Release Notes¶

F5 Cloud-Native Network Functions (CNFs) Release Notes for Robin.io - v2.2.0 release.

What’s new in CNFs v2.2.0 release¶

High-Speed Logging and Reporting for Traffic Analytics¶

The Reporting feature introduces comprehensive high-speed logging (HSL) capabilities for session-based and flow-based reporting, enabling granular traffic analysis and centralized monitoring. This feature allows users to configure policies to export traffic data to external analytics servers using Syslog transport in RFC-supported formats (rfc5424, rfc3164, and legacy-bigip) over TCP or UDP. Logs are generated as comma-separated values (CSV), offering metrics like subscriber details, traffic volume, transaction counts, video resolution, and latency.

With seamless integration into Kubernetes infrastructure, predefined Custom Resources (CRs) simplify configuration for log publishers, reporting intervals, and enforcement policies. Fluent-bit powers log processing, ensuring efficient handling of log files from TMM containers while forwarding them to Fluentd for analytics.

For more information, see Reporting.

DNS Cache Records and Statistics¶

This release introduces the displaying and deleting DNS cache records, providing you with tools to inspect, manage, and analyze DNS cache records and statistics. Utilizing the bdt_cli utility, you can list, count, and delete DNS cache records based on specific filters, such as domain name, TTL range, response codes, and DNS cache type (RRSet, message, or nameserver). Additionally, a new dns-cache-stats utility enables the retrieval of detailed DNS cache performance metrics, including hit/miss ratios, query counts, response history across time intervals, traffic statistics, and nameserver behaviors.

For more information, see Debug Sidecar.

Traffic Distribution with Stateless and Bidirectional DAG¶

The Stateless DAG functionality introduces a stateless, pod-based hashing mechanism for seamless and efficient traffic distribution in Containerized Network Function (CNF) environments. This release eliminates the need for persistent flow-based mechanisms, enabling faster processing by routing traffic dynamically using a pre-defined stateless hash table that distributes traffic evenly across TMM Pods. By integrating the DAG functionality within the same CNE installation, the solution simplifies deployment and eliminates the additional complexity of maintaining a separate DAG layer or namespace.

Additionally, this release include Bidirectional DAG functionality, which ensures symmetrical routing for both client-to-server and server-to-client flows by using the same redirect_vlan and hash table for consistent stateful processing.

Note: When enabling pod_hash, ensure the TMM count matches with number of self IPs. For example, if there are three TMMs in your deployment, then ensure the VLANs with enabled pod_hash should have exactly three self IPs.

For more information, see Stateless DAG.

GeoDB Dynamic Update Support for Countries and Regions¶

This release introduces dynamic GeoDB update support for the Edge Firewall’s Geo Location Aware Policy, addressing limitations of the previously static Country/Region list embedded in container images. With this enhancement, the Controller and PCCD can now dynamically update their geo configurations based on the latest GeoDB, allowing immediate adoption of new geo locations and handling of deprecated ones, without requiring container rebuilds or restarts. Firewall Policy CRs can dynamically reference newly added geos, and deprecated geos will be transparently logged in error messages for easy identification and troubleshooting.

For more information, see GeoIP Database, F5BigFwPolicy, and F5BigFwRulelist CRs.

Subscriber Creation and Awareness¶

This release introduces Subscriber ID creation and CGNAT logging feature, enabling service providers to seamlessly create, manage, and log subscriber-specific activities. Subscribers can now be dynamically created using RADIUS-triggered messages, ensuring automated, session-driven management with enriched information like IMSI, MSISDN, or NAI. The subscriber creation process integrates with distributed session storage (DSSM) for real-time updates and synchronization across TMM pods.

With these enhancements, Carrier-Grade NAT (CGNAT) now supports subscriber-aware logging for translation events. Each NAT session is logged with the associated Subscriber ID (for example, IMSI or MSISDN), simplifying troubleshooting, auditing, and regulatory compliance for service providers. By including Subscriber IDs in NAT translation logs, this feature enables clear visibility into IP-to-subscriber mappings, making it easier to correlate network events to individual users while improving operational efficiency.

For more information, see Subscriber Creation and Subscriber Awareness - CGNAT.

End-to-End Security for Sensitive Configuration Information¶

The feature introduces Kubernetes native Secret support to manage sensitive data (like certificates and keys) securely in Custom Resources (CRs). You can create a Kubernetes secret and reference the Secret using secretRef (name, namespace, and key) instead of embedding sensitive data in plain text. Secrets can be dynamically edited or renewed via cert-manager without the need to re-apply the CR. The cne-controller securely fetches the Secret with proper RBAC, watches for updates, and notifies consumers. Sensitive data is transmitted securely using mTLS for end-to-end security.

For more information, see Secrets | Kubernetes.

Dynamically Manage Log Levels through REST API and ConfigMap Watching¶

This new feature allows runtime log level control without pod restarts. CWC now exposes a REST API to adjust log levels per pod. Requests update a pod-specific ConfigMap, which propagates via minlevel.yaml; the F5 logging library monitors this file and applies the new level automatically.

For more information, see Dynamic log levels and API Documentation

Automated Orphaned Log Folder Cleanup¶

Added Folder Cleaner, an optional feature that automatically removes orphaned log directories to prevent storage exhaustion. Cleanup runs as a scheduled job (CronJob) inside the container.

For more information, see Fluend Logging

Enhancements¶

RBAC for CNE Controller with Configurable CRD Monitoring¶

This release enhanced the Role-Based Access Control (RBAC) for the CNE Controller, enabling improved security and reduced cluster-wide permissions when interacting with CustomResourceDefinition (CRD) resources. You can now manually configure a list of CRDs that the controller should monitor through Kubernetes ConfigMap, eliminating the need for cluster-wide permissions to list all CRDs. If no ConfConfigMapigMap is provided, the CNE Controller retains its default behavior of requiring cluster-wide CRD list permissions. Changes to the CRD list through the ConfigMap require a manual restart of the controller deployment.

For more information, see Cluster-wide RBACs for CNFs, CNFs RBAC, CNFs CWC and BIG-IP Controller.

Traffic Management with CGNAT and DNAT Enhancements¶

The F5Ingress controller now supports automatic distribution of VLAN configurations to standby TMM pods, excluding self-IP assignments. This ensures that standby pods are pre-configured and ready to take over traffic seamlessly without creating self-IP conflicts, resulting in reduced downtime and a smoother failover process in dynamic, high-availability environments.

This optimization enhances thread-level load balancing, increases throughput, and scales performance efficiently, making the system robust for handling high traffic loads with minimal latency.

For more information, see DNATUTIL Tool.

Added Support for 1 GB Huge Pages¶

You can now configure the huge page size to 1Gi using the new tmm.hugepages.preferredhugepagesize parameter while defining the TMM resources.

For more information, see Simultaneous Multithreading and TMM Resources

Cancelling QKView Requests by ID¶

Cancel a running QKView via API; on cancellation, the system stops collection and generates a QKView that includes only data gathered before the cancel request. For more information, see QKViewand API Documentation

Configuring Per-table Aggregation¶

Use Aggregation mode to control metrics for a table. For each table, you can choose the Aggregation mode options (Aggregated, Semi Aggregated, or Diagnostic) and set an export interval. The operator enforces these settings via Jobs from the f5-observer-operator-config ConfigMap.

For more information, see [Distributed Toda for Stats Aggregation] (cnf-stats-aggregator.md) and Metrics Table

Next step¶

Continue to the System Requirements to ensure the cluster has the required software components.