F5BigCneAddresslist

Overview

The F5BigCneAddresslist Custom Resource (CR) is useful for defining larger, more complex lists of IP address that can then be referenced by Cloud-Native Network Functions (CNFs) protection and NAT CRs:

• F5BigNatPolicy - Carrier-grade NAT (CG-NAT) using large-scale NAT (LSN) pools.
• F5BigFwPolicy - Granulalar packet filtering based on access control list (ACL) policies.
• F5BigDdosPolicy - Denial of Service (DoS/DDoS) event detection and mitigation.

This document guides you through creating a simple F5BigCneAddresslist.

Note: The F5BigCnePortlist CR is useful for defining lists of service ports.

Parameters

The CR spec parameters used to configure the Service Proxy TMM static routing table are:

Parameter	Description
addresses	The IPv4 or IPv6 addresses included in the address list: host 2002::33:22, subnet 2003::/64, or range 2002::33:22-2002::33:50.
addressLists	This is a string which refers to another addresslist that consists of either IP addresses or child addresslists.

Requirements

Ensure you have:

• Uploaded the CNF Software.
• Installed the BIG-IP Controller Pods.
• Have a Linux based workstation.

Installation

Use the following steps to install the F5BigCneAddresslist CR:

Tip: Open a second shell to view the CNFs Event Logs while installing.

1. Copy the example CR into a YAML file:

   apiVersion: "k8s.f5net.com/v1"
   kind: F5BigCneAddresslist
   metadata:
      name: "outbound-nat"
      namespace: "cnf-gateway"
   spec:
      addresses:
        - "192.168.1.0-192.168.1.10"
        - "10.10.10.0/24"
        - "192.168.2.1"
      addressLists:
        -	“addressList1”
        -	“addressList2”
   
   apiVersion: "k8s.f5net.com/v1"
   kind: F5BigCneAddresslist
   metadata:
      name: "addressList1"
      namespace: "cnf-gateway"
   spec:
      addresses:
        - "3002::33:22-3002::33:52"
        - "3004::/64"
      addressLists:
        -	“addressList3”
        -	“addressList4”
   

2. Install the F5BigCneAddresslist CR:

   oc apply -f cnf-address-list.yaml
   

   In this example, the BIG-IP Controller logs indicate the F5BigCneAddresslist CR was added/updated:

   I0607 12:00:00.12345   1 event.go:282] Event(v1.ObjectReference{Kind:"F5AddressList", 
   F5AddressListProfile cnf-gateway/outbound-nat was added/updated
   

Feedback

Provide feedback to improve this document by emailing cnfdocs@f5.com.