search

F5Networks / f5-appsvcs-extension

F5 BIG-IP Application Services 3 Extension
Apache License 2.0
164 stars 53 forks source link

AS3 incorrectly complains about duplicate IP when virtualAdddresses reference existing virtual-address in Common #753

Open adityoari opened 1 year ago

adityoari commented 1 year ago

Environment

Summary

When posting declaration with 2 Service_TCP objects where each service is referencing separate existing virtual-address objects in /Common/Shared folder, AS3 incorrectly thinks that the 2 Services share the same IP and rejects the declaration,

Steps To Reproduce

Steps to reproduce the behavior:

  1. Manually configure virtual-address objects in /Common/Shared folder in BIG-IP 
    
ltm virtual-address Common/Shared/service_address_10_0_1_7 {
address 10.0.1.7%1
auto-delete false
inherited-traffic-group true
mask 255.255.255.255
route-advertisement any
traffic-group Common/traffic-group-1
}
ltm virtual-address Common/Shared/service_address_10_0_1_22 {
address 10.0.1.22%1
auto-delete false
inherited-traffic-group true
mask 255.255.255.255
route-advertisement any
traffic-group Common/traffic-group-1
}

2. Submit the following declaration:
```json
{
  "class": "AS3",
  "declaration": {
    "AS3tenant": {
      "Shared": {
        "class": "Application",
        "example_22_VS": {
          "class": "Service_TCP",
          "profileTCP": {
            "bigip": "/Common/f5-tcp-progressive"
          },
          "virtualAddresses": [
            {
              "bigip": "/Common/Shared/service_address_10_0_1_22"
            }
          ],
          "virtualPort": 80
        },
        "example_7_VS": {
          "class": "Service_TCP",
          "pool": "example_POOL",
          "profileTCP": {
            "bigip": "/Common/f5-tcp-progressive"
          },
          "virtualAddresses": [
            {
              "bigip": "/Common/Shared/service_address_10_0_1_7"
            }
          ],
          "virtualPort": 80
        },
        "example_POOL": {
          "class": "Pool",
          "members": [
            {
              "serverAddresses": [
                "10.128.2.7",
                "10.131.0.30"
              ],
              "servicePort": 8082,
              "shareNodes": true
            }
          ]
        },
        "template": "shared"
      },
      "class": "Tenant",
      "defaultRouteDomain": 1
    },
    "class": "ADC",
    "label": "Manual AS3 Declaration",
    "remark": "Manually modified version of CIS",
    "schemaVersion": "3.45.0"
  }
}
  1. Observe the following error response: 
    {
"results": [
{
  "code": 422,
  "message": "declaration failed",
  "response": "01070333:3: Virtual Server /AS3tenant/Shared/example_22_VS illegally shares destination address, source address, service port, ip-protocol, and vlan with Virtual Server /AS3tenant/Shared/example_7_VS.",
  "host": "localhost",
  "tenant": "AS3tenant",
  "runTime": 1190
}
]
}

Expected Behavior

AS3 accepts the declaration and configure the 2 Virtual Server objects with different, pre-existing virtual-address as the destination IP.

Actual Behavior

AS3 rejects the declaration citing duplicate VS IP, although the declaration clearly references different virtual-address objects in /Common/Shared, and the virtual-address objects clearly have different address.

dstokesf5 commented 8 months ago

Thank you for your feedback. I have confirmed your issue and I have added it to our internal product backlog as AUTOTOOL-4001.

I noticed your virtual address objects are in /Common/Shared. If those objects are being managed by AS3, then I recommend referencing them with the use keyword instead of the bigip keyword. I was able to work around the issue by using the use keyword.

sunitharonan commented 7 months ago

Please reach out to us at automation_toolchain_pm@f5.com in order to prioritize this issue. Thanks.