F5SPKGlobalOptions

The F5SPKGlobalOptions CR configures the Traffic Management Microkernel (TMM) to enable or disables crypto hardware acceleration on the BlueField-3 (BF3) Data Processing Unit (DPU) using Data Center Operations and Communications Acceleration (DOCA) APIs. These APIs provide secure, high-speed encryption and decryption. The BlueField-3 DPU employs the Advanced Encryption Standard-Galois/Counter Mode (AES-GCM) engine to enhance both performance and security for traffic management operations.

Parameters

The table below describes the F5SPKGlobalOptions CR spec parameters:

Parameter	Description
crypto.hwAccel	Enables or disables crypto hardware acceleration on the BlueField-3 Data Processing Unit (DPU): true (default) or false.

F5SPKGlobalOptions CR Example

apiVersion: k8s.f5net.com/v1
kind: F5SPKGlobalOptions
metadata:
  name: global-options
  namespace: default
spec:
  crypto:
    hwAccel: true

Disabling Crypto Hardware Acceleration on the BlueField-3 DPU

Follow the steps below to disable crypto hardware acceleration on the BlueField-3 DPU:

1. Copy the F5SPKGlobalOptions example CR below to a YAML file. Set the crypto.hwAccel parameter to false and save:

   In this example, the CR installs to the spk-ingress Project:

    apiVersion: k8s.f5net.com/v1
    kind: F5SPKGlobalOptions
    metadata:
      name: global-options
      namespace: spk-ingress
    spec:
      crypto: 
        hwAccel: false
   

2. Apply the F5SPKGlobalOptions CR that you have created:

   kubectl apply -f f5-global-options.yaml
   

The crypto hardware acceleration is now disabled on the BlueField-3 DPU, and a software-based codec will be enabled.

Enabling Crypto Hardware Acceleration on the BlueField-3 DPU

Prerequisites:

To enable crypto hardware acceleration on the BlueField-3 Data Processing Unit (DPU), ensure you have the following:

1. A BlueField-3 DPU must have a crypto-capable device.
2. A Scalable Function (SF) must be created on the BlueField-3 DPU.

Follow the steps below to enable ‌crypto hardware acceleration on the BlueField-3 DPU:

1. Copy the F5SPKGlobalOptions example CR below to a YAML file. Set the crypto.hwAccel parameter to true and save:

   In this example, the CR installs to the spk-ingress Project:

    apiVersion: k8s.f5net.com/v1
    kind: F5SPKGlobalOptions
    metadata:
      name: global-options
      namespace: default
    spec:
      crypto: 
        hwAccel: true
   

2. Apply the F5SPKGlobalOptions CR that you have created:

   kubectl apply -f f5-global-options.yaml
   

The crypto hardware acceleration is now enabled on the BlueField-3 DPU, and a software-based codec will be disabled.

Feedback

Provide feedback to improve this document by emailing spkdocs@f5.com.