F5BigNetVlan

Overview

The F5BigNetVlan Custom Resource (CR) configures the Traffic Management Microkernel (TMM) network interface settings: VLAN tags, Self IP addresses, Maximum Transmission Size (MTU), bonding, and packet hashing algorithms.

This document guides you through understanding, configuring and deploying a simple F5BigNetVlan CR.

Scaling TMM

When scaling the TMM Proxy Pod beyond a single instance in the namespace, the spec.selfip_v4s and spec.selfip_v6s parameters must be configured to provide unique self IP addresses to each TMM replica. The first self IP address in the list is applied to the first TMM Pod, the second IP address to the second TMM Pod, continuing through the list.

Parameters

The table below describes the CR’s spec parameters:

Parameter	Description
name	The name of the VLAN object in the TMM configuration.
tag	The tagging ID applied to the VLAN object.
bonded	Combine multiple interfaces into a single bonded interface (true/false). The default false (disabled).
interfaces	One or more interfaces to associate with the VLAN object.
selfip_v4s	Specifies a list of IPv4 Self IP addresses associated with the VLAN. Each TMM replica receives an IP address in the element order.
prefixlen_v4	The IPv4 self IP address subnet mask.
selfip_v6s	Specifies a list of IPv6 Self IP addresses associated with the VLAN. Each TMM replica receives an IP address in the element order.
prefixlen_v6	The IPv6 self IP address subnet mask.
allowed_services	Specifies a list of protocols and the protocol service ports this VLAN accepts.
allowed_services.protocol	Specifies the protocol traffic the VLAN accepts.
allowed_services.port	Specifies the service port traffic the VLAN accepts.
mtu	Maximum transmission unit in bytes: (1500 to 8000). The default is 1500. Important: You must also set the BIG-IP Controller TMM_DEFAULT_MTU parameter to the same value when modifying the default.
trunk_hash	The hashing algorithm used to distribute packets across bonded interfaces: src-dst-mac combines MAC addresses of the source and destination. dst-mac the MAC address of the destination. index combine ports of the source and the destination. src-dst-ipport combine IP addresses and ports of the source and the destination (default).
cmp_hash	Specifies how traffic will be disaggregated. Use the SRC_ADDR value for the subscriber (upstream) facing VLAN and the DST_ADDR value for the application (downstream) facing VLAN. Do not use the SRC_DST_ADDR_PORT value.
auto_lasthop	Disables the auto last hop feature that sends return traffic to the MAC address transmitting the request: AUTO_LASTHOP_ENABLED, AUTO_LASTHOP_DISABLED or AUTO_LASTHOP_DEFAULT.

Important: To optimize network performance, set the cmp_hash parameter values as follows: set SRC_ADDR on the subscriber (upstream) VLAN, and DST_ADDR on the application (downstream) facing VLAN.

CR Examples

Subscriber VLAN:

apiVersion: "k8s.f5net.com/v1"
kind: F5BigNetVlan
metadata:
  name: "subscriber-vlan"
  namespace: "cnf-gateway"
spec:
  name: clientside
  interfaces:
    - "1.1"
  selfip_v4s:
    - 10.10.10.100
    - 10.10.10.101
  prefixlen_v4: 24
  selfip_v6s:
    - 2002::10:10:10:100
    - 2002::10:10:10:101
  prefixlen_v6: 116
  mtu: 9000
  cmp_hash: SRC_ADDR

Application VLAN:

apiVersion: "k8s.f5net.com/v1"
kind: F5BigNetVlan
metadata:
  name: "application-vlan"
  namespace: "cnf-gateway"
spec:
  name: serverside
  interfaces:
    - "1.2"
  selfip_v4s:
    - 192.168.10.100
    - 192.168.10.101
  prefixlen_v4: 24
  selfip_v6s:
    - 2002::192:168:10:100
    - 2002::192:168:10:101
  prefixlen_v6: 116
  mtu: 9000
  cmp_hash: DST_ADDR

CR shortName

CR shortNames provide an easy way to view installed CRs, and their configuration parameters. The CR shortName can also be used to delete the CR instance. The F5BigNetVlan CR shortName is vlan.

View CR instance:

kubectl get vlan -n <namespace>

View CR configuration:

kubectl get vlan -n <namespace> -o yaml

Requirements

Ensure you have:

• Installed the BIG-IP Controller.
• A Linux based workstation.

Deployment

Use the following steps to deploy the example F5BigNetVlan CR, and verify the Service Proxy TMM configuration.

1. Copy the F5BigNetVlan CRs into a YAML file:

   apiVersion: "k8s.f5net.com/v1"
   kind: F5BigNetVlan
   metadata:
     name: "subscriber-vlan"
     namespace: "cnf-gateway"
   spec:
     name: clientside
     interfaces:
       - "1.1"
     selfip_v4s:
       - 10.10.10.100
       - 10.10.10.101
     prefixlen_v4: 24
     selfip_v6s:
       - 2002::10:10:10:100
       - 2002::10:10:10:101
     prefixlen_v6: 116
     mtu: 9000
     cmp_hash: SRC_ADDR
   ---
   apiVersion: "k8s.f5net.com/v1"
   kind: F5BigNetVlan
   metadata:
     name: "application-vlan"
     namespace: "cnf-gateway"
   spec:
     name: serverside
     interfaces:
       - "1.2"
     selfip_v4s:
       - 192.168.10.100
       - 192.168.10.101
     prefixlen_v4: 24
     selfip_v6s:
       - 2002::192:168:10:100
       - 2002::192:168:10:101
     prefixlen_v6: 116
     mtu: 9000
     cmp_hash: DST_ADDR
   

2. Install the CR:

   kubectl apply -f cnf-vlan.yaml
   

3. List the VLAN CRs:

   kubectl get f5-big-net-vlan -n cnf-gateway
   

   In this example, the VLAN CR is installed:

   NAME
   subscriber-vlan
   application-vlan
   

4. If the Debug Sidecar is enabled (the default), you can verify that TMM has been configured:

   kubectl exec -it deploy/f5-tmm -c debug -n cnf-gateway -- ip a
   

   The interfaces should appear at the bottom of the list:

   8: clientside: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000
       link/ether 1e:80:c1:e8:81:15 brd ff:ff:ff:ff:ff:ff
       inet 192.168.10.100/24 brd 192.168.10.0 scope global server
          valid_lft forever preferred_lft forever
       inet6 2002::192:168:10:100/112 scope global
          valid_lft forever preferred_lft forever
   

Feedback

Provide feedback to improve this document by emailing cnfdocs@f5.com.