Cloud-Native Network Functions (CNFs) Custom Resource Definitions (CRDs) extend the Kubernetes API; enabling AFM and TMM to be configured using CNFs Custom Resources (CRs). CNFs CRs configure AFM and TMM to support low-latency 5G application traffic, and apply networking configurations such as interface IP addresses and static routes.

This document describes the available CNFs CRs, and lists them in the order they should be configured and installed.

Protection and NAT

Protection and NAT CRs can be referenced by Traffic Management CRs to protect applications from unauthorized and malignant network traffic.

  • F5BigDdosProfile - Denial of Service (DoS/DDoS) event detection and mitigation.
  • F5BigFwPolicy - Granular stateful-flow filtering based on access control list (ACL) policies.
  • F5BigIpsPolicy - Intelligent packet inspection protects applications from malignant network traffic.
  • F5BigPePolicy - Intelligently control, steer, and optimize subscriber traffic.
  • F5BigClassificationprofile - Enable deep packet inspection to analyze and categorize subscriber traffic.
  • F5BigDownloaderPolicy - Downloads the latest IM packages to dynamically update F5BigPePolicy and F5BigClassificationprofile CRs
  • F5BigNatPolicy - Carrier-grade NAT (CG-NAT) using large-scale NAT (LSN) pools.
  • F5BigFwRulelist - Enables rule-lists in the AFM ACL Policy.
  • F5BigCneZone - List of VLANs for Zones.

Traffic management

Traffic management CRs configure TMM to provide secure application layer gateway services to remote subscribers.

  • F5BigContextSecure - Full proxy TCP and UDP application layer gateway services.
  • F5BigCneIrule - CNF supports iRules with Context Secure or any other usecase CRs (example: DNS Virtual Server and F5BigAlgFtp).
  • F5BigDnsApp - High-performance DNS resolution, caching, and DNS64 translations.
  • F5BigAlgFtp - File Transfer Protocol (FTP) application layer gateway services.
  • F5BigAlgTftp - Trivial File Transfer Protocol (TFTP) application layer gateway services.
  • F5BigAlgPptp - Point-to-Point Tunneling Protocol (PPTP) application layer gateway services.
  • F5BigAlgRtsp - Real Time Streaming Protocol (RTSP) application layer gateway services.
  • F5BigDohApp - High-performance DNS resolution, caching, and DNS64 translations over secure HTTPs connections.

Profiles and global settings

Profiles and global setting CRs can be reference by CNFs Traffic Management CRs to customize and enhance traffic processing.

Networking CRs

Networking CRs configure TMM’s networking components such as network interfaces and static routes.

Available network management CRs:

  • F5BigNetVlan - TMM interface configuration: VLANs, Self IP addresses, MTU sizes, etc.
  • F5BigCneSnatpool - Modify the source IP address of egress packets to TMM self IP address.
  • F5BigNetStaticroute - TMM static routing table management.

Event logging

Event logging CRs can be referenced by Traffic Management CRs to log a wide variety of application traffic events to remote logging servers.

  • F5BigLogProfile - Specifies subscriber connection information sent to remote logging servers.
  • F5BigLogHslpub - Defines remote logging server endpoints for the F5BigLogProfile.

Installation status

Once a CNFs Custom Resource (CR) has been installed, you can view the status of the installation using the following command:

kubectl get <cr type> <cr name> -n <namespace>

For example:

kubectl get natpol cnf-46-nat -n cnf-gateway
cnf-46-nat   SUCCESS   CR config sent to all grpc endpoints


Provide feedback to improve this document by emailing