Manual Chapter : BIG-IQ Standalone — OpenShift vNIC (OVN-K localnet)

Applies To:

  • BIG-IQ Centralized Management

    8.4.2

back-action BIG-IQ Centralized Management, OpenShift and VMware ESXi: Setup

Updated Date: 05/27/2026

BIG-IQ Standalone — OpenShift vNIC (OVN-K localnet)

This guide describes how to deploy a standalone BIG-IQ Central Manager Virtual Edition (VE) instance on Red Hat OpenShift Virtualization (KubeVirt) using virtio-based networking with OVN-Kubernetes localnet topology.

This deployment model uses a virtio vNIC bridged to the node br-ex interface through OVN-Kubernetes localnet networking. It is recommended for:

  • Single-node OpenShift (SNO) deployments
  • OpenShift environments without SR-IOV-capable hardware
  • Lab, evaluation, and general-purpose virtualization deployments

Component Version
BIG-IQ 8.4.2
OpenShift Container Platform 4.14 or later
OpenShift Virtualization 4.14 or later
NMState Operator 4.14 or later
Multus CNI Included with OpenShift

Ensure the following requirements are met before deployment.

Requirement Notes
OpenShift Virtualization Installed and operational
NMState Operator Installed through OperatorHub
Worker node CPU Minimum 8 vCPUs available
Worker node memory Minimum 16 GiB
Worker node storage Minimum 200 GiB available
BIG-IQ VE image QCOW2 image accessible through HTTP
Management IP address Available IP address on the br-ex subnet

Verify OpenShift Virtualization is running:

oc get pods -n openshift-cnv | grep -E "virt-operator|virt-controller|virt-handler"

Verify the NMState Operator is running:

oc get pods -n openshift-nmstate

The deployment process consists of the following steps:

  1. Create the BIG-IQ namespace
  2. Configure the OVN-Kubernetes localnet bridge mapping
  3. Create the NetworkAttachmentDefinition (NAD)
  4. Import the BIG-IQ QCOW2 image
  5. Deploy the BIG-IQ virtual machine
  6. Verify VM connectivity and access
  7. Complete post-deployment configuration

Create the namespace used for BIG-IQ resources:

oc create namespace f5-bigiq --dry-run=client -o yaml | oc apply -f -

Configure a NodeNetworkConfigurationPolicy (NNCP) to map the net-mgmt localnet network to the node br-ex bridge.

Example nncp.yaml:

yaml
apiVersion: nmstate.io/v1
kind: NodeNetworkConfigurationPolicy
metadata:
  name: ovs-vms
spec:
  desiredState:
    ovn:
      bridge-mappings:
      - localnet: net-mgmt
        bridge: br-ex
        state: present
  nodeSelector:
    node-role.kubernetes.io/worker: ''
  1. Apply the configuration:
oc apply -f nncp.yaml
  1. Wait for the policy to become available:
oc wait nncp ovs-vms --for condition=Available --timeout=2m
  1. Verify status:
oc get nncp ovs-vms

Create a NetworkAttachmentDefinition (NAD) for the management network.

Example nad.yaml:

yaml
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
  name: net-mgmt
  namespace: f5-bigiq
spec:
  config: '{
    "cniVersion": "0.3.1",
    "name": "net-mgmt",
    "type": "ovn-k8s-cni-overlay",
    "topology": "localnet",
    "netAttachDefName": "f5-bigiq/net-mgmt"
  }'
  1. Apply the configuration:
oc apply -f nad.yaml -n f5-bigiq
  1. Verify the NAD:
oc get network-attachment-definitions -n f5-bigiq

Create a DataVolume to import the BIG-IQ QCOW2 image.

Example bigiq-datavolume.yaml:

yaml
apiVersion: cdi.kubevirt.io/v1beta1
kind: DataVolume
metadata:
  name: bigiq842-datavolume
  namespace: f5-bigiq
  annotations:
    cdi.kubevirt.io/storage.usePopulator: "false"
spec:
  pvc:
    accessModes:
    - ReadWriteMany
    resources:
      requests:
        storage: 200Gi
  source:
    http:
      url: http://<YOUR_HTTP_SERVER>/BIG-IQ-<VERSION>.qcow2

  1. Apply the DataVolume:
oc apply -f bigiq-datavolume.yaml -n f5-bigiq
  1. Monitor the import process:
oc get datavolume bigiq842-datavolume -n f5-bigiq -w
  1. If the import is stuck, check the importer pod logs:
bash
oc get pods -n f5-bigiq
oc logs -n f5-bigiq -l app=containerized-data-importer

Deploy the standalone BIG-IQ virtual machine.

Example bigiq.yaml:

yaml
apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
  name: bigiq1-vm
  namespace: f5-bigiq
  labels:
    f5type: bigiq-ve
  annotations:
    k8s.v1.cni.cncf.io/networks: "f5-bigiq/net-mgmt"
spec:
  runStrategy: Always
  template:
    metadata:
      labels:
        f5type: bigiq-ve
        bigiq-unit: unit-1
    spec:
      domain:
        cpu:
          sockets: 1
          cores: 4
          threads: 2
        resources:
          requests:
            memory: 16Gi
          limits:
            memory: 32Gi
        devices:
          networkInterfaceMultiqueue: true
          disks:
          - name: bigiq1-datavolume
            disk:
              bus: virtio
          interfaces:
          - name: mgmt
            bridge: {}
      volumes:
      - name: bigiq1-datavolume
        dataVolume:
          name: "bigiq841-datavolume"
      networks:
      - name: mgmt
        multus:
          networkName: f5-bigiq/net-mgmt
  1. Apply the VM configuration:
oc apply -f bigiq.yaml -n f5-bigiq
  1. Monitor VM startup:
oc get vm,vmi -n f5-bigiq -w

Wait until the VM status is Running.

  1. Verify the VM and VMI status:
bash
oc get vm bigiq1-vm -n f5-bigiq
oc get vmi bigiq1-vm -n f5-bigiq
  1. Retrieve the management IP address:
bash
oc get vmi bigiq1-vm -n f5-bigiq \
-o jsonpath='{.status.interfaces[*].ipAddress}'
  1. Verify HTTPS access:
bash
curl -skL --max-time 15 -o /dev/null -w "HTTP %{http_code}\n" \
https://<VM_IP>/ui/login/
  1. Access the BIG-IQ UI:
https://<VM_IP>/ui/login/
  1. Access the VM through SSH:
ssh root@<VM_IP>

Username Password
admin admin
root default

You are prompted to change the passwords during initial login.

Complete the following tasks after deployment:

  • Apply a valid BIG-IQ license
  • Change default passwords
  • Configure DNS settings
  • Configure NTP settings
  • Configure the system hostname

The example VM specification is intended for lab environments.

For production deployments:

  • Increase vCPU allocation as needed
  • Allocate a minimum of 2 GiB memory per vCPU
  • Configure memory limits equal to memory requests for guaranteed allocation

Restart the VM after modifying resource allocations:

virtctl restart bigiq1-vm -n f5-bigiq

Reduce CPU or memory allocation, or free resources on the worker node.

Verify:

  • NNCP status is Available
  • NAD exists in the correct namespace
  • br-ex bridge mapping is configured correctly

Verify:

  • HTTP image URL is reachable from the cluster
  • Storage class supports the required access mode
  • Sufficient storage capacity is available

Verify the QCOW2 image checksum and re-import the image if necessary.

Delete the VM:

oc delete vm bigiq1-vm -n f5-bigiq

Delete the DataVolume:

oc delete datavolume bigiq842-datavolume -n f5-bigiq

Delete the NetworkAttachmentDefinition:

oc delete -f nad.yaml -n f5-bigiq

Delete the NNCP:

oc delete nncp ovs-vms

Delete the namespace:

oc delete namespace f5-bigiq