search

F5Networks / f5-appsvcs-extension

F5 BIG-IP Application Services 3 Extension
Apache License 2.0
163 stars 52 forks source link

RD 0 suffix is ignored in Tenant with non-0 defaultRouteDomain #829

Open adityoari opened 1 month ago

adityoari commented 1 month ago

Environment

Summary

In a Tenant with non-0 defaultRouteDomain, we append %0 to the virtualAddresses entry of the Service to expose that VS in RD0. The %0 seems to be ignored/stripped, as the resulting VS would still be created in the Tenant's default RD. When we append non-0 RD, the VS is correctly created with the intended RD.

Reproducibility: Always Severity/impact: Major

Steps To Reproduce

  1. Submit the following declaration: 
    
{
"class": "AS3",
"declaration": {
    "class": "ADC",
    "schemaVersion": "3.50.2",
    "label": "http",
    "remark": "A1 Template",
    "as3cm": {
        "class": "Tenant",
        "defaultRouteDomain": 1,
        "App1rd0": {
            "class": "Application",
            "template": "generic",
            "a1_80_vs": {
                "class": "Service_TCP",
                "remark": "app1 VS",
                "virtualAddresses": [
                  "10.104.0.20%0"
                ],
                "virtualPort": 80,
                "pool": "app1_pool"
            },
            "app1_pool": {
                "class": "Pool",
                "monitors": [
                    "http"
                ],
                "members": [
                    {
                        "servicePort": 8081,
                        "serverAddresses": []
                    }
                ]
            }
        },
        "App1rd2": {
            "class": "Application",
            "template": "generic",
            "a1_80_vs": {
                "class": "Service_TCP",
                "remark": "app1 VS",
                "virtualAddresses": [
                  "10.104.0.20%2"
                ],
                "virtualPort": 80,
                "pool": "app1_pool"
            },
            "app1_pool": {
                "class": "Pool",
                "monitors": [
                    "http"
                ],
                "members": [
                    {
                        "servicePort": 8081,
                        "serverAddresses": []
                    }
                ]
            }
        }
    }
}
}

2. Observe that Service with RD0 suffix is created in RD1, while Service with RD2 suffix is correctly created:

admin@(bip02)(cfg-sync Standalone)(Active)(/as3cm)(tmos)# li ltm virtual recursive destination ltm virtual App1rd0/a1_80_vs { destination 10.104.0.20%1:80 } ltm virtual App1rd2/a1_80_vs { destination 10.104.0.20%2:80 }


### Expected Behavior
RD0 suffix is honoured and correctly configured

### Actual Behavior
RD 0 suffix seems to be ignored/stripped, while non-0 suffix works fine.

The `/var/log/audit` file clearly shows that AS3 created the first VS with Tenant-default RD of 1, while the second VS was created correctly on RD2.
```bash
May  6 20:44:56 bip02.az.aditf5.com notice mcpd[5898]: 01070417:5: AUDIT - client tmsh, tmsh-pid-18687, user admin - transaction #4540094-7 - object 0 - create { virtual_server { virtual_server_name "/as3cm/App1rd0/a1_80_vs" virtual_server_contribute_to_va_status 1 virtual_server_auto_lasthop 0 virtual_server_conn_limit 0 virtual_server_description "app1 VS" virtual_server_va_name "/as3cm/10.104.0.20%1" virtual_server_port 80 virtual_server_enabled 1 virtual_server_ip_proto 6 virtual_server_lasthop_pool_name "" virtual_server_wildmask 255.255.255.255 virtual_server_sf_flags 0 virtual_server_nat64 0 virtual_server_default_pool "/as3cm/App1rd0/app1_pool" virtual_server_rate_limit 0 virtual_server_action_on_service_down 0 virtual_server_src_addr 0.0.0.0%1 virtual_server_source_address_translation_type 3 virtual_server_srcport 0 virtual_server_translate_addr 1 virtual_server_translate_port 1 virtual_server_listed_enabled_vlans 0 } } [Status=Command OK]
May  6 20:44:56 bip02.az.aditf5.com notice mcpd[5898]: 01070417:5: AUDIT - client tmsh, tmsh-pid-18687, user admin - transaction #4540094-24 - object 0 - create { virtual_server { virtual_server_name "/as3cm/App1rd2/a1_80_vs" virtual_server_contribute_to_va_status 1 virtual_server_auto_lasthop 0 virtual_server_conn_limit 0 virtual_server_description "app1 VS" virtual_server_va_name "/as3cm/10.104.0.20%2" virtual_server_port 80 virtual_server_enabled 1 virtual_server_ip_proto 6 virtual_server_lasthop_pool_name "" virtual_server_wildmask 255.255.255.255 virtual_server_sf_flags 0 virtual_server_nat64 0 virtual_server_default_pool "/as3cm/App1rd2/app1_pool" virtual_server_rate_limit 0 virtual_server_action_on_service_down 0 virtual_server_src_addr 0.0.0.0%2 virtual_server_source_address_translation_type 3 virtual_server_srcport 0 virtual_server_translate_addr 1 virtual_server_translate_port 1 virtual_server_listed_enabled_vlans 0 } } [Status=Command OK]
mdditt2000 commented 1 month ago

@adityoari I am assuming this because "10.104.0.20%0" would be default and therefore not apply the RD=0. I am assuming traffic is passing correct?

mdditt2000 commented 1 month ago

Assigned AUTOTOOL-4354 to me added to current sprint.

mdditt2000 commented 1 month ago

functional as normal. Closing issue

adityoari commented 4 weeks ago

@mdditt2000 no the traffic did not pass at all, since the VS is supposed to be in RD0. With this bug, AS3 created it in the Partition's default (non-0) and the resulting VS does not have connectivity to the outside/client-side network.

mdditt2000 commented 4 weeks ago

@adityoari understand. Please reach out to me at automation_toolchain_pm@f5.com to prioritize

mdditt2000 commented 2 weeks ago

@adityoari validating in the current Sprint. Standby for eval. Its possible AS3 is working as designed.

mdditt2000 commented 1 week ago

AS3 3.52.0 build 2 is now available - Please reach out for early build. Issue resolved