UDP Ratepacing

Policy Enforcer (PE) includes support for UDP ratepacing, which manages and controls the rate at which the UDP packets are sent. This functionality is beneficial while accessing video-related content, as traffic often relies on UDP, and requires rate pacing at the receiver’s end to ensure optimal delivery. UDP rate pacing can be configured as an action within PE policies.

When the maximum UDP rate is specified, the outgoing traffic is capped at RATE bytes per second. Packets that cannot be sent due to this rate limitation are temporarily stored in the UDP send buffer (configured in the UDP profile settings). These packets are sent later when the rate constraint is no longer in effect. UDP timers are utilized to monitor the transmission rate and handle the delivery of packets from the UDP send buffer.

Installation

Following are the steps to install and apply the UDP ratepacing use case:

PE Policy

Here UDP rate pacing is applied as PE policy action on flow filter to rate pace the traffic to 50K bytes per second.

  1. Copy the following example in pem-policy-udprate-pacing.yaml file.

apiVersion: "k8s.f5net.com/v1"
kind: F5BigPePolicy
metadata:
  name: "pem-policy-udprate-pacing"
spec:
  description: "PE Policy"
  enableState: true
  rule: 
  - name: "test-rule"
    precedence: 1
    filter:
      flow:
        - name: "test-flow"
          sourceAddress:
          destinationAddress: 0.0.0.0/0
          destinationPort: 0 
          dscp: 
            allow: specific
            value: 0
          internetProtocolVersion: any
          match: match
          protocol: any
          sourceVlan: any
    action: 
      enableGate: true
      udpRatePacing:
        udpRatePacingEnabled: True
        maxRate: 500000 
        debugUdpRatePacing: False

For more information on udpRatePacingEnabled parameter, see spec.rule.action

![](images/spk_info.png) _**Note:** UDP rate pacing in CNF is applicable only in the downlink direction (server to client). The `maxRate` parameter is rounded to the nearest multiple of 1000._

  1. Apply the PE Policy CR.

    kubectl apply -f pem-policy-udprate-pacing.yaml</code> -n <name_space>

  2. Verify that the PE policy is applied by checking the F5ingress logs.

    I0224 11:45:47.295465      13 event.go:364] Event(v1.ObjectReference{Kind:"F5BigPePolicy", Namespace:"default", Name:"pe-policy-udprate-pacing", UID:"d61a891f-0c90-4128-a0d0-5b2d206e1622", APIVersion:"", ResourceVersion:"59582", FieldPath:""}): type: 'Normal' reason: 'Added/Updated' pePolicy default/pe-policy-udprate-pacing was added/updated

    For more information, see F5BigPePolicy CRD page.

PE Profile

  1. Copy the following example in pem-profile-udprate-pacing.yaml file.

apiVersion: "k8s.f5net.com/v1"
kind: F5BigPeProfile
metadata:
      name: "pem-profile-updrate-pacing"
spec:
  description: "pem profile for udp rate pacing"
  globalPolicy: {}
  unknownSubscriberpolicy:
    - "pem-policy-udprate-pacing"

  1. Run the following command to apply the F5BigPeProfile CR.

    kubectl apply -f  pem-profile-udprate-pacing.yaml -n <name_space>

  2. Verify that the F5BigPeProfile CR is applied by checking ‌logs in f5ingress.

    I0224 12:04:57.863324      13 event.go:364] Event(v1.ObjectReference{Kind:"F5BigPeProfile", Namespace:"default", Name:"pe-profile-updrate-pacing", UID:"d83453b9-8501-4214-b7fc-ad76c3694c7d", APIVersion:"", ResourceVersion:"61373", FieldPath:""}): type: 'Normal' reason: 'Added/Updated' peProfile default/pe-profile-updrate-pacing was added/updated

    For more information, see F5BigPeProfile CRD page.

Secure Context TCP

  1. Copy the following example into the secure_context_tcp.yaml file.

apiVersion: "k8s.f5net.com/v1"
kind: F5BigContextSecure
metadata:
  name: "virtual-tcp"
spec:
  destinationAddress: "0.0.0.0/0"
  destinationPort: 0
  ipProtocol: "tcp"
  snat:
    type: "automap"
  peProfile: "pem-profile-updrate-pacing"
  profile: "tcp"

  1. Apply the Secure Context_tcp CR.

    kubectl apply -f secure_context_tcp.yaml -n <name_space>

  2. Verify that the Secure Context_tcp CR is applied by checking the F5ingress logs.

    I0302 22:52:41.928561      13 event.go:364] Event(v1.ObjectReference{Kind:"F5BigContextSecure", Namespace:"default", Name:"virtual-tcp", UID:"52d98b41-790a-4240-9758-8b3f8bf691f8", APIVersion:"", ResourceVersion:"285766", FieldPath:""}): type: 'Normal' reason: 'Added/Updated' SecureContext default/virtual-tcp was added/updated

Secure Context UDP

  1. Copy the following example into the secure_context_udp.yaml file.

apiVersion: "k8s.f5net.com/v1"
kind: F5BigContextSecure
metadata:
  name: "virtual-udp"
spec:
  destinationAddress: "0.0.0.0/0"
  destinationPort: 0
  ipProtocol: "udp"
  snat:
    type: "automap"
  peProfile: "pem-profile-updrate-pacing"
  profile: "udp"

  1. Apply the Secure Context_udp CR.

    kubectl apply -f secure_context_udp.yaml -n <name_space>

  2. Verify that the Secure Context_tcp CR is applied by checking the F5ingress logs.

    I0221 08:06:28.013501      13 event.go:377] Event(v1.ObjectReference{Kind:"F5BigContextSecure", Namespace:"default", Name:"virtual-udp", UID:"1405a7e8-402a-4490-80b6-710ae6b3f79c", APIVersion:"", ResourceVersion:"12572", FieldPath:""}): type: 'Normal' reason: 'Added/Updated' SecureContext default/virtual-udp was added/updated

    Note: The UDP traffic should be rate paced to 50K bytes per second.

Feedback

To provide feedback and help improve this document, please email us at cnfdocs@f5.com.