F5SPKEgressDiameter CR

The F5SPKEgressDiameter Custom Resource (CR) enables a pod to initiate outbound Diameter flows to an external peer. SPK acts as a Diameter proxy. When a pod client initiates an outbound flow on port 3868, the cluster routes this traffic to an SPK instance, which intercepts the flow and responds to the client’s Capabilities Exchange Request. The F5SPKIngressDiameter CR also provides options to tune TCP or SCTP connection processing and monitor the health of Service object Endpoints. For the full list of CRs, refer to the SPK CRs.

F5SPKEgressDiameter CR Parameters

The table below describes the F5SPKEgressDiameter CR parameters used in this document.

spec

The table below describes the F5SPKEgressDiameter spec parameters.

Parameter	Description
ipfamilies	Specifies the type of IP protocol for pool members. IPv4 (default), IPv6, or IPv4andIPv6.
egressSnatpool	Specifies the name of Snatpool object.
destinationPorts	Specifies the list of ports receiving egress connections.
idleTimeout	Specifies the length of time for inactivity on the TCP/SCTP connection. The default is 300.
snatType	Determines which SNAT field is used. SRC_TRANS_NONE, SRC_TRANS_SNATPOOL, SRC_TRANS_AUTOMAP (default).
streamCount	Specifies the streams count for SCTP and TCP. The default steam count for TCP is 1.
protocol	Specifies the type of L4 protocol used for diameter connections. TCP (default) and SCTP.
diameterSession.originHost	Specifies the diameter host name sent to peers in capabilities exchange messages.
diameterSession.originRealm	Specifies the diameter realm name sent to external peers in capabilities exchange messages.
diameterSession.vendorId	Specifies the unique ID of the vendor. The default is 3375.
diameterSession.productName	Specifies the product name sent to external peers in capabilities exchange messages.
diameterSession.authorizationAppIds	Specifies list of IDs of the authorizing apps.
diameterSession.accountingAppIds	Specifies ID of app in charge of accounting resources.
router.enablePerPeerStats	Enables additional statistics collection per pool member. true or false (default).
router.transactionTimeout	Specifies the amount of time given before a transaction is timed out. The default is 300.
router.autoInitialization	Enables auto initialize to specified destinations. true (default) or false.
router.poolName	Specifies the name of the F5SPKPool object.
vlans.vlanList	Specifies a list of F5SPKVlan CRs to listen for egress traffic, using the CR's metadata.name. The list can also be disabled using vlans.disableListedVlans.
vlans.disableListedVlans	Whether to use all vlans on the egress side except the listed ones true (default), or only the ones in the list false.
vlans.category	Specifies an F5SPKVlan CR category to listen for egress traffic. The category can also be disabled using disableListedVlans.

F5SPKEgressDiameter CR Example

apiVersion: "k8s.f5net.com/v1"
kind: F5SPKEgressDiameter
metadata:
  name: "dia-egress-config"
  namespace: spk-ingress
spec:
  ipfamilies: "IPv4andIPv6"
  egressSnatpool: ""
  destinationPorts: 3868
  idleTimeout: 300
  snatType: "SRC_TRANS_AUTOMAP"
  streamCount: 1
  protocol: "TCP"
  diameterSession:
    originHost: "diameter.f5.com"
    originRealm: "f5"
    vendorId: 3375
    productName: ""
    authorizationAppIds: []
    accountingAppIds: []
  router: 
    enablePerPeerStats: false
    transactionTimeout: 300
    autoInitialization: true
    poolName: "retemaid"

Requirements

Ensure you have:

• Installed a K8S Service object and application.

• Installed the SPK Controller Pods.

• Have a Linux based workstation.

Configuring F5SPKEgressDiameter CR

Follow the instructions below to configure F5SPKEgressDiameter CR and verify the installation.

1. Copy the example F5SPKEgressDiameter CR to a YAML file, and set the namespace parameter to the Controller’s Project and save.

     apiVersion: "k8s.f5net.com/v1"
     kind: F5SPKEgressDiameter
     metadata:
      name: "dia-egress-config"
      namespace: <project>
     spec:
      ipfamilies: "IPv4andIPv6"
      egressSnatpool: ""
      destinationPorts: 3868
      idleTimeout: 300
      snatType: "SRC_TRANS_AUTOMAP"
      protocol: "TCP"
      diameterSession:
        originHost: "diameter.f5.com"
        originRealm: "f5"
        vendorId: 3375
        productName: ""
        authorizationAppIds: []
        accountingAppIds: []
      router: 
        enablePerPeerStats: false
        transactionTimeout: 300
        autoInitialization: true
        poolName: "retemaid"
     
   

   In this example, the CR installs to the spk-ingress Project:

     apiVersion: "k8s.f5net.com/v1"
     kind: F5SPKEgressDiameter
     metadata:
      name: "dia-egress-config"
      namespace: spk-ingress
     spec:
      ipfamilies: "IPv4andIPv6"
      egressSnatpool: ""
      destinationPorts: 3868
      idleTimeout: 300
      snatType: "SRC_TRANS_AUTOMAP"
      protocol: "TCP"
      diameterSession:
        originHost: "diameter.f5.com"
        originRealm: "f5"
        vendorId: 3375
        productName: ""
        authorizationAppIds: []
        accountingAppIds: []
      router: 
        enablePerPeerStats: false
        transactionTimeout: 300
        autoInitialization: true
        poolName: "retemaid"   
   

2. Apply the F5SPKEgressDiameter CR that you have created.

   oc apply -f <file name>
   

   In this example, the CR file is named spk-diameter-egress-crd.yaml:

   oc apply -f spk-diameter-egress-crd.yaml 
   

3. Copy the example F5SPKPool CR to a YAML file and save.

   apiVersion: "k8s.f5net.com/v1"
   kind: F5SPKPool
   metadata:
     name: "retemaid"
     namespace: spk-ingress
   spec:
     members:
       - address: "10.10.10.8"
         port: 3868
       - address: "10.10.10.58"
         port: 4888
   

4. Apply the F5SPKPool CR that you have created.

   oc apply -f <file name>
   

   In this example, the CR file is named egressPool.yaml:

   oc apply -f egressPool.yaml 
   

5. Egress Diameter client should now be able to connect to the application through the Service Proxy TMM.

Custom Resource shortName

CR shortNames provide an easy way to view installed CRs, and their configuration parameters. The CR shortName can also be used to delete the CR instance. The F5SPKEgressDiameter CR shortName is egdiam.

View CR instance:

kubectl get egdiam -n <namespace>

View CR configuration:

kubectl get egdiam -n <namespace> -o yaml

Verify Connectivity

If you installed the SPK Controller with the Debug Sidecar enabled, connect to the sidecar to view virtual server connectivity statistics.

1. Log in to the TMM Debug container.

   oc exec -it deploy/f5-tmm -c debug -n <project> -- bash
   

   In this example, the TMM Pod is in the spk-ingress Project:

   oc exec -it deploy/f5-tmm -c debug -n spk-ingress -- bash
   

2. View the virtual server connection statistics.

   tmctl -d blade virtual_server_stat -s name,clientside.tot_conns
   

   For example:

   name                     clientside.tot_conns
   -------------------      --------------------
   egress-diameter-vs                        13 
   

Supplemental

• Kubernetes Service

Feedback

Provide feedback to improve this document by emailing spkdocs@f5.com.