F5 Cloud-Native Network Functions (CNF) - 1.0.4
New Features and Improvements¶
The Top of Rack BGP feature enables TMM Pods to establish BGP peer relationships based on the cluster node the TMM Pod is running on.
The F5BigNatPolicy configuration is now available after restarting the TMM Proxy Pod.
The F5BigIpsPolicy now process application traffic after the TMM Pod restarts.
When modifying the value of the F5BigPePolicy CR’s
ratePacing.udp.maxRate parameter, the new value is now applied to the TMM Proxy Pod.
The TMM Proxy Pod will not restart when the F5BigContextSecure CR processes UDP packets.
The TMCTL protocol_inspection_stats table now displays statistics after the TMM process has created a core file.
When trying to identify applications detected by the F5BigClassificationprofile CR, the
tmctl -d blade gpa_classification_stats command output displays application IDs (205.5460) instead of application names (tcp.open_ssh).
Workaround: Perform the following steps to display the application names.
Helm uninstall the f5ingress deployment.
helm uninstall f5ingress -n cnf-gateway
Delete the mapping CR that was provided in the CRD bundle, and apply it again, targetting the BIG-IP Controller’s namespace.
kubectel delete -f f5-cnf-crds-n6lan/templates/f5-big-classification_mapping.yaml
kubectel apply -f f5-cnf-crds-n6lan/templates/f5-big-classification_mapping.yaml -n <namespace>
Delete the F5BigClassificationprofile CR.
kubectl delete -f cnf-class-profile.yaml
Helm install the f5ingress delployment.
helm uninstall f5ingress tar/f5ingress-6.0.14.tgz -n cnf-gateway
Check the f5ingress logs for Adding or Updating F5DynamicAppsCategories message.
Reapply the classification CR
kubectl apply -f cnf-class-profile.yaml
When multiple TMMs are running in a single Namespace, the IP addresses allocated by the F5BigNatPolicy are not reclaimed and reallocated after scaling the TMM deployment down and back up. Client connections may fail due to NAT IP address exhaustion.
Workaround: Delete and reinstall the F5BigNatPolicy CR.
TMM Proxy Pods may fail to receive a self-IP address when the F5BigNetVlan CR allocates the same number self-IPs as running TMM Proxy Pods.
Workaround: Configure the F5BigNetVlan to allocate twice the number of self-IP addresses as running TMM Proxy Pods.
Use these steps to upgrade the CNFs software components:
Important: Steps 2 through 4 should be performed together, and during a planned maintenance window.
- Review the New Features and Improvements section above, and integrate any updates into the existing configuration. Do not apply Custom Resource (CR) updates until after the BIG-IP Controller has been upgraded.
- Follow Install the CRDs in the CNFs Software guide to upgrade the CRDs. Be aware that newly applied CRDs will replace existing CRDs of the same name.
- Uninstall the previous version BIG-IP Controller, and follow the Installation procedure in the BIG-IP Controller guide to upgrade the Controller and TMM Proxy Pods. Upgrades have not yet been tested using Helm Upgrade.
- Once the BIG-IP Controller and TMM Proxy Pods are available, apply any updated CR configurations (step 1) using the
kubectl apply -f <file>command.
- The dSSM Databases can be upgraded at anytime using the Upgrading dSSM guide.
- The Fluentd Logging collector can be upgraded anytime using Helm Upgrade. Review Extract the Images in the CNF Software guide for the new Fluentd Helm chart location.