F5BigContextSecure Reference

The F5BigContextSecure Custom Resource (CR) configuration parameters. Each heading below represents the top-level parameter element. For example, to set the protocol profile, use spec.profile.

spec

Parameter Description
destinationAddress The advertised IPv4 address of the application.
ipv6destinationAddress The advertised IPv6 address of the application.
destinationPort Defines the service port for ingress connections.
ipProtocol Specifies the virtual server IP protocol: tcp, udp, or any (default).
selfipAsDest Specify whether to use selfip as the destination IP address for the secure context. If selfipAsDest is set to true and destination addresses are not specified, then the selfIPs from the vlans.vlanList get configured as destination IPs. The default is false.
profile Specifies the profile to be used by the virtual server: fastl4 (default), tcp, udp, or ipother.
fastL4Settings.profileName Specifies how TMM handles connections using the F5BigFastl4Setting CR's metadata.name value.
tcpSettings.clientSide Specifies how TMM handles clientside TCP connections using the F5BigTcpSetting CR's metadata.name value.
tcpSettings.serverSide Specifies how TMM handles serverside TCP connections using the F5BigTcpSetting CR's metadata.name value.
udpSettings.clientSide Specifies how TMM handles clientside UDP connections using the F5BigUdpSetting CR's metadata.name value.
udpSettings.serverSide Specifies how TMM handles serverside UDP connections using the F5BigUdpSetting CR's metadata.name value.
natPolicy Specifies the F5BIGNatPolicy CR to reference using the metadata.name parameter.
firewallEnforcedPolicy Specifies the F5BigFwPolicy CR to reference using the metadata.name parameter.
ddosProfile Specifies a DDOS profile's name to utilize for this virtual server. The profile is then applied for this context (after the application of global DDOS policy). F5BIGPercontext DDoS CR to reference using the metadata.name parameter.
protocolInspectionProfile Specifies the F5BigIpsPolicy CR using the metadata.name parameter.
logProfile Specifies the F5BigLogProfile CR using the metadata.name parameter.
iRules The F5BigZeroratingirule CR to reference or one or more iRules CRs within F5BigContextSecure CR.
snat.type Specifies the type of address translation: none (default), automap, or snat.
snat.pool When snat.type is snat, specifies the F5BigCneSnatpool CR to reference using the spec.name parameter. "test_pool"
protocolInspectionProfile Specifies the F5BigIpsPolicy CR using the metadata.name parameter.
vlans Specifies one or more F5BigNetVlan CRs using the metadata.name parameter, that listen for application traffic.
vlans.disableListedVlans When enabled, accept traffic on all VLANs except those defined in the vlans.vlanList parameter: true (default) or false.
vlans.vlanList Specifies a list of F5BigNetVlan CRs to listen for ingress traffic, using the CR's metadata.name parameter.
loadBalancingMethod Specifies the load balancing method used to distribute traffic across pool members: round-robin distributes connections evenly across all pool members (default), and ratio-least-connections distributes connections first to members with the least number of active connections.
fastL4.idleTimeout Specifies the number of seconds that a fastL4 connection can remain idle before deletion: 0 to 4294967295. The default values is 300.
ipother.client.idleTimeout Specifies the number of seconds that an ipother client-side connection can remain idle before deletion: 0 to 4294967295. The default is 60.
ipother.server.idleTimeout Specifies the number of seconds that an ipother server-side connection can remain idle before deletion: 0 to 4294967295. The default is 60.

spec.pool

Parameter Description
minActiveMembers Specifies the minimum number of members that must be available in one priority group: 0 to 65536. The default is 0.
members Specifies a list of IP addresses and ports for the Service.
members.address Specifies the IP address of the Service.
members.port Specifies the port of the Service.
members.priorityGroup Specifies the priority group for pool member: 0 to 8. The default is 0.

monitors

Parameter Description
icmp.interval Specifies, in seconds, the monitor check frequency. The default value is 5.
icmp.timeout Specifies, in seconds, the time in which the target must respond. The default value is 16.
icmp.serversslProfileName Specifies the server side SSL profile used to ping the target. The default is _mon_ssl.
tcp.interval Specifies, in seconds, the monitor check frequency. The default values if 5.
tcp.timeout Specifies, in seconds, the time in which the target must respond. The default value is 16.
tcp.serversslProfileName Specifies the server side SSL profile used to ping the target. The default is _mon_ssl.