search

F5Networks / f5-appsvcs-extension

F5 BIG-IP Application Services 3 Extension
Apache License 2.0
165 stars 53 forks source link

Enable Net_Address_List for virtualAddresses for Service_* Objects #655

Open nino-reger opened 1 year ago

nino-reger commented 1 year ago

Is your feature request related to a problem? Please describe.

When adding several virtualAddresses to e.g. an Service_HTTPS Object in AS3 several Virtual Servers are created. This is very unhandy and unnecessary overhead.

Describe the solution you'd like

Via Gui it is possible to apply an Address List to a Virtual Server. This should be possible via AS3 too.

I think adding an Address List to the Virtual Server should be the default if several virtualAddresses are applied to a Service_* Object.

Describe alternatives you've considered

At least it should be possible to apply an Address List.

nino-reger commented 1 year ago

Also requested in #269

tizianorosato-gr commented 1 year ago

I'm also interested on this feature

rduchez commented 1 year ago

+1 - please implement shared objects in AS3 declarations - for use in source addresses and destinations

ppieprzycki commented 3 months ago

Also interested in using net address-list in order to configure multiple ip addresses (IPv4/IPv6) in Service_* objects.

Can someone clarify what is the current state of it ? Based on issues seems ot be not implemented but documentation states Address_List can be pointed in virtualAddress

In AS3 docs I can see two definitions to create such a address list https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/schema-reference.html#net-address-list https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/schema-reference.html#firewall-address-list

Additionally Service_HTTPS for virtualAddress has in description virtualAddresses (array | Pointer_Address_List | reference)

"Accepts either an array or a reference to an Address_List which contains destination addresses to which this virtual will listen. " [...] "IP address in the provided array can also be replaced by a reference to a Service_Address. A reference to an Address_List is only supported on BIG-IP 14.1 and later. If an Address_List is provided, BIG-IP AS3 will create a traffic-matching-criteria for the virtual."

Update: I've tried create Network Address List and attach it to the Service_HTTPS but without success.

`json "ADDRLIST_${LB_NAME}": { "class": "Net_Address_List", "addresses": [ "10.1.1.1", "2aaa:aaaa:bbbb:1000:1::1" ] },

                 "virtualAddresses": { "use": "ADDRLIST_${LB_NAME}" },

`

Got following error

json "response": "01b90010:3: Virtual Server /tenant1/APP_inttest1/SRV_inttest1-Redirect-'s Traffic Matching Criteria /tenant1/APP_inttest1/SRV_inttest1-Redirect-_VS_TMC_OBJ illegally shares destination address, source address, service port, and ip-protocol with Virtual Server /tenant1/APP_inttest1/SRV_inttest1's Traffic Matching Criteria /tenant1/APP_inttest1/SRV_inttest1_VS_TMC_OBJ."

If I disable redirect80 in the Service_HTTPS virtual then I got another error

"response": "0107028f:3: The destination (::) address and mask (0.0.0.0) for virtual server (/tenant1/APP_inttest1/SRV_inttest1) must be be the same type (IPv4 or IPv6).",