f5-appsvcs-extension
f5-appsvcs-extension copied to clipboard
F5Networks
Improved feature parity on NAT_Source_Translation_PortBlockAllocation and ltm profile ipsecalg
Is your feature request related to a problem? Please describe.
Requesting to improve feature parity of AS3 for NAT_Source_Translation_PortBlockAllocation class and added class for creating ltm profile ipsecalg objects. In current AS3 (3.28) there is no option to set the periodic-refresh-log parameter for source-translation object's port-block-allocation property. Creating an object of class NAT_Source_Translation_PortBlockAllocation sets the property to the default 0. Due to ID987345, setting this property to some high value would be required to avoid overwhelming cgnat logs with useless refresh logs. A VNF with 20+ CGNAT instances and a few millions of allocated PBAs will produce a substantial amount of these logs which is required to be avoided. Another missing feature parity we would like to see, is the ability to be able to define ltm profile ipsecalg objects using AS3. These additions would greatly improve the ability to use AS3 to configure service's for a SP GiLAN deployment.
Describe the solution you'd like
I would like to see the schema for class NAT_Source_Translation_PortBlockAllocation extended with a property to set the periodic-refresh-log property of the tmsh object it creates (default 0, but option to set to whatever integer value). Also, I would like the AS3 schema extended with a class that creates ltm profile ipsecalg configuration object.
Describe alternatives you've considered
We have considered patching in these needed configuration objects with separate REST-calls after the AS3 declaration has been applied, but the improved feature parity would be more elegant and less error prone.
Additional context
security nat source-translation SrcTranslDemo {
addresses {
x.x.x.x/x { }
}
egress-interfaces-disabled
pat-mode pba
port-block-allocation {
block-idle-timeout 300
block-lifetime 86400
block-size 512
client-block-limit 2
**periodic-refresh-log 2000**
zombie-timeout 30
}
ports {
1024-65535 { }
}
traffic-group /Common/traffic-group-1
type dynamic-pat
}
ltm profile ipsecalg ipsecalg {
app-service none
defaults-from none
description none
idle-timeout 3600
initial-connection-timeout 3
log-profile none
log-publisher none
partition Common
pending-ike-connection-limit 5
}
Can you please create a new issue for ipsecalg objects so we can track the two feature requests separately?
I created #504 for the ipsec alg feature. Ok to keep this issue for the periodic-refresh-log timer setting.
This issue has been automatically closed because there has been no response to our request for more information from the original author. With only the information that is currently in the issue, we don't have enough information to take action. Please reach out if you have or find the answers we need so that we can investigate further.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue has been automatically closed because there has been no response to our request for more information from the original author. With only the information that is currently in the issue, we don't have enough information to take action. Please reach out if you have or find the answers we need so that we can investigate further.
Sooner or later I will win this fight with this bot and keep this issue open . . .
This issue has been automatically closed because there has been no response to our request for more information from the original author. With only the information that is currently in the issue, we don't have enough information to take action. Please reach out if you have or find the answers we need so that we can investigate further.