F5BigDpiPeOptions¶
Overview¶
The F5BigDpiPeOptions Custom Resource Definition (CRD) provides options to configure global level parameters such as PE session `inactive timeouts, log level options for DPI, urlcat, which would affect all the DPI, URLCAT and gpa level profiles.
Key Features¶
Adaptive Bitrate (ABR)
Adaptive Bitrate (ABR) is a video streaming technology that dynamically adjusts the quality of a video stream in real-time based on the network conditions and device capabilities of the viewers. For more information on how to configure the ABR usecase with DPI, see Adaptive Bit Rating page.
Encrypted Video Classification (EVC)
Encrypted Video Classification (EVC) predicts the streaming resolution by identifying and analyzing the encrypted video traffic to determine if it uses Adaptive Bitrate (ABR) streaming. Since the video data is encrypted, the classification relies on non-payload features such as VideoChunk characteristics, L3/L4 characteristics, and rate indicators such as Packets Per Second (PPS).
CR Parameters¶
The tables in this section lists and describes the F5BigDpiPeOptions CR parameters.
metadata
| Parameter | Description |
|---|---|
name |
The name of the DPIPeOptions CR. |
spec.dpiGlobalOptions
| Parameter | Description |
|---|---|
gpaLogLevel |
Specifies the logging level for GPA, controlling warnings, notices, informational, and debug logs. The value can be Warning (default), Notice, Informational, Debug. |
urlcatLogLevel |
Specifies the logging level for URLCAT, controlling warnings, notices, informational, and debug logs. The value can be Warning (default), Notice, Informational, Debug. |
dpiMaxPackets |
Defines the maximum number of packets analyzed per flow to make a Deep Packet Inspection decision. The range is from 1 to 64 and the default value is 10. |
classifier.enableAbr |
Specifies the status of Adaptive Bitrate Streaming detection. The value can be true or false (default). |
classifier.abrMaxPackets |
Defines the maximum number of packets the DPI engine analyses, to classify the video stream and determine its quality (for example, 480p or 720p) to ensure the identification of the accurate streaming quality for efficient monitoring and optimization. The range is from 200 to 512 and the default value is 256. |
classifier.enableEvc |
Specifies the status of Encrypted Video Classification (EVC). To enable EVC, set this parameter to true or false (default) to disable it. |
classifier.evcMaxPackets |
Encrypted Video Classification identifies and analyzes encrypted video traffic to determine if it uses Adaptive Bitrate (ABR) streaming and predicts the streaming resolution. Since the video data is encrypted, the classification relies on non-payload features such as VideoChunk characteristics, rate indicators (such as packets per second), and L3/L4 characteristics. Machine learning models are trained offline using these features and deployed on systems like BigIP for real-time classification without inspecting encrypted packet payloads. The abrMaxPackets parameter specifies the maximum number of packets analyzed to build confidence in detecting the video resolution. |
spec.peGlobalOptions
| Parameter | Description |
|---|---|
peLogLevel |
Sets the log level for pe. The value can be Critical, Debug, Error, Informational, Warning (default). |
pePolicyReevaluationInterval |
Specifies the time period until when the system re-evaluates an active policy. Checks whether the policy conditions still apply to the ongoing traffic flows, and can be configured to update the policy enforcement based on the set interval. The range is from 0 to 4294967295 with a default value of 20. |
peSessionInactivityTimeout |
Specifies how long a Policy Enforcer (PE) session can remain idle before being terminated due to inactivity. |
peSpmMaxSessionLimit |
Specifies the maximum number of concurrent subscriber sessions that can be actively managed by the system at any given time. Note: The maximum session limit is configured at the TMM thread level. The range is from 128 to 1048576 and the default value is 524288. |
spec.peGlobalOptions.reporting
| Parameter | Description |
|---|---|
enableHslFlowStartReport |
Specifies whether pe HSL flow start reports are generated and sent out to the destination endpoint. |
enableHslFlowInterimReport |
Specifies whether pe HSL flow interim message reports are generated and sent out to the destination endpoint. |
hslFlowReportVersion |
Secifies the BIG-IP software version under which the pe HSL flow reports are generated and sent out to the destination endpoint. |
CR Example¶
F5BigDpiPeOptions
Following is an example CR of F5BigDpiPeOptions.
apiVersion: "k8s.f5net.com/v1"
kind: F5BigDpiPeOptions
metadata:
name: "dpi-pe-default-options"
spec:
dpiGlobalOptions:
gpaLogLevel: "Warning"
dpiLogLevel: "Warning"
urlcatLogLevel: "Warning"
dpiMaxPackets: 10
classifier:
enableAbr: false
abrMaxPackets: 256
enableEvc: false
evcMaxPackets: 22500
peGlobalOptions:
peLogLevel: "Warning"
pePolicyReevaluationInterval: 5
peSessionInactivityTimeout: 100
peSpmMaxSessionLimit: 524288
reporting:
enableHslFlowStartReport: true
enableHslFlowInterimReport: true
hslFlowReportVersion: REPORT_VER_16_1
Note: By default, the f5-big-dpi-pe-optionses.k8s.f5net.com CR comes up with default values for each parameter, if any value has to be changed, create a CR with name dpi-pe-default-options and change the requried parameter value. For more information, see How to edit the default values in DPIPeOptions CR) section.
How to edit default values in DPIPeOptions CR¶
The F5BigDpiPeOptions CR comes with a default CR with default values configured for each parameter. If any value has to be changed, edit the existing CR and change the required parameter value. For example, gpaLogLevel, dpiLogLevel, urlcatLogLevel and peLogLevel parameters come with a default value Warning. If you have to change the log levels ofgpa, dpi, urlcat and pe to Debug, edit the existing F5BigDpiPeOptions CR as mentioned in this section.
Before editing the default values, check the CR that is already installed in the cluster. Run the following command to check:
oc get f5-big-dpi-pe-optionses.k8s.f5net.com -n <name_space>Sample output:
dev@datkube-devbox:~/datkube_pe$ kubectl get f5-big-dpi-pe-optionses.k8s.f5net.com NAME READY MESSAGE AGE dpi-pe-default-options True CR config sent to all grpc endpoints 4m58s
Note: The name of the existing F5BigDpiPeOptionsCR isdpi-pe-default-options. Any values of theF5BigDpiPeOptionsCR that has to be changed should be done with thedpi-pe-default-optionsnamed CR.Edit the
F5BigDpiPeOptionsoptions CR by changing the default values of the parameters. Copy and paste the following example in thedpi-pe-options.yamlfile.apiVersion: "k8s.f5net.com/v1" kind: F5BigDpiPeOptions metadata: name: "dpi-pe-default-options" spec: dpiGlobalOptions: gpaLogLevel: "Debug" dpiLogLevel: "Debug" urlcatLogLevel: "Debug" peGlobalOptions: peLogLevel: "Debug"
Apply the
F5BigDpiPeOptionsCR. Run the following command:oc -f apply dpi-pe-default-options -n name_spaceVerify that the CR is applied by checking the f5ingress logs.
Sample output:
Logs: <134>Mar 11 04:56:18 f5-tmm-7664999965-n75kd tmm[21]: 01010058:6: audit log: action: CREATE; UUID: default-dpi-pe-default-options-dpipeglobaloptions; event: declTmm.cec_pe_global_options; Error: No error
Feedback
To provide feedback and help improve this document, please email us at cnfdocs@f5.com.