f5-appsvcs-extension icon indicating copy to clipboard operation
f5-appsvcs-extension copied to clipboard

Published 20 hours ago verified publisher icon F5Networks

AS3 bigip pointer is unable to find pre-existing virtual-address with %rd

Open adityoari opened this issue 1 year ago • 2 comments

Environment

  • Application Services Version: 3.51.0
  • BIG-IP Version: 17.1.1.3

Summary

Using bigip pointer in virtualAddresses object to reference pre-exising virtual-address with %RD prefix in Common partition results in 422 error response "Unable to find /Common/10.1.100.1%1 for /Tenant01/A1/vs1/virtualAddresses/0"

Steps To Reproduce

Steps to reproduce the behavior:

  1. Have a virtual-address with %RD in Common partition
ltm virtual-address 10.1.100.1%1 {
    address 10.1.100.1%1
    auto-delete false
    mask 255.255.255.255
    traffic-group traffic-group-1
}
  1. Submit the following declaration:
{
  "class": "AS3",
  "declaration": {
    "class": "ADC",
    "schemaVersion": "3.0.0",
    "Tenant01": {
      "class": "Tenant",
      "defaultRouteDomain": 1,
      "A1": {
        "class": "Application",
        "template": "generic",
        "vs1": {
          "class": "Service_UDP",
          "sourceAddress": "0.0.0.0%1/0",
          "virtualAddresses": [
            { "bigip": "/Common/10.1.100.1%1" }
          ],
          "virtualPort": 80,
          "pool": "web_pool"
        },
        "web_pool": {
          "class": "Pool",
          "monitors": [{
            "bigip": "/Common/udp"
          }],
          "members": [
            {
              "servicePort": 80,
              "serverAddresses": [
                "192.0.1.10"
              ]
            }]
        }
      }
    }
  }
}
  1. Observe the following error response:
{
  "code": 422,
  "declarationFullId": "",
  "message": "Unable to find /Common/10.1.100.1%1 for /Tenant01/A1/vs1/virtualAddresses/0"
}
  1. Using TMSH to create VS works fine:
[admin@ip-10-1-1-4:Standby:Disconnected] tmp # tmsh cre ltm virtual rd1_vs2 destination 10.1.100.1%1:8082
[admin@ip-10-1-1-4:Standby:Disconnected] tmp # tmsh li ltm virtual rd1_vs2
ltm virtual rd1_vs2 {
    creation-time 2024-07-20:06:24:49
    destination 10.1.100.1%1:8082
    last-modified-time 2024-07-20:06:24:49
    mask 255.255.255.255
    profiles {
        fastL4 { }
    }
    serverssl-use-sni disabled
    source 0.0.0.0%1/0
    translate-address enabled
    translate-port enabled
    vs-index 6
}

Jul 20 06:24:49 ip-10-1-1-4.us-west-2.compute.internal notice mcpd[25830]: 01070417:5: AUDIT - client tmsh, tmsh-pid-12232, user admin - transaction #33968-2 - object 0 - create { virtual_server { virtual_server_name "/Common/rd1_vs2" virtual_server_va_name "10.1.100.1%1" virtual_server_port 8082 } } [Status=Command OK]
Jul 20 06:24:49 ip-10-1-1-4.us-west-2.compute.internal notice tmsh[12232]: 01420002:5: AUDIT - pid=12232 user=admin folder=/Common module=(tmos)# status=[Command OK] cmd_data=cre ltm virtual rd1_vs2 destination 10.1.100.1%1:8082

Expected Behavior

AS3 is able to create the VS with pre-existing virtual-address having %rRD suffix

Actual Behavior

Declaration fails with code 422 and error message "Unable to find /Common/10.1.100.1%1 for /Tenant01/A1/vs1/virtualAddresses/0"

Additional Notes

Using Service_Address in AS3 or creating the virtual-address manually using non-literal address is currently not feasible for the customer due to BIG-IP Bug ID1589133

adityoari avatar Jul 20 '24 13:07 adityoari

Chances are this is stemmed on how iControl REST presents the virtual-address objects in BIG-IP by URL encoding the % character to %25. I reckon AS3 would search for the literal value of virtualAddresses element (e.g. 10.1.100.1%1), but since the iControl REST server indexes the object with the URL encoding 10.1.100.1%251 it would return Not Found error.

Sample REST output showing the URL encoding in the selfLink property:

[admin@ip-10-1-1-4:Standby:In Sync] tmp # curl -sku rest: 'http://localhost:8100/mgmt/tm/ltm/virtual-address/~Common~10.1.100.1%251' | jq .
{
  "kind": "tm:ltm:virtual-address:virtual-addressstate",
  "name": "10.1.100.1%1",
  "partition": "Common",
  "fullPath": "/Common/10.1.100.1%1",
  "generation": 4024,
  "selfLink": "https://localhost/mgmt/tm/ltm/virtual-address/~Common~10.1.100.1%251?ver=16.1.4.1",
  "address": "10.1.100.1%1",
  "arp": "enabled",
  <!--- snipped for brevity --->
}

This means that the ideal fix would need to cater for such URL encoding during object name search, in at least one of the following scenarios:

  • dynamically when AS3 sees a % character (and perhaps other characters which require URL encoding) in bigip property value
  • statically for virtualAddresses element value (and perhaps other similar properties e.g. sourceAddress)

adityoari avatar Aug 12 '24 03:08 adityoari

AUTOTOOL-4448 has been created and added to our backlog, mentioned the same in the escalation raised for this issue.

sunitharonan avatar Aug 13 '24 13:08 sunitharonan