F5BigNetVlan¶
Overview¶
The F5BigNetVlan Custom Resource (CR) configures the Traffic Management Microkernel (TMM) network interface settings: VLAN tags, Self IP addresses, Maximum Transmission Size (MTU), bonding, and packet hashing algorithms.
This document guides you through understanding, configuring and deploying a simple F5BigNetVlan CR.
Scaling TMM¶
When scaling the TMM Proxy Pod beyond a single instance in the namespace, the spec.selfip_v4s and spec.selfip_v6s parameters must be configured to provide unique self IP addresses to each TMM replica. Although the intended behaviour is positional assignment—the first self IP in the list to the first TMM Pod, the second to the second, and so on—this order is not guaranteed when there are more self IPs than number of existing TMM pods. In such cases, the mapping may change and become non-sequential.
Parameters¶
The table below describes the CR’s spec parameters:
| Parameter | Description |
|---|---|
name |
The name of the VLAN object in the TMM configuration. |
tag |
The tagging ID applied to the VLAN object. |
bonded |
Combine multiple interfaces into a single bonded interface (true/false). The default false (disabled). |
interfaces |
One or more interfaces to associate with the VLAN object. |
selfip_v4s |
Specifies a list of IPv4 Self IP addresses associated with the VLAN. Each TMM replica receives an IP address in the element order. |
prefixlen_v4 |
The IPv4 self IP address subnet mask. |
selfip_v6s |
Specifies a list of IPv6 Self IP addresses associated with the VLAN. Each TMM replica receives an IP address in the element order. |
prefixlen_v6 |
The IPv6 self IP address subnet mask. |
allowed_services |
Specifies a list of protocols and the protocol service ports this VLAN accepts. |
allowed_services.protocol |
Specifies the protocol traffic the VLAN accepts. |
allowed_services.port |
Specifies the service port traffic the VLAN accepts. |
mtu |
The Maximum Transmission Unit (MTU) value ranges from a minimum of 576 bytes to a maximum of 9198 bytes, with a default value of 1500 bytes. Different MTU values can be configured for different VLANs. Important: - The MTU value set in the VLAN specification ( spec.mtu) must not exceed the value defined in the global helm parameter (global.tmmDefaultMTU). * It must be less than or equal to the value of global.tmmDefaultMTU. * For VLANs with IPv6 Self IPs, it must be greater than or equal to 1280 bytes. - After the VLAN Custom Resource (CR) is applied and traffic is actively flowing, modifying the MTU setting can result in traffic disruption. Therefore, it is strongly recommended to not to modify the MTU value after the VLAN CR has been configured. For more information on MTU validation and related error messages, see MTU Validation - Common Error Scenarios. |
trunk_hash |
The hashing algorithm used to distribute packets across bonded interfaces: src-dst-mac combines MAC addresses of the source and destination. dst-mac the MAC address of the destination. index combine ports of the source and the destination. src-dst-ipport combine IP addresses and ports of the source and the destination (default). |
cmp_hash |
Specifies how traffic will be disaggregated. Use the SRC_ADDR value for the subscriber (upstream) facing VLAN and the DST_ADDR value for the application (downstream) facing VLAN. Do not use the SRC_DST_ADDR_PORT value. |
auto_lasthop |
Disables the auto last hop feature that sends return traffic to the MAC address transmitting the request: AUTO_LASTHOP_ENABLED, AUTO_LASTHOP_DISABLED or AUTO_LASTHOP_DEFAULT. |
Important: To optimize network performance, set the cmp_hash parameter values as follows: set SRC_ADDR on the subscriber (upstream) VLAN, and DST_ADDR on the application (downstream) facing VLAN.
CR Examples¶
Subscriber VLAN:
apiVersion: "k8s.f5net.com/v1"
kind: F5BigNetVlan
metadata:
name: "subscriber-vlan"
namespace: "cnf-gateway"
spec:
name: clientside
interfaces:
- "1.1"
selfip_v4s:
- 10.10.10.100
- 10.10.10.101
prefixlen_v4: 24
selfip_v6s:
- 2002::10:10:10:100
- 2002::10:10:10:101
prefixlen_v6: 116
mtu: 9000
cmp_hash: SRC_ADDR
Application VLAN:
apiVersion: "k8s.f5net.com/v1"
kind: F5BigNetVlan
metadata:
name: "application-vlan"
namespace: "cnf-gateway"
spec:
name: serverside
interfaces:
- "1.2"
selfip_v4s:
- 192.168.10.100
- 192.168.10.101
prefixlen_v4: 24
selfip_v6s:
- 2002::192:168:10:100
- 2002::192:168:10:101
prefixlen_v6: 116
mtu: 9000
cmp_hash: DST_ADDR
CR shortName¶
CR shortNames provide an easy way to view installed CRs, and their configuration parameters. The CR shortName can also be used to delete the CR instance. The F5BigNetVlan CR shortName is vlan.
View CR instance:
kubectl get vlan -n <namespace>
View CR configuration:
kubectl get vlan -n <namespace> -o yaml
Deployment¶
Use the following steps to deploy the example F5BigNetVlan CR, and verify the Service Proxy TMM configuration.
Copy the F5BigNetVlan CRs into a YAML file:
apiVersion: "k8s.f5net.com/v1" kind: F5BigNetVlan metadata: name: "subscriber-vlan" namespace: "cnf-gateway" spec: name: clientside interfaces: - "1.1" selfip_v4s: - 10.10.10.100 - 10.10.10.101 prefixlen_v4: 24 selfip_v6s: - 2002::10:10:10:100 - 2002::10:10:10:101 prefixlen_v6: 116 mtu: 9000 cmp_hash: SRC_ADDR --- apiVersion: "k8s.f5net.com/v1" kind: F5BigNetVlan metadata: name: "application-vlan" namespace: "cnf-gateway" spec: name: serverside interfaces: - "1.2" selfip_v4s: - 192.168.10.100 - 192.168.10.101 prefixlen_v4: 24 selfip_v6s: - 2002::192:168:10:100 - 2002::192:168:10:101 prefixlen_v6: 116 mtu: 9000 cmp_hash: DST_ADDR
Install the CR:
kubectl apply -f cnf-vlan.yaml
List the VLAN CRs:
kubectl get f5-big-net-vlan -n cnf-gateway
In this example, the VLAN CR is installed:
NAME subscriber-vlan application-vlan
If the Debug Sidecar is enabled (the default), you can verify that TMM has been configured:
kubectl exec -it deploy/f5-tmm -c debug -n cnf-gateway -- ip a
The interfaces should appear at the bottom of the list:
8: clientside: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 link/ether 1e:80:c1:e8:81:15 brd ff:ff:ff:ff:ff:ff inet 192.168.10.100/24 brd 192.168.10.0 scope global server valid_lft forever preferred_lft forever inet6 2002::192:168:10:100/112 scope global valid_lft forever preferred_lft forever
Note: With multiple VLAN CRs,
selfIPfrom first index in all CRs will be assigned to same TMM. This TMM will have device name asDP-0.SelfIPsfrom second index in all CRs will be assigned to same TMM, and has the device name asDP-1and so on.
Deterministic Config Allocation¶
This feature provides deterministic allocation of IP addresses for a pod. For more information on how the Deterministic Config Allocation works, TMM device assignments, Active and Standby TMMs, see Deterministic Config Allocation guide.
MTU Validation - Common Error Scenarios¶
When setting the MTU value in the F5BigNetVlan CR (spec.mtu) specification, ensure that you follow the required rules. Failure to do so may result in the following errors:
If the MTU value is set to less than the minimum allowed 576 bytes:
Error: The F5BigNetVlan “tmm-client” is invalid: spec.mtu: Invalid value: 575: spec.mtu in body should be greater than or equal to 576.
If the MTU value is set greater than the maximum allowed 9198 bytes:
Error: The F5BigNetVlan “tmm-client” is invalid: spec.mtu: Invalid value: 9199: spec.mtu in body should be less than or equal to 9198.
If the MTU value is greater than the value set in the global helm parameter (
global.tmmDefaultMTU):Error: Error from server: error when creating “vlan-invalid-mtu-3.yaml”: admission webhook “f5validate.f5net.com” denied the request: on vlan tmm-client, MTU 1501 must be less than or equal to default TMM MTU 1500.
If IPv6 is configured and the MTU value is less than 1280 bytes:
Error: Error from server: error when creating “vlan-invalid-mtu-4.yaml”: admission webhook “f5validate.f5net.com” denied the request: on vlan tmm-client, MTU 1279 must be greater than or equal to 1280 when IPv6 addresses are provided.
Feedback¶
Provide feedback to improve this document by emailing cnfdocs@f5.com.