F5BigRadiusAttribute¶
Overview¶
The F5BigRadiusAttribute Custom Resource (CR) declares a single RADIUS attribute (AVP) so BIG-IP Next CNF can correctly parse its value from RADIUS Accounting messages. Each CR specifies the AVP’s data type, length constraints, and whether it is a vendor-specific attribute (including vendorId/vendorType). RADIUS Protocol Profiles reference these attributes by name to import values into subscriber sessions and to construct Subscriber IDs.
This document guides you through understanding, configuring and deploying a simple F5BigRadiusAttribute CR.
Parameters¶
The following tables describe the F5BigRadiusAttribute CR parameters.
metadata¶
| Parameter | Description |
|---|---|
name |
The unique name of the RADIUS attribute. This value is referenced by F5BigRadiusProtocolProfile CRs. |
namespace |
The Kubernetes namespace where the attribute is installed. |
spec¶
The table below describes the CR’s spec parameters:
| Parameter | Description |
|---|---|
datatype |
Specifies the data type of the radius attribute. Depending on the attribute type, the corresponding datatype should be configured. The allowed values are octet, string, ip4addr, ip6addr, ip6prefix, and integer. |
minLength |
Specifies the expected minimum length of the radius attribute value. The default value is 1. The allowed range is 1–255. For ip4addr, the minimum length must be 4 and for ip6addr, it must be 16. |
maxLength |
Specifies the maximum allowed length for the radius attribute value. The default value is 255. The allowed range is 4–255. For ip4addr, the maximum allowed length must be 4. For ip6addr, it must be 16. |
vendorType |
Specifies the vendor type if it is a vendor-specific attribute. The default value is 0. The allowed range is 0–255. It is a mandatory field and must be ≥ 1 when type is vendor-specific. |
vendorId |
Specifies the specific vendor ID if the type is a vendor-specific attribute. The default value is 0. The allowed range is 0–65535. It is a mandatory field and and must be ≥ 1 when type is vendor-specific. |
type |
Specifies the type of the radius attribute from the RADIUS protocol RFC. The allowed values are user-name, framed-ip-address, framed-ipv6-address, framed-ipv6-prefix, vendor-specific, and calling-station-id. |
CR Examples¶
Standard IPv4 Framed-IP-Address:
apiVersion: "k8s.f5net.com/v1"
kind: F5BigRadiusAttribute
metadata:
name: "radius-attribute-framed-ip"
spec:
datatype: "ip4addr"
minLength: 4
maxLength: 4
type: "framed-ip-address"
Standard IPv6 Framed-IPv6-Address:
apiVersion: "k8s.f5net.com/v1"
kind: F5BigRadiusAttribute
metadata:
name: "radius-attribute-framed-ipv6"
spec:
datatype: "ip6addr"
minLength: 16
maxLength: 16
type: "framed-ipv6-address"
CR shortName¶
CR shortNames provide an easy way to view installed CRs, and their configuration parameters. The CR shortName can also be used to delete the CR instance. The F5BigRadiusAttribute CR shortName is radattr.
View CR instance:
oc get radattr -n <namespace>
View CR configuration:
oc get radattr -n <namespace> -o yaml
Deployment¶
Use the following steps to deploy the example F5BigRadiusAttribute CR.
Copy the F5BigRadiusAttribute CRs into a YAML file:
apiVersion: apiextensions.k8s.io/v1 kind: "CustomResourceDefinition" metadata: name: <<name>>.k8s.f5net.com spec: group: k8s.f5net.com versions: - name: v1 served: true storage: true schema: openAPIV3Schema: type: object properties: spec: type: object required: - datatype - type x-kubernetes-validations: - rule: "self.type != 'vendor-specific' || (has(self.vendorType) && has(self.vendorId) && self.vendorType >= 1 && self.vendorId >= 1)" message: "When type is 'vendor-specific', vendorType and vendorId must be set and >= 1." - rule: "self.datatype != 'ip4addr' || (has(self.minLength) && has(self.maxLength) && self.minLength == 4 && self.maxLength == 4)" message: "When datatype is 'ip4addr', minLength and maxLength must be 4." - rule: "self.datatype != 'ip6addr' || (has(self.minLength) && has(self.maxLength) && self.minLength == 16 && self.maxLength == 16)" message: "When datatype is 'ip6addr', minLength and maxLength must be 16." properties: datatype: description: > Specifies the data type of the radius attribute. Depending on the attribute type, the corresponding datatype should be configured. type: string enum: ["octet", "string", "ip4addr", "ip6addr", "ip6prefix", "integer"] minLength: description: > Specifies the expected minumum length of the radius attrubute value. type: integer default: 1 minimum: 1 maximum: 255 maxLength: description: > Specifies the maximum allowed length for the radius attribute value. type: integer default: 255 minimum: 4 maximum: 255 vendorType: description: > Specifies that if the type is a vendor-specific attribute, then what the vendor type is. type: integer default: 0 minimum: 0 maximum: 255 vendorId: description: > Specifies that if the type is a vendor-specific attribute, then what the specific vendor ID is. type: integer default: 0 minimum: 0 maximum: 65535 type: description: > Specifies the type of the radius attribute from the RADIUS protocol RFC. type: string enum: ["user-name","framed-ip-address","framed-ipv6-address", "framed-ipv6-prefix","vendor-specific","calling-station-id"]
Install the CR:
oc apply -f cnf-radattr.yaml
Feedback¶
Provide feedback to improve this document by emailing cnfdocs@f5.com.