Adaptive Bit Rating

Adaptive Bitrate Streaming (ABR) is a video delivery technology designed to optimize playback quality based on real-time network conditions. Rather than streaming video at a fixed resolution, ABR continuously monitors the user’s internet bandwidth and dynamically adjusts the video quality. For instance, when the network is strong, high-definition video is delivered. If the connection weakens, the stream automatically shifts to a lower resolution to prevent buffering or playback interruptions. This adaptive approach ensures a seamless viewing experience, even under fluctuating network conditions.

F5 offers a robust solution to help service providers manage video traffic more efficiently. The F5 BIG-IP Policy Enforcer can identify video streams, including ABR video, and apply dynamic traffic management techniques. It supports TCP-proxy-based bandwidth control and flow shaping for UDP-based video streams. These capabilities, combined with other F5 features, enable service providers to optimize network resource usage, particularly in bandwidth-constrained environments like the Radio Access Network (RAN) while maintaining a high-quality user experience. This approach helps future-proof network infrastructure against the growing demands of video traffic.

Prerequisites

Prior configuring the ABR usecase, ensure to have the following:

• Enabled the Deep Packet Inspection

• A Linux based workstation

Configuring ABR usecase

This section demonstrates the procedure to configure the ABR usecase with Deep Packet Inspection (DPI).

Apply Global Options

Edit the F5BigDpiPeOptions options CR by changing the default values of the parameters. Cpy and paste the following example in the dpi-pe-options.yaml file.

apiVersion: "k8s.f5net.com/v1"
kind: F5BigDpiPeOptions
metadata:
  name: "dpi-pe-default-options"
spec:
  dpiGlobalOptions:
    classifier:
      enableAbr: True
      abrMaxPackets: 512
      enableEvc: True
      evcMaxPackets: 92500

For more information on how to edit and apply the PE Global Options CR, see F5BigDpiPeOptions CR.

Apply DPI Profile

Deep packet Inspection requires F5BigDpiProfile CR profile to enable the DPI feature. The following CR sets the application detection to true.

1. Copy and paste the following content to the dpi-profile.yaml file.

   apiVersion: "k8s.f5net.com/v1"
   kind: F5BigDpiProfile
   metadata:
     name: "dpi-profile"
   spec:
     name: "dpiprofile-cnf"
       enableApplicationDetection: true
       enableLogUnclassifiedDomain: true
       enableIruleEvent: true
       preset:
         enableFlowBundling: true
         analyzeSslServerside: true
         enableCacheResults: true
         analyzeDns: true
         allowReclassification: true
   

2. Run the following command to apply the DPI Profile:

   kubectl apply -f dpi-profile.yaml -n <name_space>
   

   Replace <name_space> with the namespace where the DPI profile is configured.

3. Verify the DPI Profile CR is applied by checking the f5ingress logs.

   I0224 11:41:43.489089      13 event.go:364] Event(v1.ObjectReference{Kind:"F5BigDpiProfile", Namespace:"default", Name:"dpi-profile", UID:"8588d3c6-5287-41bd-b0b1-c7260d6c73dc", APIVersion:"", ResourceVersion:"59202", FieldPath:""}): type: 'Normal' reason: 'Added/Updated' F5DpiProfile default/dpi-profile was added/updated
   

   For more information on DPI Profile, see F5BigDPIprofile CRD page.

Apply PE Policy

Following is the process to apply the F5BigPePolicy CR. The PE policy tries to allow the Google traffic and classify it as tcp.http.google traffic when google traffic is detected.

1. Copy and paste the following content to the pe-policy-dpi.yaml file.

   apiVersion: "k8s.f5net.com/v1"
   kind: F5BigPePolicy
   metadata:
     name: "pem-policy-dpi"
   spec:
     description: "pem policy for dpi"
     rule:
     - name: "dpi-rule"
       precedence: 1
       filter:
         deepPacketInspection:
         - name: "class1"
           match: "match"
           category: "netflix_video"
           application: "any"
     action:
       enableGate: true
   

2. Run the following command to apply the PE Policy:

   kubectl apply -f pem-policy-dpi.yaml -n <name_space>
   

   Replace <name_space> with the namespace where the PE policy is configured.

3. Verify the PE Policy is applied by checking the f5ingress logs.

   I0224 11:45:47.295465      13 event.go:364] Event(v1.ObjectReference{Kind:"F5BigPePolicy", Namespace:"default", Name:"pem-policy-dpi", UID:"d61a891f-0c90-4128-a0d0-5b2d206e1622", APIVersion:"", ResourceVersion:"59582", FieldPath:""}): type: 'Normal' reason: 'Added/Updated' PemPolicy default/pem-policy-dpi was added/updated
   

   For more information on PE Policy, see F5BigPePolicy CR.

Apply PE Profile

Following is the process to apply the F5BigPeProfile CR. The PE Profile CR applies the PE policy under unknownSubscriberPolicy.

1. Copy and paste the following content in pe-profile-dpi.yaml file.

   apiVersion: "k8s.f5net.com/v1"
   kind: F5BigPeProfile
   metadata:
     name: "pem-profile-dpi"
   spec:
     description: "pem profile for dpi"
     globalPolicy: {}
     unknownSubscriberpolicy:
       - "pem-policy-dpi"
   

2. Run the following command to apply the PE Profile.

   kubectl apply -f pem-profile-dpi.yaml -n <name_space>
   

   Replace <name_space> with the namespace where the PE profile is configured.

3. Verify the PE Profile is applied by checking the f5ingress logs.

   I0221 08:02:55.145541      13 event.go:377] Event(v1.ObjectReference{Kind:"F5BigPeProfile", Namespace:"default", Name:"pem-profile-dpi", UID:"1405a7e8-402a-4490-80b6-710ae6b3f79c", APIVersion:"", ResourceVersion:"12241", FieldPath:""}): type: 'Normal' reason: 'Added/Updated' PemProfile default/pem-profile-dpi was added/updated
   

   For more information on PE Profile, see F5BigPeProfile CR.

Apply Secure Context

1. Add the following example in secure-context.yaml file.

   apiVersion: "k8s.f5net.com/v1"
   kind: F5BigContextSecure
   metadata:
     name: "virtual-server"
   spec:
     destinationAddress: "0.0.0.0/0"
     destinationPort: 0
     ipProtocol: "tcp"
     snat:
       type: "automap"
     peProfile: "pem-profile-dpi"
     dpiProfile: "dpi-profile"
     profile: "tcp"
   

2. Run the following command to apply the Secure Context.

   kubectl apply -f secure-context.yaml -n <name_space>
   

   Replace <name_space> with the namespace where the PE profile is configured.

3. Verify the Secure Context CR is applied by checking the f5ingress logs.

   I0221 08:06:28.013501      13 event.go:377] Event(v1.ObjectReference{Kind:"F5BigContextSecure", Namespace:"default", Name:"virtual-server", UID:"ec203939-44ef-4c32-9bc6-8e84b1501869", APIVersion:"", ResourceVersion:"12572", FieldPath:""}): type: 'Normal' reason: 'Added/Updated' SecureContext default/virtual-server was added/updated
   

For more information on Secure Context, see F5BigContextSecure CR.

Policy Enforcement Statistics

If the TMM Debug sidecar is enabled (default), use the following steps to verify DPI statistics.

1. Log in to the TMM debug Pod.

   kubectl exec -it deploy/f5-tmm -c debug -n <name_space> -- bash

2. Verify the DPI statistics.

   tmctl -d /var/tmstat/blade/ -w 200 gpa_dpi_stats

   Sample output:

   result                                         count  dpi  flbl srdb custom  bytes_in  bytes_out  pkts_in  pkts_out
   ---------------                                -----  ---  ---- ---- ------  --------  ---------  -------  --------
   tcp.ssl.netflix.netflix_video                  1096   1096   0   0     0    4389916    85333303   18078    19259
   tcp.ssl.netflix.netflix_video.netflix_video_abr 67     67    0    0    0    4677343    345869616  30584    32609
   

Feedback

To provide feedback and help improve this document, please email us at cnfdocs@f5.com.