource allocation when possible
- Configure sufficient virtual functions (VFs) on worker nodes
- Use SR-IOV-capable NICs supported by OpenShift
Verify:
- SR-IOV resources are available on the selected worker node
- Sufficient CPU and memory resources are available
- Worker nodes match the SR-IOV node selector
Verify:
- The SR-IOV Network Operator is running
- VFs are configured correctly on the physical NIC
- The SR-IOV NetworkAttachmentDefinition exists in the correct namespace
Verify:
- HTTP image URL is reachable from the cluster
- Storage class supports the required access mode
- Sufficient storage capacity is available
Verify the QCOW2 image checksum and re-import the image if necessary.
Delete the VM:
oc delete vm bigiq1-vm -n f5-bigiqDelete the DataVolume:
oc delete datavolume bigiq842-datavolume -n f5-bigiqDelete the SR-IOV network:
oc delete -f sriov-network.yamlDelete the SR-IOV node policy:
oc delete -f sriov-node-policy.yamlDelete the namespace:
oc delete namespace f5-bigiq