Release Notes¶
F5 Cloud-Native Network Functions (CNFs) Release notes for AON - v2.1.0
What’s new in CNFs v2.1.0 release¶
RBAC - Minimum to No cluster-wide access permissions¶
Implemented minimum or no cluster-wide access permissions (RBAC policies) to the CNF components with the principle of least privilege. This approach reduces the risk of unauthorized access and minimizes the impact of internal or external threats. With this initiative, clusters gain improved security and resilience without sacrificing necessary functionality or operational efficiency.
However, there are a few CNF components that require cluster-wide access, or privileges under certain circumstances. For more information, see Cluster-wide RBACs for CNFs and CNFs RBAC.
Enhanced Network Troubleshooting with netkvest Utility¶
CNFs now supports the netkvest utility in CWC Debug REST APIs, enabling connectivity checks to remote hosts. This feature allows you to perform diagnostic tasks, such as ping and traceroute, from a specified source SNAT pool within the TMM, enhancing network troubleshooting capabilities.
For more information, see Debug API and Debug Sidecar.
Ability to run in Hyperthreading Environments¶
CNFs now supports deployments in hyperthreading-enabled environments, enhancing scalability and resource utilization. This feature allows TMM to effectively manage logical CPUs, ensuring high performance in hyperthreaded setups. Administrators can configure the system to utilize available physical cores or logical threads as necessary, optimizing workloads efficiently. This feature ensures efficient CPU resource allocation and enhanced scalability for distributed deployments.
For more information, see Simultaneous Multithreading and TMM Values sections.
Distributed TODA stats aggregation for CNFs¶
The Stats Aggregator introduces a centralized framework for collecting, aggregating, and exporting statistics from Cloud-Native Functions (CNFs). This enhancement improves telemetry and performance monitoring by providing unified metrics across distributed environments. The aggregated stats are exported to tools like Prometheus, Grafana, or OpenTelemetry Collector, facilitating real-time monitoring and reporting.
For more information, see Distributed Toda for Stats Aggregation and OTEL Statistics page.
Network Security with GeoIP Support in CNF Edge Firewall¶
The CNF Edge Firewall now supports GeoIP database, enabling the creation of location-based firewall rules to permit or block traffic from specific countries or regions using IP geolocation data. This feature enhances network security by mitigating regional cyber threats, supports the implementation of geo-specific business policies, and optimizes traffic management for improved performance and efficiency.
For more information, see F5BigFwPolicy, F5BigFwRulelist, and F5BigDownloaderPolicy CRs.
Enhancements¶
Support for Per-VLAN MTU Configuration¶
CNFs has been enhanced to support configuring Maximum Transmission Unit (MTU) values on a per-VLAN basis, enabling administrators to optimize network performance for specific workloads and traffic requirements. This improvement provides greater flexibility and better performance across different network environments.
For more information, see BIG-IP Controller and F5BigNetVlan CR.
Next step¶
Continue to the Cluster Requirements to ensure the cluster has the required software components.