F5SPKVlan¶
Overview¶
The F5SPKVlan Custom Resource (CR) configures the Traffic Management Microkernel’s (TMM) network interfaces. The F5SPKVlan CR can set interface VLAN tags, Self IP addresses, the Maximum Transmission Size (MTU), and apply Open Virtual Network (OVN) annotations to the TMM Pod.
This document guides you through understanding, configuring and deploying a simple F5SPKVlan CR.
TMM replicas¶
When scaling the Service Proxy TMM Pod beyond a single instance in the Project, the spec.selfip_v4s
and spec.selfip_v6s
parameters must be configured to provide unique self IP addresses to each TMM replica. The first self IP address in the array is applied to the first TMM Pod, the second IP address to the second TMM Pod, continuing through the list.
Internal facing interfaces¶
TMM’s internal facing IP addresses must share the same subnet as the OpenShift nodes. Run the following command to determine the OpenShift node IP address subnet:
oc get nodes -o yaml | grep ipv4
In this example, the IPv4 addresses are in the 10.144.175.0/24 subnet:
k8s.ovn.org/node-primary-ifaddr: '{"ipv4":"10.144.175.15/24","ipv6":"2620:128:e008:4018::15/128"}'
k8s.ovn.org/node-primary-ifaddr: '{"ipv4":"10.144.175.16/24","ipv6":"2620:128:e008:4018::16/128"}'
k8s.ovn.org/node-primary-ifaddr: '{"ipv4":"10.144.175.17/24","ipv6":"2620:128:e008:4018::17/128"}'
k8s.ovn.org/node-primary-ifaddr: '{"ipv4":"10.144.175.18/24","ipv6":"2620:128:e008:4018::18/128"}'
k8s.ovn.org/node-primary-ifaddr: '{"ipv4":"10.144.175.19/24","ipv6":"2620:128:e008:4018::19/128"}'
OVN annotations¶
When the Ingress Controller is installed with ICNI2 enabled, SPK applies OVN annotations to the Service Proxy TMM Pod’s internal VLAN interface. OVN will then use SR-IOV and the TMM’s internal interface as a gateway for all egress traffic in the Project. To target TMM’s internal VLAN interface, set the the VLAN CR spec.internal
parameter to true
on the internal facing VLAN. When set, OVN builds a routing database using the following annotations:
- k8s.ovn.org/routing-namespaces - Defines the Project for Pod egress network traffic.
- k8s.ovn.org/routing-network - Defines the internal TMM VLAN to use as the gateway.
Important: Do not set OVN annotations on multiple internal VLAN interfaces within the same Project.
Parameters¶
The CR spec
parameters used to configure the Service Proxy TMM network interfaces are:
Parameter | Description |
---|---|
name |
The name of the VLAN object in the TMM configuration. |
tag |
The tagging ID applied to the VLAN object. Important: Do not set the OpenShift network attachment vlan parameter, use the CR tag parameter. |
bonded |
Combine multiple interfaces into a single bonded interface (true/false). The default false (disabled). |
interfaces |
One or more interfaces to associate with the VLAN object. |
internal |
Enable Routing annotations for internal Pods (true/false). The default is false (disabled).This must be set on the internal VLAN, and can only be enabled on one VLAN. |
selfip_v4s |
An array of IPv4 Self IP addresses associated with the VLAN. Each TMM replica receives an IP address in the element order. |
prefixlen_v4 |
The IPv4 address subnet mask. |
selfip_v6s |
An array of IPv6 Self IP addresses associated with the VLAN. Each TMM replica receives an IP address in the element order. |
prefixlen_v6 |
The IPv6 address subnet mask. |
mtu |
Maximum transmission unit in bytes: (1500 to 8000). The default is 1500. Important: You must also set the Ingress Controller TMM_DEFAULT_MTU parameter to the same value when modifying the default. |
trunk_hash |
The hashing algorithm used to distribute packets across bonded interfaces. Options: src-dst-mac combines MAC addresses of the source and destination. dst-mac the MAC address of the destination. index combine ports of the source and the destination. src-dst-ipport combine IP addresses and ports of the source and the destination (default). |
This example VLAN CR provides IPv4 and IPv6 address to three TMM replicas:
apiVersion: "k8s.f5net.com/v1"
kind: F5SPKVlan
metadata:
namespace: spk-ingress
name: "vlan-internal"
spec:
name: internal
tag: 3805
internal: true
interfaces:
- "1.2"
selfip_v4s:
- "10.144.175.100"
- "10.144.175.101"
- "10.144.175.102"
prefixlen_v4: 24
selfip_v6s:
- "aaaa::100"
- "aaaa::101"
- "aaaa::102"
prefixlen_v6: 64
mtu: 3000
Requirements¶
Ensure you have:
- Uploaded Software images.
- Deployed the Ingress Controller Pods.
- Have a Linux based workstation.
Deployment¶
Use the following steps to deploy the example F5SPKVlan CR, and verify the Service Proxy TMM configuration.
Copy the Example CR above into a YAML file:
The code below creates a F5SPKVlan CR file named spk-vlan.yaml:
cat << EOF > spk-vlan.yaml apiVersion: "k8s.f5net.com/v1" kind: F5SPKVlan metadata: namespace: spk-ingress name: "vlan-internal" spec: name: internal tag: 3805 internal: true interfaces: - "1.2" selfip_v4s: - "10.144.175.100" - "10.144.175.101" - "10.144.175.102" prefixlen_v4: 24 selfip_v6s: - "aaaa::100" - "aaaa::101" - "aaaa::102" prefixlen_v6: 64 mtu: 3000 EOF
Install the F5SPKVlan CR:
oc apply -f spk-vlan.yaml
To verify the self IP address, log in to the Service Proxy TMM container:
In this example, TMM is installed in the spk-ingress Project:
oc exec -it deploy/f5-tmm -n spk-ingress -- bash
List the interfaces and grep for the
spec.name
value:In this example, the VLAN
spec.name
is internal and the self IP address is 192.168.10.100:ip addr | grep internal
internal: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel inet 10.144.175.100/24 brd 10.144.175.0 scope global internal
Feedback¶
Provide feedback to improve this document by emailing spkdocs@f5.com.