F5SPKVlan

Overview

The F5SPKVlan Custom Resource (CR) configures the Traffic Management Microkernel’s (TMM) network interfaces. The F5SPKVlan CR can set interface VLAN tags, Self IP addresses, the Maximum Transmission Size (MTU), and apply Open Virtual Network (OVN) annotations to the TMM Pod.

This document guides you through understanding, configuring and deploying a simple F5SPKVlan CR.

TMM replicas

When scaling the Service Proxy TMM Pod beyond a single instance in the Project, the spec.selfip_v4s and spec.selfip_v6s parameters must be configured to provide unique self IP addresses to each TMM replica. The first self IP address in the array is applied to the first TMM Pod, the second IP address to the second TMM Pod, continuing through the list.

Internal facing interfaces

TMM’s internal facing IP addresses must share the same subnet as the OpenShift nodes. Run the following command to determine the OpenShift node IP address subnet:

oc get nodes -o yaml | grep ipv4

In this example, the IPv4 addresses are in the 10.144.175.0/24 subnet:

k8s.ovn.org/node-primary-ifaddr: '{"ipv4":"10.144.175.15/24","ipv6":"2620:128:e008:4018::15/128"}'
k8s.ovn.org/node-primary-ifaddr: '{"ipv4":"10.144.175.16/24","ipv6":"2620:128:e008:4018::16/128"}'
k8s.ovn.org/node-primary-ifaddr: '{"ipv4":"10.144.175.17/24","ipv6":"2620:128:e008:4018::17/128"}'
k8s.ovn.org/node-primary-ifaddr: '{"ipv4":"10.144.175.18/24","ipv6":"2620:128:e008:4018::18/128"}'
k8s.ovn.org/node-primary-ifaddr: '{"ipv4":"10.144.175.19/24","ipv6":"2620:128:e008:4018::19/128"}'

OVN annotations

When the Ingress Controller is installed with ICNI2 enabled, SPK applies OVN annotations to the Service Proxy TMM Pod’s internal VLAN interface. OVN will then use SR-IOV and the TMM’s internal interface as a gateway for all egress traffic in the Project. To target TMM’s internal VLAN interface, set the the VLAN CR spec.internal parameter to true on the internal facing VLAN. When set, OVN builds a routing database using the following annotations:

• k8s.ovn.org/routing-namespaces - Defines the Project for Pod egress network traffic.
• k8s.ovn.org/routing-network - Defines the internal TMM VLAN to use as the gateway.

Important: Do not set OVN annotations on multiple internal VLAN interfaces within the same Project.

Parameters

The CR spec parameters used to configure the Service Proxy TMM network interfaces are:

Parameter	Description
name	The name of the VLAN object in the TMM configuration.
tag	The tagging ID applied to the VLAN object. Important: Do not set the OpenShift network attachment vlan parameter, use the CR tag parameter.
bonded	Combine multiple interfaces into a single bonded interface (true/false). The default false (disabled).
interfaces	One or more interfaces to associate with the VLAN object.
internal	Enable Routing annotations for internal Pods (true/false). The default is false (disabled).This must be set on the internal VLAN, and can only be enabled on one VLAN.
selfip_v4s	An array of IPv4 Self IP addresses associated with the VLAN. Each TMM replica receives an IP address in the element order.
prefixlen_v4	The IPv4 address subnet mask.
selfip_v6s	An array of IPv6 Self IP addresses associated with the VLAN. Each TMM replica receives an IP address in the element order.
prefixlen_v6	The IPv6 address subnet mask.
mtu	Maximum transmission unit in bytes: (1500 to 8000). The default is 1500. Important: You must also set the Ingress Controller TMM_DEFAULT_MTU parameter to the same value when modifying the default.
trunk_hash	The hashing algorithm used to distribute packets across bonded interfaces. Options: src-dst-mac combines MAC addresses of the source and destination. dst-mac the MAC address of the destination. index combine ports of the source and the destination. src-dst-ipport combine IP addresses and ports of the source and the destination (default).

This example VLAN CR provides IPv4 and IPv6 address to three TMM replicas:

apiVersion: "k8s.f5net.com/v1"
kind: F5SPKVlan
metadata:
  namespace: spk-ingress
  name: "vlan-internal"
spec:
  name: internal
  tag: 3805
  internal: true
  interfaces:
    - "1.2"
  selfip_v4s: 
    - "10.144.175.100"
    - "10.144.175.101"
    - "10.144.175.102"
  prefixlen_v4: 24
  selfip_v6s:
    - "aaaa::100"
    - "aaaa::101"
    - "aaaa::102"
  prefixlen_v6: 64
  mtu: 3000

Requirements

Ensure you have:

• Uploaded Software images.
• Deployed the Ingress Controller Pods.
• Have a Linux based workstation.

Deployment

Use the following steps to deploy the example F5SPKVlan CR, and verify the Service Proxy TMM configuration.

1. Copy the Example CR above into a YAML file:

   The code below creates a F5SPKVlan CR file named spk-vlan.yaml:

   cat << EOF > spk-vlan.yaml
   apiVersion: "k8s.f5net.com/v1"
   kind: F5SPKVlan
   metadata:
     namespace: spk-ingress
     name: "vlan-internal"
   spec:
     name: internal
     tag: 3805
     internal: true
     interfaces:
       - "1.2"
     selfip_v4s: 
       - "10.144.175.100"
       - "10.144.175.101"
       - "10.144.175.102"
     prefixlen_v4: 24
     selfip_v6s:
       - "aaaa::100"
       - "aaaa::101"
       - "aaaa::102"
     prefixlen_v6: 64
     mtu: 3000
   EOF
   

2. Install the F5SPKVlan CR:

   oc apply -f spk-vlan.yaml
   

3. To verify the self IP address, log in to the Service Proxy TMM container:

   In this example, TMM is installed in the spk-ingress Project:

   oc exec -it deploy/f5-tmm -n spk-ingress -- bash
   

4. List the interfaces and grep for the spec.name value:

   In this example, the VLAN spec.name is internal and the self IP address is 192.168.10.100:

   ip addr | grep internal
   

   internal: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel 
       inet 10.144.175.100/24 brd 10.144.175.0 scope global internal
   

Feedback

Provide feedback to improve this document by emailing spkdocs@f5.com.