BIG-IP Next for Kubernetes Known Issues¶
This list highlights the known issues for the current BIG-IP Next for Kubernetes release.
1926869-2¶
Performance may be degraded when using PVA acceleration to apps on the same chassis as TMM.
Component: FSM
Symptoms:
When running BIG-IP Next for Kubernetes on a Bluefield-3 DPU, and enabling PVA Acceleration of flows, traffic destined for apps running on the host in the same chassis as the DPU with TMM may see up to 50% less throughput when compared to traffic destined for apps on other nodes in the cluster.
Conditions:
PVA acceleration enabled, BIG-IP Next for Kubernetes running on Bluefield-3 DPU, Apps running on host CPU are in the same chassis as TMM.
Impact:
Up to 50% degradation in throughput.
1968153-3¶
Traffic stats missing drop counter for trunk usecases
Component: FSM
Symptoms:
Traffic stats are not present when packet are dropped when using a trunk interface.
Conditions:
The trunk does not have any interfaces to forward traffic.
Impact:
Missing diagnostics.
2138129-1¶
Fluent-bit ARM64 image hits unsupported page size issues on ARM64 AKS cluster
Component: Toda_fluentbit
Symptoms:
When configuring a Linux kernel with the page size for 64K page size: CONFIG_ARM64_64K_PAGES=y, Fluentbit fails to start with an error “Unsupported system page size”.
Conditions:
When configuring a Linux kernel with the page size for 64K page size: CONFIG_ARM64_64K_PAGES=y.
Impact:
Fluentbit fails to start with an error “Unsupported system page size”.
1823977-2¶
Logs for TMM container is unavailable through console output when fluentbit container is enabled in TMM pod
Component: FSM
Symptoms:
When the fluentbit container is enabled for the f5-tmm pod, the f5-tmm container logs will not be outputted to the console. However, the f5-tmm container logs can still be found in the f5-toda-fluentd pod (located under “/var/log/f5”).
Conditions:
Fluentbit container is enabled and running in the f5-tmm pod.
Impact:
F5-tmm container logs will not be outputted through console and can only be found in the f5-toda-fluentd pod.
Workaround:
The f5-tmm container logs can still be found in the f5-toda-fluentd pod (located under “/var/log/f5”).
2186317-1¶
Hardware-accelerated connection is not counted in DDoS Profile stats
Component: DoS
Symptoms:
Hardware-accelerated TCP/UDP connection flow packets may not be counted in DDoS Profile stats.
Conditions:
Hardware acceleration is enabled for context.
Profile DDoS is assigned to context.
Volumetric DDoS attack happening via accelerated connections (only TCP/UDP).
Impact:
Volumetric Flood TCP/UDP DDoS attack may not be mitigated.
Workaround:
Use Global DDoS to mitigate such attacks or disable hardware connection flow acceleration for context.
2046925-1¶
TCP throughput degradation during UDP DDoS attack with DPU hardware acceleration
Component: DoS
Symptoms:
Lower TCP throughput degradation could be observed during ongoing UDP DDoS attack on DPU platforms even when Global DDoS mitigation is configured.
Conditions:
Global DDoS config has TCP and UDP vectors configured.
DDoS hardware DPU acceleration is enabled.
TCP and UDP traffic is going in the same time.
Impact:
Up to 30% degradation in throughput.
2186773-1¶
DNS Nxdomain DoS Detection & Mitigation Supported only on Global Context
Component: DoS
Symptoms:
Most DDoS Vectors are supported on both Global level & Per Context level.
DNS Nxdomain DoS detection & mitigation feature is supported only on Global Context. However the Per Context DDoS CRD wrongly includes sub-section “dnsNxdomainQuery” defined, which is not supported.
Conditions:
Per context DDoS CRD wrongly included sub-section “dnsNxdomainQuery”. However this configuration section is not applicable.
Impact:
Including dnsNxdomainQuery vector in Per Context DDoS CRD, is misleading.
Workaround:
Use Global DDoS dnsNxdomainQuery vector. Per Context level DoS mitigation is not supported for DNS Nxdomain Vector.
2200517-1¶
Hardware acceleration for IPv6 is not supported.
Component: FSM
Symptoms:
MOn the CX7 NIC, BIG-IP Next for Kubernetes hardware acceleration is not supported for IPv6 traffic. Only IPv4 traffic offloading is available, including IPv4 flow offloading, IPv4 NAT44 offloading, and ACL offloading.
Conditions:
BIG-IP Next for Kubernetes running on the CX7 NIC.
Impact:
IPv6 traffic is not optimized for acceleration.