F5SPKIngressNGAP¶
Overview¶
The F5SPKIngressNGAP Custom Resource (CR) configures the Service Proxy Traffic Management Microkernel (TMM) to provide low-latency datagram load balancing using the Stream Control Protocol (SCTP) and NG Application (NGAP) signaling protocols. The F5SPKIngressNGAP CR also provides options to tune how connections are processed, and to monitor the health of Service object Endpoints.
Note: The NGAP CR does not currently support multi-homing.
This document guides you through understanding, configuring and installing a simple F5SPKIngressNGAP CR.
CR integration stages¶
The graphic below displays the four integration stages used to begin processing application traffic. SPK CRs can also be integrated into your Helm release, managing all components with single interface. Refer to the Helm CR Integration guide for more information.
CR Parameters¶
The table below describes the CR parameters used in this document.
Option | Description |
---|---|
service.name |
Selects the Service object name for the internal applications (Pods), and creates a round-robin load balancing pool using the Service Endpoints. |
service.port |
Selects the Service object port value. |
spec.destinationAddress |
Creates an IPv4 virtual server address for ingress connections. |
spec.destinationPort |
Defines the service port for inbound connections. |
spec.idleTimeout |
The connection idle timeout period in seconds. The default value is 300 seconds. |
spec.inboundSnatEnabled |
Enable source network address translation. The default is enabled. |
spec.inboundSnatIP |
The IP address to use as the source IP for inbound connections. |
Application Project¶
The Ingress Controller and Service Proxy TMM Pods install to a different Project than the NGAP application (Pods). When installing the Ingress Controller, set the controller.watchNamespace
parameter to the NGAP Pod Project in the Helm values file. For example:
Important: Ensure the Project currently exists in the cluster, the Ingress Controller does not discover Projects created after installation.
controller:
watchNamespace: "ngap-apps"
Dual-Stack environments¶
Service Proxy TMM’s load balancing pool is created by discovering the Kubernetes Service Endpoints in the Project. In IPv4/IPv6 dual-stack environments, to populate the load balancing pool with IPv6 members, set the Service PreferDualStack
parameter to IPv6
. For example:
kind: Service
metadata:
name: ngap-svc
namespace: ngap-apps
labels:
app: ngap-svc
spec:
ipFamilyPolicy: PreferDualStack
ipFamilies:
- IPv6
- IPv4
Ingress traffic¶
To enable ingress network traffic, Service Proxy TMM must be configured to advertise virtual server IP addresses to external networks using the BGP dynamic routing protocol. Alternatively, you can configure appropriate routes on upstream devices. For BGP configuration assistance, refer to the BGP Overview.
Requirements¶
Ensure you have:
- Uploaded the Software images.
- Deployed the Ingress Controller Pods.
- A Linux based workstation.
Installation¶
Use the following steps to verify the application’s Service object configuration, and install the example F5SPKIngressNGAP CR.
Switch to the application Project:
oc project <project>
In this example, the application is in the ngap-apps Project:
oc project ngap-apps
Verify the K8S Service object NAME and PORT are set using the CR
service.spec
andservice.port
parameters:kubectl get service
In this example, the Service object NAME ngap-apps and PORT 38412 are set in the example CR:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) ngap-apps NodePort 10.99.99.99 <none> 38412:30714/TCP
Copy the example CR into a YAML file:
The code below creates a F5SPKIngressNGAP CR file named spk-ingress-ngap.yaml:
cat << EOF > spk-ingress-ngap.yaml apiVersion: "k8s.f5net.com/v1" kind: F5SPKIngressNGAP metadata: namespace: ngap-apps name: ngap-cr service: name: ngap-svc port: 38412 spec: destinationAddress: "192.168.1.123" destinationPort: 38412 idleTimeout: 100 inboundSnatIp: "10.245.1.100" EOF
Install the F5SPKIngressNGAP CR:
NGAP clients should now be able to connect to the application through the Service Proxy TMM.
Verify connectivity¶
If you installed the Ingress Controller with the Debug Sidecar enabled, connect to the sidecar to view virtual server and pool member connecitivy statistics.
Log in to the Service Proxy Debug container:
kubectl attach -it f5-tmm-546c7cb9b9-zvjsf -c debug -n spk-ingress
View the virtual server connection statistics:
tmctl -f /var/tmstat/blade/tmm0 virtual_server_stat -s name,serverside.tot_conns
For example:
name serverside.tot_conns ----------------------------------- -------------------- ngap-apps-ngap-cr-virtual-server 31
View the load balancing pool connection statistics:
tmctl -f /var/tmstat/blade/tmm0 pool_member_stat -s pool_name,serverside.tot_conns
For example:
ngap-apps-ngap-cr-pool 15 ngap-apps-ngap-cr-pool 16