F5BigNetVlan¶
Overview¶
The F5BigNetVlan Custom Resource (CR) configures the Traffic Management Microkernel (TMM) network interface settings: VLAN tags, Self IP addresses, Maximum Transmission Size (MTU), bonding, and packet hashing algorithms.
This document guides you through understanding, configuring and deploying a simple F5BigNetVlan CR.
Scaling TMM¶
When scaling the TMM Proxy Pod beyond a single instance in the namespace, the spec.selfip_v4s
and spec.selfip_v6s
parameters must be configured to provide unique self IP addresses to each TMM replica. The first self IP address in the list is applied to the first TMM Pod, the second IP address to the second TMM Pod, continuing through the list.
Parameters¶
The table below describes the CR’s spec
parameters:
Parameter | Description |
---|---|
name |
The name of the VLAN object in the TMM configuration. |
tag |
The tagging ID applied to the VLAN object. |
bonded |
Combine multiple interfaces into a single bonded interface (true/false). The default false (disabled). |
interfaces |
One or more interfaces to associate with the VLAN object. |
selfip_v4s |
Specifies a list of IPv4 Self IP addresses associated with the VLAN. Each TMM replica receives an IP address in the element order. |
prefixlen_v4 |
The IPv4 self IP address subnet mask. |
selfip_v6s |
Specifies a list of IPv6 Self IP addresses associated with the VLAN. Each TMM replica receives an IP address in the element order. |
prefixlen_v6 |
The IPv6 self IP address subnet mask. |
allowed_services |
Specifies a list of protocols and the protocol service ports this VLAN accepts. |
allowed_services.protocol |
Specifies the protocol traffic the VLAN accepts. |
allowed_services.port |
Specifies the service port traffic the VLAN accepts. |
mtu |
Maximum transmission unit in bytes: (1500 to 9000). The default is 1500. Important: You must also set the BIG-IP Controller TMM_DEFAULT_MTU parameter to the same value when modifying the default, and the value must be the same for each of the installed F5SPKVlan CRs. |
trunk_hash |
The hashing algorithm used to distribute packets across bonded interfaces: src-dst-mac combines MAC addresses of the source and destination. dst-mac the MAC address of the destination. index combine ports of the source and the destination. src-dst-ipport combine IP addresses and ports of the source and the destination (default). |
cmp_hash |
Specifies how traffic will be disaggregated. Use the SRC_ADDR value for the subscriber (upstream) facing VLAN and the DST_ADDR value for the application (downstream) facing VLAN. Do not use the SRC_DST_ADDR_PORT value. |
auto_lasthop |
Disables the auto last hop feature that sends return traffic to the MAC address transmitting the request: AUTO_LASTHOP_ENABLED, AUTO_LASTHOP_DISABLED or AUTO_LASTHOP_DEFAULT. |
Important: To optimize network performance, set the cmp_hash
parameter values as follows: set SRC_ADDR on the subscriber (upstream) VLAN, and DST_ADDR on the application (downstream) facing VLAN.
CR Examples¶
Subscriber VLAN:
apiVersion: "k8s.f5net.com/v1"
kind: F5BigNetVlan
metadata:
name: "subscriber-vlan"
namespace: "cnf-gateway"
spec:
name: clientside
interfaces:
- "1.1"
selfip_v4s:
- 10.10.10.100
- 10.10.10.101
prefixlen_v4: 24
selfip_v6s:
- 2002::10:10:10:100
- 2002::10:10:10:101
prefixlen_v6: 116
mtu: 9000
cmp_hash: SRC_ADDR
Application VLAN:
apiVersion: "k8s.f5net.com/v1"
kind: F5BigNetVlan
metadata:
name: "application-vlan"
namespace: "cnf-gateway"
spec:
name: serverside
interfaces:
- "1.2"
selfip_v4s:
- 192.168.10.100
- 192.168.10.101
prefixlen_v4: 24
selfip_v6s:
- 2002::192:168:10:100
- 2002::192:168:10:101
prefixlen_v6: 116
mtu: 9000
cmp_hash: DST_ADDR
CR shortName¶
CR shortNames provide an easy way to view installed CRs, and their configuration parameters. The CR shortName can also be used to delete the CR instance. The F5BigNetVlan CR shortName is vlan.
View CR instance:
kubectl get vlan -n <namespace>
View CR configuration:
kubectl get vlan -n <namespace> -o yaml
Deployment¶
Use the following steps to deploy the example F5BigNetVlan CR, and verify the Service Proxy TMM configuration.
Copy the F5BigNetVlan CRs into a YAML file:
apiVersion: "k8s.f5net.com/v1" kind: F5BigNetVlan metadata: name: "subscriber-vlan" namespace: "cnf-gateway" spec: name: clientside interfaces: - "1.1" selfip_v4s: - 10.10.10.100 - 10.10.10.101 prefixlen_v4: 24 selfip_v6s: - 2002::10:10:10:100 - 2002::10:10:10:101 prefixlen_v6: 116 mtu: 9000 cmp_hash: SRC_ADDR --- apiVersion: "k8s.f5net.com/v1" kind: F5BigNetVlan metadata: name: "application-vlan" namespace: "cnf-gateway" spec: name: serverside interfaces: - "1.2" selfip_v4s: - 192.168.10.100 - 192.168.10.101 prefixlen_v4: 24 selfip_v6s: - 2002::192:168:10:100 - 2002::192:168:10:101 prefixlen_v6: 116 mtu: 9000 cmp_hash: DST_ADDR
Install the CR:
kubectl apply -f cnf-vlan.yaml
List the VLAN CRs:
kubectl get f5-big-net-vlan -n cnf-gateway
In this example, the VLAN CR is installed:
NAME subscriber-vlan application-vlan
If the Debug Sidecar is enabled (the default), you can verify that TMM has been configured:
kubectl exec -it deploy/f5-tmm -c debug -n cnf-gateway -- ip a
The interfaces should appear at the bottom of the list:
8: clientside: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 link/ether 1e:80:c1:e8:81:15 brd ff:ff:ff:ff:ff:ff inet 192.168.10.100/24 brd 192.168.10.0 scope global server valid_lft forever preferred_lft forever inet6 2002::192:168:10:100/112 scope global valid_lft forever preferred_lft forever
Feedback¶
Provide feedback to improve this document by emailing cnfdocs@f5.com.