Mikej81
commented
3 years ago The CIDR is setting the CIDR for the internal Azure VNET, set it to the private IP space only.
Your Public IP's will be distributed by Azure to the PIPs. This template only has ALB on the public side, so if you are using express route, you would need to deploy as is, then replace the ALB with an ILB and set the IPs based on the express route configuration.
For reference: Those lines of code are passing the values to the Declarative Onboarding Templates.
I have a customer that would like to use the three tier architecture. The external IPs will be public routable IP address space while everything after the first tier of BIG IPs will be private IP address space.
If I change var.cidr to a tuple ["10.0.1.0/24", "172.16.0.0/24"], the F5 configuration code in three_tier\firewall\bigip.tf lines 402/409 and three_tier\waf\bigip.tf lines 363/390 can't handle a tuple value and require a string.
I'm not fully versed on what those configuration items are doing.