F5BigCecPeGlobaloptions¶
The F5BigCecPeGlobaloptions CR installs with the Cloud-Native Network Functions (CNFs) CRDs, and determines the default behavior for the installed F5BigPePolicy CRs. The F5BigCecPeGlobaloptions CR provides options that enable modifications to the default Policy Enforcer (PE), Classification Engine Core (CEC), and Generic Packet Analizyer (GPA) session management and logging behaviors at the global level.
This document guides you through configuring and installing a simple F5BigCecPeGlobaloptions CR.
CR Parameters¶
The table below describes the CR spec.cecGlobalOptions parameters:
| Parameter | Description |
|---|---|
enableFlowBundling |
Enable or Disable CEC flow bundling: true (default) or false. |
sslSessionIdTimeout |
Sets the CEC flow bundling session timeout in seconds for SSL connections: 15 to 86400. The default is 18000. |
gpaLogLevel |
Sets the log level for GPA: Warning (default),Notice, Informational, or Debug. |
cecLogLevel |
Sets the log level for CEC: Warning (default),Notice, Informational, or Debug. |
cecMaxPackets |
Max amount of packets to make classification decision: 1 to 64. The default is 10. |
The table below describes the CR spec.cecGlobalOptions.classifier parameters:
| Parameter | Description |
|---|---|
enableAbr |
Enable Adaptive Bitrate Streaming: true or false (default). |
abrMaxPackets |
Set Maximum number of packets to build confidence for adaptive bitrate videos: 200 to 512. The default is 256. |
enableEvc |
Enable EVC (Encrypted Video Classification): true or false (default). |
evcMaxPackets |
Maximum number of packets used to build confidence in detecting the resolution: 512 to 500000. The default is 22500. |
The table below describes the CR spec.peGlobalOptions parameters:
| Parameter | Description |
|---|---|
peSrdbEnable |
Enables srDB in PE: true (default) or false. |
peLogLevel |
Specifices the PE log level: Critical,Debug, Error, Informational, Warning (default). |
pePolicyReevaluationInterval |
Specifies the reevaluation interval for the PE policy: 0 to 4294967295. The default is 20. |
peSessionInactivityTimeout |
Specifies the inactivity timeout for PE sessions: 0 to 525600. The default is 120. |
peSpmMaxSessionLimit |
Specifies the max number of PE SPM sessions: 128 to 1048576. The default is 524288. |
The table below describes the CR spec.peGlobalOptions.reporting parameters:
| Parameter | Description |
|---|---|
hslFlowStartReport |
Enables generating and sending PE HSL flow start reports to destination endpoints: Enabled (default) or Disabled. |
hslFlowInterimReport |
Enables generated and sending PE HSL flow interval reports to destination endpoints: Enabled (default) or Disabled. |
hslFlowReportVersion |
Specifies the BIG-IP software version under which the PEM HSL flow reports are generated and sent out to the destination endpoint: REPORT_VER_16_1 (default). |
CR Example¶
apiVersion: k8s.f5net.com/v1
kind: F5BigCecPeGlobaloptions
metadata:
name: "cec-pe-default-global-options"
namespace: "cnf-gateway"
spec:
cecGlobalOptions:
sslSessionIdTimeout: 300
gpaLogLevel: "Debug"
classifier:
enableAbr: true
abrMaxPackets: 300
peGlobalOptions:
peLogLevel: "Debug"
pePolicyReevaluationInterval: 120
peSessionInactivityTimeout: 240
reporting:
hslFlowInterimReport: "Disabled"
CR updates¶
The F5BigCecPeGlobaloptions CR behaves differently than the other CNFs CRs: When you install the BIG-IP Controller to a namespace, a copy of the F5BigCecPeGlobaloptions is applied to namespace with the default values. Because only a single CR of this type can exist in the namespace, you must use the same name, cec-pe-default-global-options, when modifying the F5BigCecPeGlobaloptions CR. Also, when deleting the CR, a new copy will again be applied to the BIG-IP Controller’s namespace with the default values.
Installation¶
Use the steps below to modify the default values of the F5BigCecPeGlobaloptions CR.
Copy the F5BigCecPeGlobaloptions CR into a YAML file:
apiVersion: k8s.f5net.com/v1 kind: F5BigCecPeGlobaloptions metadata: name: "cec-pe-default-global-options" namespace: "cnf-gateway" spec: cecGlobalOptions: sslSessionIdTimeout: 300 gpaLogLevel: "Debug" classifier: enableAbr: true abrMaxPackets: 300 peGlobalOptions: peLogLevel: "Debug" pePolicyReevaluationInterval: 120 peSessionInactivityTimeout: 240 reporting: hslFlowInterimReport: "Disabled"
Replace the CR:
kubectl replace -f cnf-pe-globals.yaml
In this example, the BIG-IP Controller logs indicate the F5BigCecPeGlobaloptions CR was added/updated:
I0606 12:00:00.612067 1 event.go:282] Event(v1.ObjectReference{Kind:"F5CecPeGlobalOptions", F5CecPeGlobalOptions cnf-gateway/cec-pe-default-global-options was added/updated
Verify the values:
kubectl get -f cnf-pe-globals.yaml -o yaml
In this example, the defaults have been updated and match the replaced CR values:
apiVersion: k8s.f5net.com/v1 kind: F5BigCecPeGlobaloptions metadata: generation: 2 name: "cec-pe-default-global-options" namespace: "cnf-gateway" spec: cecGlobalOptions: sslSessionIdTimeout: 300 gpaLogLevel: "Debug" classifier: enableAbr: true abrMaxPackets: 300 peGlobalOptions: peLogLevel: "Debug" pePolicyReevaluationInterval: 120 peSessionInactivityTimeout: 240 reporting: hslFlowInterimReport: "Disabled"
Reset the values back to the defaults:
kubectl delete -f cnf-pe-globals.yaml
In this example, the BIG-IP Controller logs indicate the F5BigCecPeGlobaloptions CR was added/updated:
I0606 12:00:00.612067 1 event.go:282] Event(v1.ObjectReference{Kind:"F5CecPeGlobalOptions", F5CecPeGlobalOptions cnf-gateway/cec-pe-default-global-options was added/updated
Continue to the F5BigPePolicy to begin using the new F5BigCecPeGlobaloptions CR.
Feedback¶
Provide feedback to improve this document by emailing cnfdocs@f5.com.