The F5BigCnePortlist Custom Resource (CR) is useful for defining larger, more complex sets of service ports, that can then be referenced by any of the Cloud-Native Network Functions (CNFs) protection and NAT CRs:

  • F5BigNatPolicy - Carrier-grade NAT (CG-NAT) using large-scale NAT (LSN) pools.
  • F5BigFwPolicy - Granulalar packet filtering based on access control list (ACL) policies.
  • F5BigDdosPolicy - Denial of Service (DoS/DDoS) event detection and mitigation.

This document guides you through creating a simple F5BigCnePortlist.

_images/spk_info.png Note: The F5BigCneAddresslist CR is useful for defining lists of IP addresses ports.


The CR spec parameters used to configure the Service Proxy TMM static routing table are:

Parameter Description
ports The service ports included in the port list. Port 0 is not a valid value, and is not allowed.


Ensure you have:


Use the following steps to install the F5BigCnePortlist CR:

_images/spk_info.png Tip: Open a second shell to view the CNFs Event Logs while installing.

  1. Copy the example CR into a YAML file:

    apiVersion: "k8s.f5net.com/v1"
    kind: F5BigCnePortlist
      name: "allow-5000-80"
      namespace: "cnf-gateway"
      - "5000-5500"
      - "80"
  2. Install the F5BigCnePortlist CR:

    oc apply -f cnf-port-list.yaml

    In this example, the BIG-IP Controller logs indicate the F5BigCneAddresslist CR was added/updated:

    I0607 12:00:00.12345   1 event.go:282] Event(v1.ObjectReference{Kind:"F5PortList", 
    F5PortList cnf-gateway/allow-5000-80 was added/updated


Provide feedback to improve this document by emailing cnfdocs@f5.com.