f5-appsvcs-extension
f5-appsvcs-extension copied to clipboard
F5Networks
Service with virtual address of "0.0.0.0" and shareAddresses set to true is not idempotent
Environment
- Application Services Version: 3.36.0
- BIG-IP Version: 16.1.2.2
Summary
When creating a service with an address of 0.0.0.0 or 0.0.0.0%2 and shareAddresses set to true creates initially but fails on any follow on posts. I have tried this several different ways, with source subnet, without, etc.. Always the same result.
Steps To Reproduce
Steps to reproduce the behavior:
- Submit the following declaration:
{
"$schema": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/master/schema/latest/as3-schema.json",
"class": "AS3",
"action": "deploy",
"persist": true,
"id": "Shared",
"declaration": {
"class": "ADC",
"schemaVersion": "3.0.0",
"Common": {
"class": "Tenant",
"Shared": {
"class": "Application",
"template": "shared",
"enable": true,
"wildcard_v4_rtd0_vs": {
"class": "Service_L4",
"layer4": "any",
"virtualPort": 0,
"snat": "none",
"translateServerAddress": false,
"translateServerPort": false,
"virtualAddresses": [
[
"0.0.0.0",
"0.0.0.0/0"
]
],
"profileL4": {
"bigip": "/Common/fastL4"
},
"allowVlans": [
{
"bigip": "/Common/VLAN1"
}
],
"shareAddresses": true,
"redirect80": false,
"persistenceMethods": []
},
"wildcard_v4_rtd2_vs": {
"class": "Service_L4",
"layer4": "any",
"virtualPort": 0,
"snat": "none",
"translateServerAddress": false,
"translateServerPort": false,
"virtualAddresses": [
[
"0.0.0.0%2",
"0.0.0.0%2/0"
]
],
"profileL4": {
"bigip": "/Common/fastL4"
},
"allowVlans": [
{
"bigip": "/Common/VLAN2"
}
],
"shareAddresses": true,
"redirect80": false,
"persistenceMethods": []
}
}
}
}
}
- Initial request is successful assuming the objects do not already exist:
"results": [
{
"code": 200,
"message": "success",
"lineCount": 20,
"host": "localhost",
"tenant": "Common",
"runTime": 1342
},
{
"code": 200,
"message": "success",
"lineCount": 22,
"host": "localhost",
"tenant": "Common",
"runTime": 1263
}
],
- Any additional posts fail:
"results": [
{
"code": 422,
"message": "declaration failed",
"response": "01020066:3: The requested Virtual Address (/Common/0.0.0.0%2) already exists in partition Common.",
"host": "localhost",
"tenant": "Common",
"runTime": 1712
},
{
"code": 422,
"message": "declaration failed",
"response": "01020066:3: The requested Virtual Address (/Common/0.0.0.0%2) already exists in partition Common.",
"host": "localhost",
"tenant": "Common",
"runTime": 1529
}
],
Expected Behavior
Expected behavior is I should be able to create wildcard listeners and share them without the declaration failing after the initial creation.
Actual Behavior
The Declaration works the first run, But after that I'm unable to resubmit,
Thank you for your feedback. It looks like there is an issue with shareAddresses specifically. If I remove that from your declaration, everything works. As long as everything is in the same tenant, you do not actually need shareAddresses.
I suspect you may want to re-use this address across multiple tenants. As a work around to this bug, you may be able to declare appropriate Service_Address objects in /Common/Shared that are re-used in other tenants. This is effectively what the shareAddresses option is doing behind the scenes. Here is an example using Service_Address: https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/declarations/miscellaneous.html?highlight=service_address#advertising-a-route-for-a-service-address.
The following results in error.
Common Declaration: Successful
{
"$schema": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/master/schema/latest/as3-schema.json",
"class": "AS3",
"action": "deploy",
"persist": true,
"id": "Shared",
"declaration": {
"class": "ADC",
"schemaVersion": "3.0.0",
"Common": {
"class": "Tenant",
"Shared": {
"class": "Application",
"template": "shared",
"enable": true,
"wildcard_v4_rtd0": {
"class": "Service_Address",
"virtualAddress": "0.0.0.0"
},
"wildcard_v4_rtd2": {
"class": "Service_Address",
"virtualAddress": "0.0.0.0%2"
},
"wildcard_v4_rtd0_vs": {
"class": "Service_L4",
"layer4": "any",
"virtualPort": 0,
"snat": "none",
"translateServerAddress": false,
"translateServerPort": false,
"virtualAddresses": [
{
"use": "wildcard_v4_rtd0"
}
],
"profileL4": {
"bigip": "/Common/fastL4"
},
"allowVlans": [
{
"bigip": "/Common/VLAN1"
}
],
"redirect80": false,
"persistenceMethods": []
},
"wildcard_v4_rtd2_vs": {
"class": "Service_L4",
"layer4": "any",
"virtualPort": 0,
"snat": "none",
"translateServerAddress": false,
"translateServerPort": false,
"virtualAddresses": [
{
"use": "wildcard_v4_rtd2"
}
],
"profileL4": {
"bigip": "/Common/fastL4"
},
"allowVlans": [
{
"bigip": "/Common/VLAN2"
}
],
"redirect80": false,
"persistenceMethods": []
}
}
}
}
}
Test Tenant: Fails
{
"$schema": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/master/schema/latest/as3-schema.json",
"class": "AS3",
"action": "deploy",
"persist": true,
"id": "test",
"declaration": {
"class": "ADC",
"schemaVersion": "3.0.0",
"test": {
"class": "Tenant",
"Shared": {
"class": "Application",
"template": "shared",
"enable": true,
"wildcard_v4_rtd0": {
"class": "Service_Address",
"virtualAddress": "0.0.0.0"
},
"wildcard_v4_rtd2": {
"class": "Service_Address",
"virtualAddress": "0.0.0.0%2"
},
"wildcard_v4_rtd0_443_vs": {
"class": "Service_TCP",
"layer4": "tcp",
"virtualPort": 443,
"snat": "none",
"translateServerAddress": false,
"translateServerPort": false,
"virtualAddresses": [
{
"bigip": "/Common/Shared/wildcard_v4_rtd0"
}
],
"allowVlans": [
],
"redirect80": false,
"persistenceMethods": []
},
"wildcard_v4_rtd2_443_vs": {
"class": "Service_TCP",
"layer4": "tcp",
"virtualPort": 443,
"snat": "none",
"translateServerAddress": false,
"translateServerPort": false,
"virtualAddresses": [
{
"bigip": "/Common/Shared/wildcard_v4_rtd2"
}
],
"allowVlans": [
],
"redirect80": false,
"persistenceMethods": []
}
}
}
}
}
"results": [
{
"code": 200,
"message": "no change",
"host": "localhost",
"tenant": "Common",
"runTime": 583
},
{
"code": 422,
"message": "declaration failed",
"response": "0107176c:3: Invalid Virtual Address, the IP address 0.0.0.0 already exists.",
"host": "localhost",
"tenant": "test",
"runTime": 915
},
{
"code": 200,
"message": "no change",
"host": "localhost",
"tenant": "Common",
"runTime": 1227
}
],
hold on let me rerun that i didn't take the service address out of the second declaration.
Running into the same issue I posted about in https://github.com/F5Networks/f5-appsvcs-extension/issues/606. Even tried adding the source subnet just to be safe on the second go around.
{
"$schema": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/master/schema/latest/as3-schema.json",
"class": "AS3",
"action": "deploy",
"persist": true,
"id": "test",
"declaration": {
"class": "ADC",
"schemaVersion": "3.0.0",
"test": {
"class": "Tenant",
"Shared": {
"class": "Application",
"template": "shared",
"enable": true,
"wildcard_v4_rtd0_443_vs": {
"class": "Service_TCP",
"layer4": "tcp",
"virtualPort": 443,
"snat": "none",
"translateServerAddress": false,
"translateServerPort": false,
"virtualAddresses": [
{
"bigip": "/Common/Shared/wildcard_v4_rtd0"
}
],
"allowVlans": [
],
"redirect80": false,
"persistenceMethods": []
},
"wildcard_v4_rtd2_443_vs": {
"class": "Service_TCP",
"layer4": "tcp",
"virtualPort": 443,
"snat": "none",
"translateServerAddress": false,
"translateServerPort": false,
"virtualAddresses": [
[
{
"bigip": "/Common/Shared/wildcard_v4_rtd2"
},
"0.0.0.0%2/0"
]
],
"allowVlans": [
],
"redirect80": false,
"persistenceMethods": []
}
}
}
}
}
"results": [
{
"code": 200,
"message": "no change",
"host": "localhost",
"tenant": "Common",
"runTime": 655
},
{
"code": 422,
"message": "declaration failed",
"response": "0107028b:3: The source (0.0.0.0%2) and destination (0.0.0.0) addresses for virtual server (/test/Shared/wildcard_v4_rtd2_443_vs) must be in the same route domain.",
"host": "localhost",
"tenant": "test",
"runTime": 901
},
{
"code": 200,
"message": "no change",
"host": "localhost",
"tenant": "Common",
"runTime": 680
}
],
Try it with use-pointers:
{
"$schema": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/master/schema/latest/as3-schema.json",
"class": "AS3",
"action": "deploy",
"persist": true,
"id": "test",
"declaration": {
"class": "ADC",
"schemaVersion": "3.0.0",
"test": {
"class": "Tenant",
"Shared": {
"class": "Application",
"template": "shared",
"enable": true,
"wildcard_v4_rtd0_443_vs": {
"class": "Service_TCP",
"layer4": "tcp",
"virtualPort": 443,
"snat": "none",
"translateServerAddress": false,
"translateServerPort": false,
"virtualAddresses": [
{
"use": "/Common/Shared/wildcard_v4_rtd0"
}
],
"allowVlans": [
],
"redirect80": false,
"persistenceMethods": []
},
"wildcard_v4_rtd2_443_vs": {
"class": "Service_TCP",
"layer4": "tcp",
"virtualPort": 443,
"snat": "none",
"translateServerAddress": false,
"translateServerPort": false,
"virtualAddresses": [
[
{
"use": "/Common/Shared/wildcard_v4_rtd2"
},
"0.0.0.0%2/0"
]
],
"allowVlans": [
],
"redirect80": false,
"persistenceMethods": []
}
}
}
}
}
I know the use vs bigip keyword is a bit confusing. The use keyword should be used when referencing something configured by AS3 (even across declarations). The bigip keyword should be used when referencing an object that exists on the BIG-IP that is not managed/created by AS3.
That worked. You are awesome. Thank you for explaining that. I had it in my mind that if you used "use" it had to be referenced in the same Declaration. I guess my fault for not trying. Appreciate your quick help on this.
It is a common issue since the use-pointers did not always work across multiple declarations, and bigip-pointers were used to work around that. You may even come across some people still, incorrectly, recommending to use bigip-pointers when referencing a previous declaration.
I'm still running into an issue. All of them seem to work except v6 with route domain.
{
"$schema": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/master/schema/latest/as3-schema.json",
"class": "AS3",
"action": "deploy",
"persist": true,
"id": "Shared",
"declaration": {
"class": "ADC",
"schemaVersion": "3.0.0",
"Common": {
"class": "Tenant",
"Shared": {
"class": "Application",
"template": "shared",
"enable": true,
"wildcard_v6_rtd2": {
"class": "Service_Address",
"virtualAddress": "::0.0.0.0%2"
},
"wildcard_v6_rtd2_vs": {
"class": "Service_L4",
"layer4": "any",
"virtualPort": 0,
"snat": "none",
"translateServerAddress": false,
"translateServerPort": false,
"virtualAddresses": [
{
"use": "wildcard_v6_rtd2"
}
],
"profileL4": {
"bigip": "/Common/fastL4"
},
"allowVlans": [
{
"bigip": "/Common/VLAN1"
}
],
"redirect80": false,
"persistenceMethods": []
}
}
}
}
}
I receive this error on initial and any proceeding POSTS. I thought maybe it was a format issue, but I tried "::%2", "::0.0.0.0%2", and "0:0:0:0:0:0:0:0%2" all fail.
"results": [
{
"code": 200,
"message": "success",
"lineCount": 16,
"host": "localhost",
"tenant": "Common",
"runTime": 1470
},
{
"code": 422,
"message": "declaration failed",
"response": "The Service Address virtualAddress property cannot be modified. Please delete /Common/Shared/wildcard_v6_rtd2 and recreate it.",
"host": "localhost",
"tenant": "Common",
"runTime": 570
}
],
It appears the issue is related to specifically just the "Service_Address" with v6 and route domains, doesn't seem to be idempotent.
{
"$schema": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/master/schema/latest/as3-schema.json",
"class": "AS3",
"action": "deploy",
"persist": true,
"id": "Shared",
"declaration": {
"class": "ADC",
"schemaVersion": "3.0.0",
"Common": {
"class": "Tenant",
"Shared": {
"class": "Application",
"template": "shared",
"enable": true,
"wildcard_v6_rtd2": {
"class": "Service_Address",
"virtualAddress": "::%2"
}
}
}
}
}
"results": [
{
"code": 200,
"message": "success",
"lineCount": 16,
"host": "localhost",
"tenant": "Common",
"runTime": 1190
},
{
"code": 422,
"message": "declaration failed",
"response": "The Service Address virtualAddress property cannot be modified. Please delete /Common/Shared/wildcard_v6_rtd2 and recreate it.",
"host": "localhost",
"tenant": "Common",
"runTime": 494
}
],
I have added this issue to our internal product backlog as AUTOTOOL-3303.