F5SPKIngressTCP Reference

The F5SPKIngressTCP Custom Resource (CR) configuration parameters. Each heading below represents the top-level parameter element. For example, to set the Kubernetes Service name, use service.name.

service

Parameter Description
name Name of the Kubernetes Service providing access to the Pods.
port The exposed port for the service.

spec

Parameter Description
destinationAddress The advertised IPv4 address of the application.
ipv6destinationAddress The advertised IPv6 address of the application.
destinationPort The external service port of the application.
snat Translate the source IP address of ingress packets to TMM's self IP addresses. Use SRC_TRANS_AUTOMAP to enable, and SRC_TRANS_NONE to disable (default).
idleTimeout The number of seconds a connection can remain idle before deletion. The default is 300. You can also set immediate or indefinite.
category The F5SPKVlan category to associate with the virtual server.
clientTimeout The seconds allowed for clients to transmit enough data to select a server pool. The default timeout is 30 seconds.
serviceDownAction The action to take when the service associated with the pool is marked down by a monitor or removed by Kubernetes: POOLMBR_ACTION_NONE (default), POOLMBR_ACTION_REJECT, POOLMBR_ACTION_DROP, or POOLMBR_ACTION_RESELECT. See K15095 for more detail.
ipFragReass Reassemble IP fragments (true / false). The default is true.
ipTosToClient The ToS level assigned to IP packets sent to clients. The default is 65535, not modified.
ipTosToServer The ToS level assigned to IP packets sent to servers. The default is 65535, not modified.
ipV4TTL The outgoing packet IP TTL value for IPv4 traffic. The default is 255.
ipV6TTL The outgoing packet TTL value for IPv6 traffic. The default is 64.
linkQosToClient The QoS level assigned to packets sent to clients. The default is 65535, not modified.
linkQosToServer The QoS level assigned to packets sent to servers. The default is 65535, not modified.
loadBalancingMethod Specifies the load balancing method used to distribute traffic across pool members: ROUND_ROBIN distributes connections evenly across all pool members (default), and RATIO_LEAST_CONN_MEMBER distributes connections first to members with the least number of active connections.
looseClose Close loosely-initiated connections when receiving the first FIN packet (true/false). The default is false.
looseInitiation Initialize a connection when receiving a TCP packet, rather than requiring a SYN packet (true/false). The default is false.
mssOverride The maximum segment size for server connections, and the MSS advertised to clients. The default value is 0 (disabled).
rcvwnd The window size to use, the minimum and default is 65535 bytes.
resetOnTimeout Resets connections on timeout (true/false). The default is true.
rttFromClient Enable the TCP timestamp to measure client round trip times (true/false). The default is false.
rttFromServer Enable the TCP timestamp to measure server round trip times (true/false). The default is false.
serverSack Support server sack in cookie responses (true/false). The default is false.
serverTimestamp Supports the server timestamp in cookie responses (true/false). The default is false.
priorityToClient The internal packet priority assigned to packets sent to clients. The default is 65535, not modified.
priorityToServer The internal packet priority assigned to packets sent to servers. The default is 65535, not modified.
syncCookieEnable Enables syn-cookies on the virtual server (true/false). The default is true.
syncookieMss The MSS for server connections with SYN Cookies enabled, and the MSS advertised to clients. The default is 0 (disabled).
syncookieWhitelist Use SYN Cookie WhiteList with software SYN Cookies (true/false). The default is false.
tcpCloseTimeout The TCP close timeout in seconds. You can specify immediate or indefinite. The default is 5.
tcpGenerateIsn Generate TCP sequence numbers on all SYNs conforming with RFC1948, and allow timestamp recycling (true/false). The default is false.
tcpHandshakeTimeout The TCP handshake timeout in seconds. You specify immediate or indefinite. The default is 5.
tcpKeepAliveInterval The keep-alive probe interval in seconds. The default value is 0 (disabled).
tcpServerTimeWaitTimeout Specifies a TCP time_wait timeout in milliseconds. The default value is 0.
tcpStripSack Blocks the TCP SackOK option from passing to servers on SYN (true or false). The default is false.
vlans.vlanList A list specifying one more more VLANs to listen for application traffic.
vlans.category Specifies an F5SPKVlan category parameter value to either allow or deny ingress traffic.
vlans.disableListedVlans Disables the VLANs specified with the vlanList parameter: true (default) or false. Excluding one VLAN may simplify having to enable many VLANS.

spec.persist

_images/spk_warn.png Important: The spec.persist parameter requires the dSSM Database to store session persistence records.

Parameter Description
spec.persist.mode Specifies the type of persistence: PERSIST_TYPE_NONE (default) or PERSIST_TYPE_SRCADDR - direct session requests to the same endpoint based on the client's source IP address.
spec.persist.timeout Specifies the duration for the session persistence entries. The default value is 180 seconds.
spec.persist.hashAlg Specifies the algorithm the system uses for hash persistence load balancing: PERSIST_HASH_DEFAULT (default) - use an index of the pool members (endpoints) to determine the hash, or PERSIST_HASH_CARP - use the Cache Array Routing Protocol (CARP) to determine the hash.
spec.persist.ipv4PrefixLength Specifies the IPv4 prefix length that you want to use as the mask: 0-32. The default value is 32.
spec.persist.ipv6PrefixLength Specifies the IPv6 prefix length that you want to use as the mask: 0-128. The default value is 128.

monitors

Parameter Description
icmp.interval Specifies in seconds the monitor check frequency. The default value is 5.
icmp.timeout Specifies in seconds the time in which the target must respond. The default value is 16.
icmp.username The username for HTTP authentication.
icmp.password The password for HTTP authentication.
icmp.serversslProfileName Specifies the server side SSL profile the monitor will use to ping the target.
tcp.interval Specifies in seconds the monitor check frequency. The default value is 5.
tcp.timeout Specifies in seconds the time in which the target must respond. The default value is 16.
tcp.username The username for HTTP authentication.
tcp.password The password for HTTP authentication.
tcp.serversslProfileName Specify the server side SSL profile the monitor will use to ping the target.