f5-journeys
f5-journeys copied to clipboard
f5devcentral
[FEAT] Support for LTM policies
Is your feature request related to a problem? Please describe. When a virtual server contains a policy to forward traffic to a pool based on a a condition (i.e. URI path equals value), the Journey's tool does not pick up the policy configuration. The configuration file shows the referenced policy in the ltm object, but does not contain any policy configuration.
The AS3 preview does not appear to even reference the policy name, and does not have any of the policy configuration either
Describe the solution you'd like When using a policy to forward traffic to a pool, the AS3 preview should have the policy configuration (Endpoint_Policy in AS3)
Can you provide exemplary virtual with such policy and the AS3 output? (You can send a UCS via SR for analysis as well).
Hi, I can't provide a UCS but I can provide steps and configuration to reproduce:
The VS and ltm policy is based off the configuration under "Using a Local Trafic Policy to forward HTTP Request". I configured this manually (without AS3) for the sake of the testing...
I am also running the latest version of Journeys: f5devcentral/f5-bigip-journeys-app:v3.3.4
{
"class": "ADC",
"schemaVersion": "3.2.0",
"id": "ltm_policy",
"label": "",
"remark": "Simple HTTP application with LTM policy",
"Sample_http_08": {
"class": "Tenant",
"A1": {
"class": "Application",
"service": {
"class": "Service_HTTP",
"virtualAddresses": [
"10.0.1.10"
],
"policyEndpoint": "forward_policy"
},
"web_pool": {
"class": "Pool",
"monitors": [
"http"
],
"members": [{
"servicePort": 80,
"serverAddresses": [
"192.0.2.10",
"192.0.2.11"
]
}]
},
"forward_policy": {
"class": "Endpoint_Policy",
"rules": [{
"name": "forward_to_pool",
"conditions": [{
"type": "httpUri",
"path": {
"operand": "contains",
"values": ["example.com"]
}
}],
"actions": [{
"type": "forward",
"event": "request",
"select": {
"pool": {
"use": "web_pool"
}
}
}]
}]
}
}
}
}
The Journeys tool then picks up the bigip.conf configuration. Note the ltm object reference to the policy "/labtest/forward_policy", but there is no bigip.conf configuration for the policy itself.
ltm virtual-address /labtest_1/application_3/10.0.1.10 {
address 10.0.1.10
arp enabled
icmp-echo enabled
mask 255.255.255.255
traffic-group /Common/traffic-group-1
}
ltm virtual /labtest_1/application_3/service {
creation-time 2022-07-14:09:05:28
destination /labtest_1/application_3/10.0.1.10:80
ip-protocol tcp
last-modified-time 2022-07-14:09:05:28
mask 255.255.255.255
policies {
/labtest/forward_policy { }
}
profiles {
/Common/http { }
/Common/tcp { }
}
serverssl-use-sni disabled
source 0.0.0.0/0
source-address-translation {
type automap
}
translate-address enabled
translate-port enabled
}
Finally, the resultant AS3 declaration doesn't even show the linked policy in the "Service_HTTP" class, and there is also no policy configuration:
{
"class": "ADC",
"schemaVersion": "3.23.0",
"id": "urn:uuid:0000ee14-b3cd-4204-9c87-7844fc89ec50",
"label": "Converted Declaration",
"remark": "Generated by JOURNEYS",
"labtest_1": {
"class": "Tenant",
"application_3": {
"class": "Application",
"service": {
"snat": "auto",
"class": "Service_HTTP",
"layer4": "tcp",
"profileTCP": {
"bigip": "/Common/tcp"
},
"profileHTTP": {
"bigip": "/Common/http"
},
"virtualAddresses": [
"10.0.1.10"
],
"translateServerPort": true,
"translateServerAddress": true
},
"template": "generic"
}
}
}
If it helps, the bigip.conf configuration that isn't showing up in Journeys:
Policy
ltm policy /labtest/forward_policy {
controls { forwarding }
requires { http }
rules {
forward_to_pool {
actions {
0 {
forward
select
pool /labtest/web_pool
}
}
conditions {
0 {
http-uri
path
contains
values { example.com }
}
}
}
}
strategy /Common/first-match
}
Nodes
ltm node /labtest/192.0.2.10 {
address 192.0.2.10
}
ltm node /labtest/192.0.2.11 {
address 192.0.2.11
}
Pool
ltm pool /labtest/web_pool {
members {
/labtest/192.0.2.10:80 {
address 192.0.2.10
}
/labtest/192.0.2.11:80 {
address 192.0.2.11
}
}
monitor /Common/http
}
Is that issue only affecting forward to Pool or any LTM policy with any forward rule type (Pool/Node/Virtual)?
Issue appears to happen on all LTM policies.
Latest test:
Bigip.conf file from Journeys (can see policy reference, but no policy config):
ltm virtual-address /tenant_1/application_1/192.168.30.68 {
address 192.168.30.68
arp enabled
icmp-echo enabled
mask 255.255.255.255
traffic-group /Common/traffic-group-1
}
ltm virtual /tenant_1/application_1/vs_testvip {
creation-time 2022-08-22:08:41:54
destination /tenant_1/application_1/192.168.30.68:443
ip-protocol tcp
last-modified-time 2022-08-22:08:45:52
mask 255.255.255.255
policies {
/Common/test_policy_journeys { }
}
profiles {
/Common/clientssl {
context clientside
}
/Common/http { }
/Common/tcp { }
}
serverssl-use-sni disabled
source 0.0.0.0/0
source-address-translation {
type automap
}
translate-address enabled
translate-port enabled
}
AS3 (No policy reference at all):
{
"class": "ADC",
"schemaVersion": "3.23.0",
"id": "urn:uuid:12f08be4-f02e-450f-8e86-4f19d481ef64",
"label": "Converted Declaration",
"remark": "Generated by JOURNEYS",
"tenant_1": {
"class": "Tenant",
"application_1": {
"class": "Application",
"template": "generic",
"vs_testvip": {
"snat": "auto",
"class": "Service_HTTPS",
"layer4": "tcp",
"serverTLS": {
"bigip": "/Common/clientssl"
},
"profileTCP": {
"bigip": "/Common/tcp"
},
"redirect80": false,
"profileHTTP": {
"bigip": "/Common/http"
},
"virtualAddresses": [
"192.168.30.68"
],
"translateServerPort": true,
"translateServerAddress": true
}
}
}
}
This is still a problem. Also, data groups are not supported. Almost 1.5 years later, and no updates!
Two years later.... we keep bumping the version to support new releases of F5OS, but I still have to tell customers that this tool does not support MOST of their configurations unless they have a super super simple load balancer config. When will these components be supported? I write my own python code to perform this migration for my customers, but the manufacturer cant get it working? Cmon.