ZebOS ConfigMaps

The Cloud-Native Network Functions (CNFs) Traffic Managment Microkernel (TMM) Proxy Pod’s f5-tmm-routing container can reference native ZebOS.conf files as ConfigMaps using the BIG-IP Controller’s Helm values. One of the benefits of referencing the ZebOS.conf file as a ConfigMap is the ability to modify BGP configurations while the CNFs F5ingress and TMM Pods are running. The CNFs Controller detects modifications made to the ConfigMap file, and applies the updates to the running f5-tmm-routing container.

Note: The periodic detection interval depends on the KubeletConfiguration settings.

Requirements

Ensure you have:

• Uploaded the CNFs Software.
• Installed the CNFs Cert Manager.

Procedures

Installation

Use these steps to install a ZebOS.conf Configmap, and reference the ConfigMap using the CNFs Controller Helm values file.

Important: You must install a ZebOS.conf ConfigMap prior to the CNFs Controller. ConfigMap modifications can then be made after installing the CNFs Controller.

1. Copy the example ZebOS.conf into a YAML file:

   router bgp 64443
     !
     bgp router-id 192.168.154.96
     bgp log-neighbor-changes
     bgp graceful-restart restart-time 120
     no bgp default ipv4-unicast
     redistribute kernel
     !
     neighbor 10.20.30.40 remote-as 3535
     neighbor 10.20.30.40 ebgp-multihop 100
     neighbor 2002::10:20:30:40 remote-as 3535
     neighbor 2002::10:20:30:40 ebgp-multihop 100
     !
     !
     address-family ipv6
       redistribute kernel
       neighbor 2002::10:20:30:40 activate
       neighbor 2002::10:20:30:40 soft-reconfiguration inbound
     exit-address-family
     !
     address-family ipv4
       neighbor 10.20.30.40 activate
       neighbor 10.20.30.40 soft-reconfiguration inbound
     exit-address-family
   !
   

   Note: The ZebOS.conf configuration is similar to the following Helm values.yaml configuration:

    bgp:
      asn: 64443
      hostname: cnf-bgp
      neighbors:
      - ip: 10.20.30.40
        asn: 3535
        ebgpMultihop: 100
        acceptsIPv4: true
        softReconf: true
      - ip: 2002::10:20:30:40
        asn: 3535
        ebgpMultihop: 100
        acceptsIPv6: true
        softReconf: true
   

2. Install the ZebOS.conf file as a ConfigMap:

   In this example, the ConfigMap installs to the cnf-gateway Project.

   kubectl create configmap cnf-bgp --from-file=ZebOS.conf -n cnf-gateway
   

3. To reference the ZebOS.conf ConfigMap, add the following parameters to the CNFs Controller Helm values file:

   tmm:
     bfdToOVN:
       enabled: true
     dynamicRouting:
       enabled: true
       configMapName: "cnf-bgp"
   

4. Install the BIG-IP Controller.

5. Verify the ZebOS configuration once the BIG-IP Controller has installed:

   kubectl exec -it deploy/f5-tmm -c f5-tmm-routing -n cnf-gateway \
   -- imish -e 'show running-config'
   

6. Verify the BGP peering relationships one the BIG-IP Controller has installed:

   kubectl exec -it deploy/f5-tmm -c f5-tmm-routing -n cnf-gateway \
   -- imish -e 'show bgp neighbors'
   

7. If there are any issues, review the Troubleshooting section of the BGP Overview.

Modifications

Use these steps to modify the installed ZebOS.conf Configmap.

1. Edit the ZebOS.conf file and modify the required parameters.

2. To modify a neighbor IP address, you must first remove the previous address in the ZebOS.conf configuration:

   In this example, the neighbor IP 10.20.30.40 is changed to 10.20.30.50.

   no neighbor 10.20.30.40
   neighbor 10.20.30.50 remote-as 3535
   neighbor 10.20.30.50 ebgp-multihop 100
   

3. List the ConfigMap in the cluster:

   kubectl get cm <name> -n <namespace>
   

   In this example, the ConfigMap named cnf-bgp is in the cnf-gateway namespace:

   kubectl get cm cnf-bgp -n cnf-gateway
   

4. Apply the ConfigMap edits:

   kubectl create configmap cnf-bgp --from-file=ZebOS.conf \
   -n cnf-gateway -o yaml --dry-run=client | kubectl apply -f -
   

5. Verify the ZebOS configuration once the BIG-IP Controller has installed:

   kubectl exec -it deploy/f5-tmm -c f5-tmm-routing -n cnf-gateway \
   -- imish -e 'show running-config'
   

BGP Secrets

As described in the BGP Secrets section of the BGP Overview, neighbor passwords can be stored as Kubernetes secrets. When modifying BGP Secrets while the f5-tmm-routing container is running, the TMM Pod must be scaled down and back up. To scale the f5-tmm-routing container after modifying a BGP Secret, run the following commands:

1. Scale the f5-tmm deployment to 0:

   kubectl scale deployment f5-tmm --replicas=0 -n cnf-gateway
   

2. Ensure the READY status is 0/0:

   kubectl get deployment -n cnf-gateway 
   

   NAME     READY   UP-TO-DATE   AVAILABLE
   f5-tmm   0/0     0            0        
   

3. Scale the f5-tmm deployment to the original number of replicas:

   kubectl scale deployment f5-tmm --replicas=1 -n cnf-gateway
   

BGP ToR configuration

Use these steps to enable the CNFs Top of Rack BGP (ToR) feature.

1. Copy the example ToR ConfigMap defining the BGP neighbor to cluste node relationship in to a YAML file:

   In this example, the ConfigMap names cnf-tor-bgp installs to the BIG-IP Controller’s cnf-gateway namespace.

   apiVersion: v1
   kind: ConfigMap
   metadata:
     name: "cnf-tor-bgp"
     namespace: "cnf-gateway"
   data:
     worker1.k8s.cluster.net: 192.168.154.110
     worker2.k8s.cluster.net: 192.168.154.111
     worker3.k8s.cluster.net: 192.168.154.112
     master.k8s.cluster.net: 192.168.154.112
   

2. Install the ToR ConfigMap:

   kubectl apply -f tor.yaml
   

3. Copy the example BGP configuration into the ZebOS.conf file. The peer-group and activate parameters are reqired for ToR:

   In this example, the ZebOS configuration references the cnf-tor-bgp ConfigMap.

   router bgp 64443
     !
     bgp router-id %%POD_IP%%
     bgp log-neighbor-changes
     bgp graceful-restart restart-time 120
     redistribute kernel
     neighbor cnf-tor-bgp remote-as 3535
     neighbor cnf-tor-bgp peer-group
     neighbor cnf-tor-bgp activate
     neighbor cnf-tor-bgp ebgp-multihop 100
     neighbor cnf-tor-bgp soft-reconfiguration inbound
   !
   

4. Install the ZebOS.conf file as a ConfigMap:

   In this example, the ZebOS.conf ConfigMap installs to the BIG-IP Controller’s cnf-gateway namespace.

   kubectl create configmap cnf-bgp --from-file=ZebOS.conf -n cnf-gateway
   

5. Add the following parameters to the BIG-IP Controller Helm values file:

   In this example, the configMapName parameter references the ZebOS.conf ConfigMap, and the peerGroups parameter references the ToR ConfigMap.

   tmm:
     dynamicRouting:
       enabled: true
       configMapName: "cnf-bgp"
       peerGroups:
         - cnf-tor-bgp
   

6. After installing the BIG-IP Controller, view the ZebOS configuration:

   In this example, the BIG-IP Controller installed to the cnf-gateway namespace.

   kubectl exec -it deploy/f5-tmm -c f5-tmm-routing -n cnf-gateway \
   -- imish -e 'show running-config'
   

7. Verify the correct IP address is configured:

   In this example, the worker2.k8s.cluster.net mapped IP address 192.168.154.111 is used in the configuration.

   router bgp 64443
   bgp router-id 0.0.107.127
   no bgp default ipv4-unicast
   bgp log-neighbor-changes
   bgp graceful-restart restart-time 120
   max-paths ebgp 4
   redistribute kernel
   neighbor cnf-bgp peer-group
   neighbor cnf-bgp remote-as 3535
   neighbor cnf-bgp ebgp-multihop 100
   neighbor cnf-bgp activate
   neighbor cnf-bgp soft-reconfiguration inbound
   neighbor 192.168.154.111 peer-group cnf-bgp
   neighbor 192.168.154.111 activate
   

8. If there are any issues, review the Troubleshooting section of the BGP Overview.

Feedback

Provide feedback to improve this document by emailing cnfdocs@f5.com.

Supplemental

• The BGP section of the Networking Overview.