F5BigCecPeGlobaloptions

The F5BigCecPeGlobaloptions CR installs with the Cloud-Native Network Functions (CNFs) CRDs, and determines the default behavior for the installed F5BigPePolicy CRs. The F5BigCecPeGlobaloptions CR provides options that enable modifications to the default Policy Enforcer (PE), Classification Engine Core (CEC), and Generic Packet Analizyer (GPA) session management and logging behaviors at the global level.

This document guides you through configuring and installing a simple F5BigCecPeGlobaloptions CR.

CR Parameters

The table below describes the CR spec.cecGlobalOptions parameters:

Parameter Description
enableFlowBundling Enable or Disable CEC flow bundling: true (default) or false.
sslSessionIdTimeout Sets the CEC flow bundling session timeout in seconds for SSL connections: 15 to 86400. The default is 18000.
gpaLogLevel Sets the log level for GPA: Warning (default),Notice, Informational, or Debug.
cecLogLevel Sets the log level for CEC: Warning (default),Notice, Informational, or Debug.
cecMaxPackets Max amount of packets to make classification decision: 1 to 64. The default is 10.

The table below describes the CR spec.cecGlobalOptions.classifier parameters:

Parameter Description
enableAbr Enable Adaptive Bitrate Streaming: true or false (default).
abrMaxPackets Set Maximum number of packets to build confidence for adaptive bitrate videos: 200 to 512. The default is 256.
enableEvc Enable EVC (Encrypted Video Classification): true or false (default).
evcMaxPackets Maximum number of packets used to build confidence in detecting the resolution: 512 to 500000. The default is 22500.

The table below describes the CR spec.peGlobalOptions parameters:

Parameter Description
peSrdbEnable Enables srDB in PE: true (default) or false.
peLogLevel Specifices the PE log level: Critical,Debug, Error, Informational, Warning (default).
pePolicyReevaluationInterval Specifies the reevaluation interval for the PE policy: 0 to 4294967295. The default is 20.
peSessionInactivityTimeout Specifies the inactivity timeout for PE sessions: 0 to 525600. The default is 120.
peSpmMaxSessionLimit Specifies the max number of PE SPM sessions: 128 to 1048576. The default is 524288.

The table below describes the CR spec.peGlobalOptions.reporting parameters:

Parameter Description
hslFlowStartReport Enables generating and sending PE HSL flow start reports to destination endpoints: Enabled (default) or Disabled.
hslFlowInterimReport Enables generated and sending PE HSL flow interval reports to destination endpoints: Enabled (default) or Disabled.
hslFlowReportVersion Specifies the BIG-IP software version under which the PEM HSL flow reports are generated and sent out to the destination endpoint: REPORT_VER_16_1 (default).

CR Example

apiVersion: k8s.f5net.com/v1
kind: F5BigCecPeGlobaloptions
metadata:
  name: "cec-pe-default-global-options"
  namespace: "cnf-gateway"
spec:
  cecGlobalOptions:
    sslSessionIdTimeout: 300
    gpaLogLevel: "Debug"
    classifier:
      enableAbr: true
      abrMaxPackets: 300
  peGlobalOptions:
    peLogLevel: "Debug"
    pePolicyReevaluationInterval: 120
    peSessionInactivityTimeout: 240
    reporting:
      hslFlowInterimReport: "Disabled"

CR updates

The F5BigCecPeGlobaloptions CR behaves differently than the other CNFs CRs: When you install the BIG-IP Controller to a namespace, a copy of the F5BigCecPeGlobaloptions is applied to namespace with the default values. Because only a single CR of this type can exist in the namespace, you must use the same name, cec-pe-default-global-options, when modifying the F5BigCecPeGlobaloptions CR. Also, when deleting the CR, a new copy will again be applied to the BIG-IP Controller’s namespace with the default values.

Requirements

Ensure you have:

Installation

Use the steps below to modify the default values of the F5BigCecPeGlobaloptions CR.

  1. Copy the F5BigCecPeGlobaloptions CR into a YAML file:

    apiVersion: k8s.f5net.com/v1
    kind: F5BigCecPeGlobaloptions
    metadata:
      name: "cec-pe-default-global-options"
      namespace: "cnf-gateway"
    spec:
      cecGlobalOptions:
        sslSessionIdTimeout: 300
        gpaLogLevel: "Debug"
        classifier:
          enableAbr: true
          abrMaxPackets: 300
      peGlobalOptions:
        peLogLevel: "Debug"
        pePolicyReevaluationInterval: 120
        peSessionInactivityTimeout: 240
        reporting:
          hslFlowInterimReport: "Disabled"
    
  2. Replace the CR:

    kubectl replace -f cnf-pe-globals.yaml
    

    In this example, the BIG-IP Controller logs indicate the F5BigCecPeGlobaloptions CR was added/updated:

    I0606 12:00:00.612067  1 event.go:282] Event(v1.ObjectReference{Kind:"F5CecPeGlobalOptions", 
    F5CecPeGlobalOptions cnf-gateway/cec-pe-default-global-options was added/updated
    
  3. Verify the values:

    kubectl get -f cnf-pe-globals.yaml -o yaml
    

    In this example, the defaults have been updated and match the replaced CR values:

    apiVersion: k8s.f5net.com/v1
    kind: F5BigCecPeGlobaloptions
    metadata:
      generation: 2
      name: "cec-pe-default-global-options"
      namespace: "cnf-gateway"
    spec:
      cecGlobalOptions:
        sslSessionIdTimeout: 300
        gpaLogLevel: "Debug"
        classifier:
          enableAbr: true
          abrMaxPackets: 300
      peGlobalOptions:
        peLogLevel: "Debug"
        pePolicyReevaluationInterval: 120
        peSessionInactivityTimeout: 240
        reporting:
          hslFlowInterimReport: "Disabled"
    
  4. Reset the values back to the defaults:

    kubectl delete -f cnf-pe-globals.yaml
    

    In this example, the BIG-IP Controller logs indicate the F5BigCecPeGlobaloptions CR was added/updated:

    I0606 12:00:00.612067  1 event.go:282] Event(v1.ObjectReference{Kind:"F5CecPeGlobalOptions", 
    F5CecPeGlobalOptions cnf-gateway/cec-pe-default-global-options was added/updated
    
  5. Continue to the F5BigPePolicy to begin using the new F5BigCecPeGlobaloptions CR.

Feedback

Provide feedback to improve this document by emailing cnfdocs@f5.com.