AS3 does not allow 2 VIPs in different partitions even if ports are different

[thepowercoders]

          I also have this issue but I believe it was closed incorrectly. If I add a VIP to a partition and then add another VIP to a different partition with the same IP address but a different port, the GUI and TMSH allows me to do this. However, with AS3, the API errors.

Example:

I have added 3 VIPS - one to the Common partition, and 1 each to "test1" and "test2" partitions. The IP address is the same, but the port is unique - this is added with no problems and tests fine.

However, if I try and run an AS3 declaration with the same config, I get the following error:

 Error: posting as3 config failed for tenants:(dccdm-eit) with error: Tenant Creation failed with Response: [
       {
               "code": 422,
               "host": "localhost",
               "response": "0107176c:3: Invalid Virtual Address, the IP address 192.168.1.1 already exists.",
               "runTime": 22895,
               "tenant": "test1"
       }
 ]

The logic here should be that a VIP cannot be added if another partition has the same IP+Port, but if either is different, it should be allowed.

Originally posted by @thepowercoders in https://github.com/F5Networks/f5-appsvcs-extension/issues/186#issuecomment-1641126575

[ghalevy]

AS3 team - any traction on this? We are running into the same issue.

[RobCupples]

Attention: @mdditt2000, @sunitharonan

[thepowercoders]

@ghalevy - I've been doing some testing here and actually there is a way of getting this to work in AS3. The issue is similar to the way AS3 works with pools and nodes. There is no actual AS3 class for a node - when you add a pool you define the node addresses in the pool class and an option "shareNodes" allows you to reuse the same node in different partitions (basically by sticking the node into /Common). I was thinking - when you add a virtual server, you also add a virtual address resource (which again doesn't have a specific class in AS3) - so I guessed maybe it works the same way.... and it does!

There is an AS3 property in the Service class "shareAddresses" which does the same thing... It indicates whether virtualAddresses should be added to or checked for in /Common instead of the tenant.

Example AS3 below adding a VIP into 2 different partitions/tenants using the same IP:

{
    "class": "AS3",
    "action": "deploy",
    "persist": true,
    "declaration": {
        "class": "ADC",
        "schemaVersion": "3.45.0",
        "test1": {
            "class": "Tenant",
            "test1": {
                "class": "Application",
                "vip1": {
                    "class": "Service_HTTP",
                    "virtualAddresses": [
                        "192.168.1.1"
                        ],
                    "virtualPort": 80,
                    "shareAddresses": true
                }
            }
        },
        "test2": {
            "class": "Tenant",
            "test2": {
                "class": "Application",
                "vip2": {
                    "class": "Service_HTTP",
                    "virtualAddresses": [
                        "192.168.1.1"
                        ],
                    "virtualPort": 443,
                    "shareAddresses": true
                }
            }
        }
    }
}

This worked with the result:

[ghalevy]

Looks promising, good find @thepowercoders - I will try this out tomorrow and report back 👍

[megamattzilla]

The shareNodes: true workaround is working for Gilad and myself.

@thepowercoders and @RobCupples Could we reopen this and request a documentation update for this behavior and/or prevent this from happening in AS3?