f5-appsvcs-extension icon indicating copy to clipboard operation
f5-appsvcs-extension copied to clipboard

Published 20 hours ago verified publisher icon F5Networks

support for building shared object port lists

Open ajgerace opened this issue 4 years ago • 10 comments

Is your feature request related to a problem? Please describe.

Was attempting to automate deployment of services where multiple service ports are associated with a single virtual server.

Describe the solution you'd like

create AS3 objects for shared port lists. TMSH example: tmsh create ltm traffic-matching-criteria alpha_ftpse_tmc_obj { destination-address-inline 10.0.0.10/32 destination-port-list ftp_ftpse_ports protocol tcp source-address-inline 0.0.0.0 }

Describe alternatives you've considered

I was forced to use TMSH to build the configurations as I'd need to build shared port list manually.

Additional context

ajgerace avatar May 05 '20 18:05 ajgerace

How many ports do you want to use with a single virtual server? Would defining multiple applications with a shared IP work for your use case?

{
    "class": "ADC",
    "schemaVersion": "3.0.0",
    "Tenant": {
        "class": "Tenant",
        "ApplicationOne": {
            "class": "Application",
            "template": "generic",
            "VipOne": {
                "class": "Service_HTTP",
                "virtualPort": 80,
                "virtualAddresses": [
                   "192.0.2.1"
                ]
            },
            "VipTwo": {
                "class": "Service_HTTP",
                "virtualPort": 8080,
                "virtualAddresses": [
                   "192.0.2.1"
                ]
            }
        }
    }
}

dstokesf5 avatar May 12 '20 16:05 dstokesf5

Sorry I thought I had included the port configuration. In the example above the request was for ~ 100 ports tmsh create net port-list ftp_ftpse_ports ports add { 21 39000-39100 } tmsh create net port-list ftpsi_ports ports add { 990 39101-39200 }

ajgerace avatar May 12 '20 17:05 ajgerace

Thank you, that port list configuration is very helpful. It also makes it clear that the solution I proposed does not work well for your use case.

dstokesf5 avatar May 12 '20 17:05 dstokesf5

Thank you for your feedback. This has been added to our internal product backlog as AUTOTOOL-1573.

dstokesf5 avatar May 12 '20 22:05 dstokesf5

+1 for this request

LeonardosGitHub avatar Mar 19 '21 16:03 LeonardosGitHub

+ 1

Creating shared address and port lists and being able to attach to a virtual would be great!

raZorTT avatar Jul 13 '21 03:07 raZorTT

Unfortunately, there are still several BIG-IP bugs that prevent AS3 from configuring address lists and port lists. We cannot provide a robust user experience for this feature until the following bugs are resolved:

  • 931797
  • 872981
  • 934133

dstokesf5 avatar Jul 13 '21 21:07 dstokesf5

voted up.

Creating shared address and port lists (like the 'Shared Objects' section in the GUI), and being able to attach to a virtual server.

thepowercoders avatar Jul 21 '22 14:07 thepowercoders

I have an immediate need for this feature as well.

ghost avatar Aug 04 '22 16:08 ghost

Good day - This feature would be very Valuable, I have multiple use cases for this now.

poly68 avatar Aug 05 '22 12:08 poly68

If you are still looking for this feature, please reach out to us at [email protected]

sunitharonan avatar Oct 25 '22 18:10 sunitharonan

This issue has been automatically closed because there has been no response to our request for more information from the original author. With only the information that is currently in the issue, we don't have enough information to take action. Please reach out if you have or find the answers we need so that we can investigate further.

github-actions[bot] avatar Nov 24 '22 20:11 github-actions[bot]

@mdditt2000 Can this issue be re-opened and looked into again?

21buckets avatar May 25 '23 23:05 21buckets

@21buckets - you can do this in AS3 if you have AFM (F5 Firewall) enabled. If you do, you can use the classes: Firewall_Address_List and Firewall_Port_List. Both of these allow you to define IP address lists and port lists which, when added, are actually are placed in the Shared Objects part of the config - so can also be used for virtual servers.

Example:

{
    "class": "AS3",
    "action": "deploy",
    "persist": true,
    "declaration": {
        "class": "ADC",
        "schemaVersion": "3.43.0",
        "Test01": {
            "class": "Tenant",
            "App01": {
                "class": "Application",
                "template": "shared",
                "shared-port-list": {
                    "class": "Firewall_Port_List",
                    "ports": [
                        80,
                        443
                    ]
                }
            }
        }
    }
}

Creates this: image

which can then be used in a VS: image

thepowercoders avatar May 26 '23 08:05 thepowercoders

@21buckets @thepowercoders no need to reopen this issue. AS3 can already create those objects, you just can't refer to them from a virtual yet. However referring the virtual is coming in AUTOTOOL-3821 Hopefully AS3-46

mdditt2000 avatar May 26 '23 18:05 mdditt2000

@21buckets - you can do this in AS3 if you have AFM (F5 Firewall) enabled. If you do, you can use the classes: Firewall_Address_List and Firewall_Port_List. Both of these allow you to define IP address lists and port lists which, when added, are actually are placed in the Shared Objects part of the config - so can also be used for virtual servers.

Example:

{
    "class": "AS3",
    "action": "deploy",
    "persist": true,
    "declaration": {
        "class": "ADC",
        "schemaVersion": "3.43.0",
        "Test01": {
            "class": "Tenant",
            "App01": {
                "class": "Application",
                "template": "shared",
                "shared-port-list": {
                    "class": "Firewall_Port_List",
                    "ports": [
                        80,
                        443
                    ]
                }
            }
        }
    }
}

Creates this: image

which can then be used in a VS: image

@thepowercoders - appreciate this info... Is there any reason for the requirement for AFM? Shared Objects can be consumed via an LTM only virtual server. My lab environment doesn't have AFM provisioned yet the Shared Objects menu is available.

image

image

21buckets avatar May 30 '23 03:05 21buckets

I've answered my own question on this one..

I can see AS3 is using the security firewall port-list tmsh command to create the object, rather than the net port-list command that is compatible with LTM, which is why the AFM module is required.

@mdditt2000 - Would it be possible to implement the functionality using this command?

tmsh create net port-list myPortList ports add { 80 443}

https://clouddocs.f5.com/cli/tmsh-reference/v15/modules/net/net_port-list.html

21buckets avatar May 30 '23 05:05 21buckets

@21buckets you right net port-list is current NOT in AS3. I will create a new JIRA task for this.

mdditt2000 avatar May 30 '23 20:05 mdditt2000

@21buckets @thepowercoders Created AUTOTOOL-3881 "Add support for Net Port-list when no AFM is provisioned" - Added to the next sprint.

mdditt2000 avatar May 31 '23 18:05 mdditt2000

@mdditt2000, any updates on the port list functionality? you adding the same functionality for address lists? when is the ability to reference shared objects in virtual server declarations coming?

petliura avatar Jul 06 '23 04:07 petliura