F5SPKIngressTCP Reference¶
The F5SPKIngressTCP Custom Resource (CR) configuration parameters. Each heading below represents the top-level parameter element. For example, to set the Kubernetes Service name, use service.name.
service¶
| Parameter | Description |
|---|---|
name |
Name of the Kubernetes Service providing access to the Pods. |
port |
The exposed port for the service. |
spec¶
| Parameter | Description |
|---|---|
destinationAddress |
The advertised IPv4 address of the application. |
ipv6destinationAddress |
The advertised IPv6 address of the application. |
destinationPort |
The external service port of the application. |
snat |
Translate the source IP address of ingress packets to TMM's self IP addresses. Use SRC_TRANS_AUTOMAP to enable, and SRC_TRANS_NONE to disable (default). |
idleTimeout |
The number of seconds a connection can remain idle before deletion. The default is 300. You can also set immediate or indefinite. |
category |
The F5SPKVlan category to associate with the virtual server. |
clientTimeout |
The seconds allowed for clients to transmit enough data to select a server pool. The default timeout is 30 seconds. |
serviceDownAction |
The action to take when the service associated with the pool is marked down by a monitor or removed by Kubernetes: POOLMBR_ACTION_NONE (default), POOLMBR_ACTION_REJECT, POOLMBR_ACTION_DROP, or POOLMBR_ACTION_RESELECT. See K15095 for more detail. |
ipFragReass |
Reassemble IP fragments (true / false). The default is true. |
ipTosToClient |
The ToS level assigned to IP packets sent to clients. The default is 65535, not modified. |
ipTosToServer |
The ToS level assigned to IP packets sent to servers. The default is 65535, not modified. |
ipV4TTL |
The outgoing packet IP TTL value for IPv4 traffic. The default is 255. |
ipV6TTL |
The outgoing packet TTL value for IPv6 traffic. The default is 64. |
linkQosToClient |
The QoS level assigned to packets sent to clients. The default is 65535, not modified. |
linkQosToServer |
The QoS level assigned to packets sent to servers. The default is 65535, not modified. |
loadBalancingMethod |
Specifies the load balancing method used to distribute traffic across pool members: ROUND_ROBIN distributes connections evenly across all pool members (default), and RATIO_LEAST_CONN_MEMBER distributes connections first to members with the least number of active connections. |
trafficDistributionStrategy |
Specifies the name of Traffic Distribution custom resource. |
looseClose |
Close loosely-initiated connections when receiving the first FIN packet (true/false). The default is false. |
looseInitiation |
Initialize a connection when receiving a TCP packet, rather than requiring a SYN packet (true/false). The default is false. |
mssOverride |
The maximum segment size for server connections, and the MSS advertised to clients. The default value is 0 (disabled). |
rcvwnd |
The window size to use, the minimum and default is 65535 bytes. |
resetOnTimeout |
Resets connections on timeout (true/false). The default is true. |
rttFromClient |
Enable the TCP timestamp to measure client round trip times (true/false). The default is false. |
rttFromServer |
Enable the TCP timestamp to measure server round trip times (true/false). The default is false. |
serverSack |
Support server sack in cookie responses (true/false). The default is false. |
serverTimestamp |
Supports the server timestamp in cookie responses (true/false). The default is false. |
priorityToClient |
The internal packet priority assigned to packets sent to clients. The default is 65535, not modified. |
priorityToServer |
The internal packet priority assigned to packets sent to servers. The default is 65535, not modified. |
syncCookieEnable |
Enables syn-cookies on the virtual server (true/false). The default is true. |
syncookieMss |
The MSS for server connections with SYN Cookies enabled, and the MSS advertised to clients. The default is 0 (disabled). |
pvaOtherClientpktsThreshold |
Indicates the number of client packets before dynamic ePVA hardware re-offloading occurs. The valid range is from 0 (zero) through 10. Default is set to 2 |
pvaOtherServerpktsThreshold |
Indicates the number of server packets before dynamic ePVA hardware re-offloading occurs. The valid range is from 0 (zero) through 10. Default is set to 1 |
pvaFlowAging |
Specifies whether automatic aging from ePVA flow cache occurs upon flows that are inactive and idle for a period of time. It is enabled by default. |
pvaFlowEvict |
Specifies whether this flow can be evicted upon hash collision with a new, flow-learn snoop request. It is enabled by default. |
pvaOffloadDynamic |
When disabled, the system offloads flows to ePVA only during the initial handshake. When enabled, the system dynamically checks flows that are previously evicted or timed out and handled by software in TMM after pva-dynamic-client-packets and pva-dynamic-server-packets is reached to determine if they're eligible to be re-offloaded into ePVA. For the system to offload a flow in a connection to ePVA hardware, you must specify both the client (PVA Dynamic Client Packets) and server (PVA Dynamic Server Packets) flow packets settings. If only one setting is relevant, set the other to 0 (zero). The PVA Offload Dynamic setting allows you to instruct the system to dynamically offload flows in a connection to ePVA hardware, if your BIG-IP system supports such hardware. When you enable the PVA Offload Dynamic setting, you can then configure the following values: * The number of client packets before dynamic ePVA hardware re-offloading occurs. The valid range is from 0 (zero) through 10. * The number of server packets before dynamic ePVA hardware re-offloading occurs. The valid range is from 0 (zero) through 10. |
pvaDynamicClientPkts |
Indicates the number of client packets before dynamic ePVA hardware re-offloading occurs. The valid range is from 0 (zero) through 10. The default is 1. |
pvaDynamicServerPkts |
Indicates the number of server packets before dynamic ePVA hardware re-offloading occurs. The valid range is from 0 (zero) through 10. The default is 0. |
hardwareSyncookie |
Enable/Disable hardware SYN cookie protection. It is disabled by default. |
softwareSyncookie |
Enable/Disable software SYN cookie protection. It is disabled by default. |
lateBinding |
Enable/Disable late binding. It is disabled by default. |
explicitFlowMigration |
Enable/Disable late binding explicit flow migration. It is disabled by default. |
syncookieWhitelist |
Use SYN Cookie WhiteList with software SYN Cookies (true/false). The default is false. |
tcpCloseTimeout |
The TCP close timeout in seconds. You can specify immediate or indefinite. The default is 5. |
tcpGenerateIsn |
Generate TCP sequence numbers on all SYNs conforming with RFC1948, and allow timestamp recycling (true/false). The default is false. |
tcpHandshakeTimeout |
The TCP handshake timeout in seconds. You specify immediate or indefinite. The default is 5. |
tcpKeepAliveInterval |
The keep-alive probe interval in seconds. The default value is 0 (disabled). |
tcpServerTimeWaitTimeout |
Specifies a TCP time_wait timeout in milliseconds. The default value is 0. |
tcpStripSack |
Blocks the TCP SackOK option from passing to servers on SYN (true or false). The default is false. |
vlans.vlanList |
A list specifying VLANs to listen for application traffic. |
vlans.category |
Specifies an F5SPKVlan category parameter value to either allow or deny ingress traffic. |
vlans.disableListedVlans |
Disables the VLANs specified with the vlanList parameter: true (default) or false. Excluding one VLAN may simplify having to enable many VLANS. |
spec.persist¶
Important: The spec.persist parameter requires the dSSM Database to store session persistence records.
| Parameter | Description |
|---|---|
spec.persist.mode |
Specifies the type of persistence: PERSIST_TYPE_NONE (default) or PERSIST_TYPE_SRCADDR - direct session requests to the same endpoint based on the client's source IP address. |
spec.persist.timeout |
Specifies the duration for the session persistence entries. The default value is 180 seconds. |
spec.persist.hashAlg |
Specifies the algorithm the system uses for hash persistence load balancing: PERSIST_HASH_DEFAULT (default) - use an index of the pool members (endpoints) to determine the hash, or PERSIST_HASH_CARP - use the Cache Array Routing Protocol (CARP) to determine the hash. |
spec.persist.ipv4PrefixLength |
Specifies the IPv4 prefix length that you want to use as the mask: 0-32. The default value is 32. |
spec.persist.ipv6PrefixLength |
Specifies the IPv6 prefix length that you want to use as the mask: 0-128. The default value is 128. |
monitors¶
| Parameter | Description |
|---|---|
icmp.interval |
Specifies in seconds the monitor check frequency. The default value is 5. |
icmp.timeout |
Specifies in seconds the time in which the target must respond. The default value is 16. |
icmp.username |
The username for HTTP authentication. |
icmp.password |
The password for HTTP authentication. |
icmp.serversslProfileName |
Specifies the server side SSL profile the monitor will use to ping the target. |
tcp.interval |
Specifies in seconds the monitor check frequency. The default value is 5. |
tcp.timeout |
Specifies in seconds the time in which the target must respond. The default value is 16. |
tcp.username |
The username for HTTP authentication. |
tcp.password |
The password for HTTP authentication. |
tcp.serversslProfileName |
Specify the server side SSL profile the monitor will use to ping the target. |