SPK Fixes and Known Issues

This list highlights fixes and known issues for this SPK release.

Known Issues

1617301-3

Bidirectional persistence traffic may fail in F5SPKIngressDiameter and F5SPKIngressHTTP2 deployments

Component: FSM

Symptoms:
Outbound requests on new connections for bidirectional persistence configurations may fail for deployments that are utilizing F5SPKIngressHTTP2 or F5SPKIngressDiameter custom resources. Ingress traffic, outbound responses, and outbound requests utilizing the existing connection are unaffected.

Conditions:

  • An outbound request is sent on a new connection from an endpoint that is a part of a service configured for F5SPKIngressHTTP2 or F5SPKIngressDiameter.

  • SPK is configured with more than one f5-tmm pod.

Impact:
Outbound requests may be dropped.

Workaround:
Utilize only one f5-tmm pod replica for SPK instances requiring bidirectional persistence with F5SPKIngressHTTP2 or F5PSKIngressDiameter

1889425-3

Egress traffic fails during an f5-tmm pod restart event

Component: FSM

Symptoms:

Egress traffic fails while one or more f5-tmm pods are restarting.

Conditions:

  • SPK is installed and configured to handle egress traffic from watched namespaces.

  • One or more f5-tmm pods crash or are restarted by Kubernetes.

Impact:

Egress traffic might fail from traffic routing to an f5-tmm pod that is restarting.

2035637-2

Traffic drops in egress traffic during upgrade from 2.0.2 to 2.1.0

Component: Egress

Symptoms:
During rolling upgrade of TMMs, some egress connections are dropped because the OVN routes to the old TMM are not removed as soon as old TMM is down.

Whenever readiness gates are ready on the new TMM, the old TMM immediately goes down. But as the OVN route to old TMM still exists for 7-8 seconds, some connections are sent to the old TMM through the invalid route are dropped.

Conditions:

  1. Rolling upgrade from SPK 2.0.2 to SPK 2.1.0.

  2. BFD is enabled on both ingress and egress.

  3. Running both ingress and egress traffic.

Impact:
Some traffic is disrupted during the rolling upgrade.

1968153-3

Traffic stats missing drop counter for trunk usecases

Component: FSM

Symptoms:
Traffic stats are not present when packet are dropped when using a trunk interface.

Conditions:
The trunk does not have any interfaces to forward traffic.

Impact:
Missing diagnostics.

2138129-1

Fluent-bit ARM64 image hits unsupported page size issues on ARM64 AKS cluster

Component: Toda_fluentbit

Symptoms:
When configuring a Linux kernel with the page size for 64K page size: CONFIG_ARM64_64K_PAGES=y, Fluentbit fails to start with an error “Unsupported system page size”.

Conditions:
When configuring a Linux kernel with the page size for 64K page size: CONFIG_ARM64_64K_PAGES=y.

Impact:
Fluentbit fails to start with an error “Unsupported system page size”.

1823977-2

Logs for TMM container is unavailable through console output when fluentbit container is enabled in TMM pod

Component: FSM

Symptoms:
When the fluentbit container is enabled for the f5-tmm pod, the f5-tmm container logs will not be outputted to the console. However, the f5-tmm container logs can still be found in the f5-toda-fluentd pod (located under “/var/log/f5”).

Conditions:
Fluentbit container is enabled and running in the f5-tmm pod.

Impact:
F5-tmm container logs will not be outputted through console and can only be found in the f5-toda-fluentd pod.

Workaround:
The f5-tmm container logs can still be found in the f5-toda-fluentd pod (located under “/var/log/f5”).

1785181-2

Configuration data for a previously monitored namespace is not removed when the namespace is deleted from the watch list

Component: FSM

Symptoms:
When namespace is removed from watch namespace list by editing the controller deployment, configs for custom resources (CRs) in removed namespace are not cleared from TMM.

Conditions:
Controller initially monitors the namespace, then removes the namespace from watch namespace list.

Impact:
Config for custom resources (CRs) in removed namespace is cleared on TMM.

Workaround:
Delete CR’s from the namespace before removing the namespace from watch namespace list.

2196305-1

Helm upgrade displays conflict error with object .data.cluster_node_ip__apps

Component: FSM

Symptoms:
Helm upgrade displays the following error on upgrade

level=WARN msg=”upgrade failed” name=f5ingress error=”conflict occurred while applying object dav17-alpha/f5-tmm-dynamic-routing /v1, Kind=ConfigMap: Apply failed with 1 conflict: conflict with “f5ingress” using v1: .data.cluster_node_ip__apps”.

Conditions:
uring helm upgrade.

Impact:
Just error message on the console, no impact to configuration or traffic forwarding.

Workaround:
Ignore the error message.

2200517-1

Hardware acceleration for IPv6 is not supported.

Component: FSM

Symptoms:
MOn the CX7 NIC, BIG-IP Next for Kubernetes hardware acceleration is not supported for IPv6 traffic. Only IPv4 traffic offloading is available, including IPv4 flow offloading, IPv4 NAT44 offloading, and ACL offloading.

Conditions:
BIG-IP Next for Kubernetes running on the CX7 NIC.

Impact:
IPv6 traffic is not optimized for acceleration.