Skip to content

What is F5network

The F5network component integrates the F5 official project f5 ipam controller and k8s bigip ctlr, Complete the control of the F5 device, synchronize the service and ingress configuration in the cluster to the F5 hardware device, and realize the load balancing of the northbound ingress of the cluster.

Among them, the k8s bigip ctlr component is responsible for monitoring service or ingress objects, and realizing the control plane rule delivery to F5 hardware devices; When working in Layer 4 load balancing mode, the f5 ipam controller component is mainly responsible for the ingress VIP allocation of F5 hardware.

Forward mode

F5 devices have two modes to forward traffic to the cluster (for more information about forwarding modes, please refer to official instructions ).

  1. NodePort forwarding mode: F5 forwards the traffic to the nodePort of the cluster node. This mode can work in "layer 4 forwarding" and "layer 7 forwarding".

    Advantages: There is no need for special processing between the cluster and the F5 device, as long as the F5 device can access the cluster nodes, the versatility is stronger.

    Requirement: The loadBalancer service object of the cluster application must be assigned a nodePort.

  2. Cluster forwarding mode: F5 forwards the traffic directly to the Pod IP, and this mode can work in "layer 4 forwarding" and "layer 7 forwarding".

    Advantage: The data packet is forwarded directly to the Pod without going through the nodePort method of the kube proxy. The forwarding method is more efficient and the delay is lower.

    Requirements: The cluster forwards Pod routes to the routers and F5 devices in the network through the BPG protocol, or requires the nodes in the cluster to establish VXLAN tunnels with the F5 devices.

Function Description

  1. Layer 4 load balancing

    In this load balancing mode, combined with "NodePort forwarding mode", F5 load balancing can be created for LoadBalancer services (nodePort is required); It can also be used in conjunction with "Cluster Forwarding Mode" to create F5 load balancing for LoadBalancer services (nodePorts may not be allocated). Among them, the f5 ipam controller component maintains a configurable VIP pool, and independently assigns an exclusive EXTERNAL IP to each service.

    Note: In this mode, be sure to install f5 ipam controller and assign a VIP to each service.

  2. Layer 7 load balancing

    In this load balancing mode, it works as an ingress controller. It can cooperate with "NodePort forwarding mode", and the service matching the ingress is required to be of nodePort type; It can be used with "Cluster forwarding mode", and the service matched by the ingress is the clusterIP type.

    Note: In this mode, f5 ipam controller does not need to be installed, and all ingresses share one VIP.

Note

This component cannot work under "Layer 4 load balancing" and "Layer 7 load balancing" at the same time, you can only choose one of the two.

For more information, please refer to F5 Official Documentation.

Comments