AS3 incorrectly complains about duplicate IP when virtualAdddresses reference existing virtual-address in Common

[adityoari]

Environment

• Application Services Version: 3.46.0
• BIG-IP Version: 16.1.3.3

Summary

When posting declaration with 2 Service_TCP objects where each service is referencing separate existing virtual-address objects in /Common/Shared folder, AS3 incorrectly thinks that the 2 Services share the same IP and rejects the declaration,

Steps To Reproduce

Steps to reproduce the behavior:

1. Manually configure virtual-address objects in /Common/Shared folder in BIG-IP

ltm virtual-address Common/Shared/service_address_10_0_1_7 {
    address 10.0.1.7%1
    auto-delete false
    inherited-traffic-group true
    mask 255.255.255.255
    route-advertisement any
    traffic-group Common/traffic-group-1
}
ltm virtual-address Common/Shared/service_address_10_0_1_22 {
    address 10.0.1.22%1
    auto-delete false
    inherited-traffic-group true
    mask 255.255.255.255
    route-advertisement any
    traffic-group Common/traffic-group-1
}

2. Submit the following declaration:

{
  "class": "AS3",
  "declaration": {
    "AS3tenant": {
      "Shared": {
        "class": "Application",
        "example_22_VS": {
          "class": "Service_TCP",
          "profileTCP": {
            "bigip": "/Common/f5-tcp-progressive"
          },
          "virtualAddresses": [
            {
              "bigip": "/Common/Shared/service_address_10_0_1_22"
            }
          ],
          "virtualPort": 80
        },
        "example_7_VS": {
          "class": "Service_TCP",
          "pool": "example_POOL",
          "profileTCP": {
            "bigip": "/Common/f5-tcp-progressive"
          },
          "virtualAddresses": [
            {
              "bigip": "/Common/Shared/service_address_10_0_1_7"
            }
          ],
          "virtualPort": 80
        },
        "example_POOL": {
          "class": "Pool",
          "members": [
            {
              "serverAddresses": [
                "10.128.2.7",
                "10.131.0.30"
              ],
              "servicePort": 8082,
              "shareNodes": true
            }
          ]
        },
        "template": "shared"
      },
      "class": "Tenant",
      "defaultRouteDomain": 1
    },
    "class": "ADC",
    "label": "Manual AS3 Declaration",
    "remark": "Manually modified version of CIS",
    "schemaVersion": "3.45.0"
  }
}

3. Observe the following error response:

{
  "results": [
    {
      "code": 422,
      "message": "declaration failed",
      "response": "01070333:3: Virtual Server /AS3tenant/Shared/example_22_VS illegally shares destination address, source address, service port, ip-protocol, and vlan with Virtual Server /AS3tenant/Shared/example_7_VS.",
      "host": "localhost",
      "tenant": "AS3tenant",
      "runTime": 1190
    }
  ]
}

Expected Behavior

AS3 accepts the declaration and configure the 2 Virtual Server objects with different, pre-existing virtual-address as the destination IP.

Actual Behavior

AS3 rejects the declaration citing duplicate VS IP, although the declaration clearly references different virtual-address objects in /Common/Shared, and the virtual-address objects clearly have different address.

[dstokesf5]

Thank you for your feedback. I have confirmed your issue and I have added it to our internal product backlog as AUTOTOOL-4001.

I noticed your virtual address objects are in /Common/Shared. If those objects are being managed by AS3, then I recommend referencing them with the use keyword instead of the bigip keyword. I was able to work around the issue by using the use keyword.

[sunitharonan]

Please reach out to us at [email protected] in order to prioritize this issue. Thanks.