CNFs CRs¶
Overview¶
Cloud-Native Network Functions (CNFs) Custom Resource Definitions (CRDs) extend the Kubernetes API; enabling AFM and TMM to be configured using CNFs Custom Resources (CRs). CNFs CRs configure AFM and TMM to support low-latency 5G application traffic, and apply networking configurations such as interface IP addresses and static routes.
This document describes the available CNFs CRs, and lists them in the order they should be configured and installed.
Protection and NAT¶
Protection and NAT CRs can be referenced by Traffic Management CRs to protect applications from unauthorized and malignant network traffic.
- F5BigDdosProfile - Denial of Service (DoS/DDoS) event detection and mitigation.
- F5BigFwPolicy - Granular stateful-flow filtering based on access control list (ACL) policies.
- F5BigIpsPolicy - Intelligent packet inspection protects applications from malignant network traffic.
- F5BigPePolicy - Intelligently control, steer, and optimize subscriber traffic.
- F5BigClassificationprofile - Enable deep packet inspection to analyze and categorize subscriber traffic.
- F5BigDownloaderPolicy - Downloads the latest IM packages to dynamically update F5BigPePolicy and F5BigClassificationprofile CRs
- F5BigNatPolicy - Carrier-grade NAT (CG-NAT) using large-scale NAT (LSN) pools.
- F5BigFwRulelist - Enables rule-lists in the AFM ACL Policy.
- F5BigCneZone - List of VLANs for Zones.
Traffic management¶
Traffic management CRs configure TMM to provide secure application layer gateway services to remote subscribers.
- F5BigContextSecure - Full proxy TCP and UDP application layer gateway services.
- F5BigCneIrule - CNF supports iRules with Context Secure or any other usecase CRs (example: DNS Virtual Server and F5BigAlgFtp).
- F5BigDnsApp - High-performance DNS resolution, caching, and DNS64 translations.
- F5BigAlgFtp - File Transfer Protocol (FTP) application layer gateway services.
- F5BigAlgTftp - Trivial File Transfer Protocol (TFTP) application layer gateway services.
- F5BigAlgPptp - Point-to-Point Tunneling Protocol (PPTP) application layer gateway services.
- F5BigAlgRtsp - Real Time Streaming Protocol (RTSP) application layer gateway services.
- F5BigDohApp - High-performance DNS resolution, caching, and DNS64 translations over secure HTTPs connections.
Profiles and global settings¶
Profiles and global setting CRs can be reference by CNFs Traffic Management CRs to customize and enhance traffic processing.
- F5BigZeroratingPolicy - Part of Zero-Rating DNS solution; enabling subscribers to bypass rate limits.
- F5BigTcpSetting - TCP options to fine-tune how application traffic is managed.
- F5BigUdpSetting - UDP options to fine-tune how application traffic is managed.
- F5BigFastl4Setting - FastL4 option to fine-tune how application traffic is managed.
- F5BigCecPeGlobaloptions - Options to modify the default behavior of the F5BigPePolicy CRs.
- F5BigContextGlobal - Modifies the F5BigFwPolicy CR’s default firewall action.
Networking CRs¶
Networking CRs configure TMM’s networking components such as network interfaces and static routes.
Available network management CRs:
- F5BigNetVlan - TMM interface configuration: VLANs, Self IP addresses, MTU sizes, etc.
- F5BigCneSnatpool - Modify the source IP address of egress packets to TMM self IP address.
- F5BigNetStaticroute - TMM static routing table management.
Event logging¶
Event logging CRs can be referenced by Traffic Management CRs to log a wide variety of application traffic events to remote logging servers.
- F5BigLogProfile - Specifies subscriber connection information sent to remote logging servers.
- F5BigLogHslpub - Defines remote logging server endpoints for the F5BigLogProfile.
Installation status¶
Once a CNFs Custom Resource (CR) has been installed, you can view the status of the installation using the following command:
kubectl get <cr type> <cr name> -n <namespace>
For example:
kubectl get natpol cnf-46-nat -n cnf-gateway
NAME STATUS MESSAGE
cnf-46-nat SUCCESS CR config sent to all grpc endpoints
Feedback¶
Provide feedback to improve this document by emailing cnfdocs@f5.com.