Release Notes

F5 Cloud-Native Network Functions (CNFs) for AON - v2.0.0

What’s new in CNFs v2.0.0

Deterministic Network Address Translation (DNAT) support for Carrier-Grade NAT (CGNAT) implemented in CNFs

Deterministic Network Address Translation (DNAT) mode enables service providers with an efficient tool for managing traffic mapping in CGNAT environments. It ensures traceability while reducing operational overhead and conserving system resources. Core capabilities include:

  • Subscriber IP-to-public IP mapping
  • Reverse address mapping
  • JSON-formatted outputs for seamless integration

DNAT mode uses NAT Policy and VLAN Custom Resources (CRs) to define parameters for deterministic-mode Large-Scale NAT (LSN) operations. For more information, see Deterministic NAT, and F5BigNatPolicy.

IP Intelligence

IP intelligence makes CNFs more secure by implementing IP Intelligence capabilities, leveraging threat intelligence data, and identifying and blocking traffic from malicious or suspicious IP addresses. With this feature, ‌service providers can proactively mitigate threats while maintaining seamless traffic management. IP intelligence supports real-time categorization and enforcement using IP reputation databases and allows dynamic updates of blacklists and whitelists for faster responses to emerging threats. For more information, see Internet Protocol Intelligence (IPI), F5BigIpiFeedlist, F5BigIpiCategoryList, IP Intelligence Stats, IP Intelligence Logging, and f5BigIpiFeedlist.

Disaggregation (DAG) CNFs

The Disaggregation (DAG) CNFs enable service providers with a robust and scalable platform for traffic management in modern, cloud-native architectures. Fully containerized and optimized for Kubernetes, this release supports core gateway functions such as ingress and egress traffic handling, service-to-service communication, and VXLAN tunneling for seamless connectivity. With initial redundancy and failover support, DAG CNFs ensure high availability and reliability, and is tailored for modern scalable microservices architectures with minimal resource overhead.

For more information on DAG CNFs, see DAG CNFs, F5PersistenceProfile, F5BigFastl4Setting, and F5BigContextSecure.

Policy Enforcer (PE) on BIG-IP Next CNFs

The Policy Enforcer (PE) introduces advanced capabilities for managing and enforcing application and network policies, designed to improve control, security, and compliance in modern deployments. It automatically enforces traffic policies based on predefined rules, application profiles, and real-time network conditions. PE implements intelligent enforcement tailored specifically to application behavior and requirements. Also, it blocks unauthorized access, enforces regulatory compliance, and ensures secure traffic flow across all layers. For more information on Policy Enforcer on CNFs, see Policy Enforcer, F5BigDpiProfile, F5BigPePolicy, F5BigPeProfile, F5BigContextSecure, and Reporting.

DNS Express on CNF 2.0.0

DNS Express on CNFs provides a highly efficient and secure solution for DNS traffic management, ensuring reliability and performance in modern, dynamic network environments. DNS Express offers high-performance DNS caching optimized for handling large volumes of DNS queries with minimal latency, and enhancing responsiveness during high-traffic periods. It also Includes robust failover mechanisms and secure handling of DNS requests to prevent disruptions and vulnerabilities. For more information, see CNF DNS Express, F5BigDnsZone, and F5BigDnsxGlobalOptions.

Fixes and Known Issue

Refer to Fixes and Known Issues section to known about fixes and known issues for this CNF release.

Software upgrades

For assistance with software upgrades, refer to the Upgrading CNFs overview.

Next step

Continue to the Cluster Requirements to ensure the cluster has the required software components.