L4Route

This CR defines how the Layer4 routing should be managed within the Kubernetes cluster, allowing requests to be routed at the transport layer (TCP/UDP). L4Route is created based on the experimental TCPRoute/UDPRoute defined by the Gateway API community.

Update service

When a backend service is edited, the configuration of the dataplane does not get automatically updated. You must perform these steps in sequence.

1. Delete the service.

2. Modify the yaml file of the service.

3. Reapply the service.

CR Parameters

The table below provides the description and implementation details of the supported L4Route spec parameters:

Parameter	Description
protocol	Specifies the application protocol accepted by the listener. Valid values are TCP or UDP.
parentRefs.name	Specifies the name of the referent for the Gateway parent references.
parentRefs.sectionName	Specifies the name of a section within the target resource.
rules.backendRefs.name	Specifies the name to which the Route should forward the a request to a Kubernetes resource (backend service)
rules.backendRefs.port	Specifies the port to which the Route should forward the a request to a Kubernetes resource (backend service)
pvaAccelerationMode	Enables the preferred acceleration mode for the Packet Velocity ASIC (PVA). The available values are: full/assisted (default) and disabled - full/assisted: In this mode, traffic routes through the BF3 DPU, enabling hardware offloading for enhanced performance and efficiency - disabled: In this mode, traffic routes through TMM, which does not use the DPU’s hardware capabilities Note: This field is only effective for the BF3 DPU Controller
pvaDynamicClientPkts	Specifies the number of client packets before dynamic re-offloading occurs. The default value is 0
pvaDynamicServerPkts	Specifies the number of server packets before dynamic re-offloading occurs. The default value is 1

Note: Each gateway listener can support only one L4 route. Additionally, if an L4 route includes multiple backend references, all the associated services must share the same IP family. This means that all services must be either dual stack, IPv4, or IPv6. If the IP families differ, some backend references may not receive traffic properly.

L4Route CR Status

L4Route condition - Accepted

conditions.status	conditions.reason	description
Unknown	Pending	Initial state. Waiting for controller
True	Accepted	Accepted
False	- NoMatchingParent - NotAllowedByListeners - NoMatchingListenerHostname	- No Matching Parents by either Name, Port, or SectionName - Route not allowed by listeners - Route has no matching listener hostname

L4Route condition - ResolvedRef

conditions.status	conditions.reason	description
True	ResolvedRefs	References Resolved
False	- InvalidKind - BackendNotFound - RefNotPermitted - UnsupportedProtocol	- BackendRef has invalid kind - BackendRef not found - Referenced resource protocol is not supported

L4Route condition - PartiallyInvalid

conditions.status	conditions.reason	description
True	UnsupportedValue	Found both valid and invalid rules

Note: Descriptions from the above tables may not exactly match those under the status section of the CR.

Sample CRs

• Basic GRPCRoute and Gateway API CRs

• L4Routes traffic weight distribution CR

Basic GRPCRoute and Gateway API CRs

apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
  name: f5-gateway-class
spec:
  controllerName: f5.com/default-f5-cne-controller
  description: F5 BIG-IP Kubernetes Gateway
---
apiVersion: k8s.f5net.com/v1
kind: F5BnkGateway
metadata:
  name: f5-bnkgateway
  namespace: default  #same namespace in which f5-cne-controller is deployed
spec:
  ingressConfig:
    defaultListenerNetworks:
      - name: "default_ipv4"
        ipv4BaseCidr: "11.11.11.0/24"
        startAddress: "11.11.11.1"
        endAddress: "11.11.11.10"
      - name: "default_ipv6"
        ipv6BaseCidr: "2002::11:11:11:100/112"
        startAddress: "2002::11:11:11:101"
        endAddress: "2002::11:11:11:110"
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: f5-l4-gateway
  namespace: gateway-infra
spec:
  infrastructure:
    parametersRef:
      group: k8s.f5net.com
      kind: F5BnkGateway
      name: f5-bnkgateway
  gatewayClassName: f5-gateway-class
  listeners:
    - name: tcp
      protocol: TCP
      port: 8000
      allowedRoutes:
        kinds:
          - kind: L4Route
            group: gateway.k8s.f5net.com
 
---
apiVersion: gateway.k8s.f5net.com/v1
kind: L4Route
metadata:
  name: my-l4route
  namespace: app-ns
spec:
  parentRefs:
  - name: f5-l4-gateway
    sectionName: tcp
    namespace: gateway-infra
  rules:
  - backendRefs:
    - name: l4-greeter-server
      port: 80
      namespace: app-ns

L4Routes traffic weight distribution CR

apiVersion: gateway.k8s.f5net.com/v1
kind: L4Route
metadata:
  name: l4-app-1
spec:
  protocol: TCP
  parentRefs:
  - name: my-l4-gateway
    sectionName: tcp
  rules:
  - backendRefs:
    - name: tcp-testapp-rg-0-f5ing-testapp
      port: 8050
      weight: 70
    - name: tcp-testapp-rg-1-f5ing-testapp
      port: 8050
      weight: 30