F5BigFastl4Setting

The F5BigFastl4Setting CR currently provides one option to fine-tune how Traffic Management Microkernel (TMM) handles connections. Once configured and installed, the F5BigFastl4Setting CR can then be referenced by the F5BigContextSecure Custom Resource (CR).

This document guides you through understanding, configuring and installing a simple F5BigFastl4Setting CR.

CR parameters

The table below describes the CR spec parameters:

Parameter Description
idleTimeout Specifies the number of seconds that a connection is idle before the connection is eligible for deletion: 0 to 4294967295. The default value is 300.

CR Example

apiVersion: "k8s.f5net.com/v1"
kind: F5BigFastl4Setting
metadata:
  name: "cnf-fastl4-optimize"
  namespace: "cnf-gateway"
spec:
  idleTimeout: 150

Default profile

After installing the BIG-IP Controller, a default F5BigFastL4Setting CR is created in each new namespace. In this example, a default F5BigFastL4Setting CR exists in the cnf-gateway namespace:

oc get f5-big-fastl4-settings -n cnf-gateway
NAME
sys-default-fastl4

Requirements

Ensure you have:

Installation

Use the steps below to install the F5BigTcpSetting CR.

  1. Copy the example F5BigTcpSetting CR modifies the idleTimeout period. Copy and paste the example into a YAML file:

    apiVersion: "k8s.f5net.com/v1"
    kind: F5BigFastl4Setting
    metadata:
      name: "cnf-fastl4-optimize"
      namespace: "cnf-gateway"
    spec:
      idleTimeout: 150
    
  2. Install the CR:

    oc apply -f cnf-fastl4-cr.yaml
    

    In this example, the BIG-IP Controller logs indicate the F5BigTcpSetting CR was added/updated:

    I0202 12:00:00.12349   1 event.go:282 Event(v1.ObjectReference{Kind:"F5TcpSetting",
    TcpSetting cnf-gateway/cnf-tcp-optimize was added/updated
    
  3. The example F5BigContextSecure CR listens for connections destined to IP addresses in the 2002::200:200:200:0/112 subnet, using any protocol, and only on the subscriber-vlan interface. The CR also references the F5BigFastl4Setting profile. Copy and paste the example into a YAML file:

    apiVersion: k8s.f5net.com/v1
    kind: F5BigContextSecure
    metadata:
      name: "cnf-context"
      namespace: "cnf-gateway"
    spec:
       ipv6destinationAddress: "2002::200:200:200:0/112"
       destinationPort: 0
       ipProtocol: "any"
       profile: "fastL4"
       fastL4Settings:
         profileName: "cnf-fastl4-optimize"
       vlans:
         vlanList:
           - "subscriber-vlan"
    
  4. Install the F5BigContextSecure CR:

    oc apply -f f5-cnf-context.yaml
    

    In this example, the BIG-IP Controller logs indicate the F5BigContextSecure CR was added/updated:

    I0202 12:00:00:12350    1 event.go:282] Event(v1.ObjectReference{Kind:"F5SecureContext",
    SecureContext cnf-gateway/cnf-context was added/updated
    
  5. The TMM Proxy Pod can now process application traffic using the F5BigFastl4Setting CR.

Feedback

Provide feedback to improve this document by emailing cnfdocs@f5.com.