Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TCP profile Ingress and Egress #89

Closed
BarryHaines opened this issue Jun 24, 2022 · 4 comments
Closed

TCP profile Ingress and Egress #89

BarryHaines opened this issue Jun 24, 2022 · 4 comments
Assignees
@mdditt2000
Labels
bug Something isn't working

Comments

@BarryHaines
Copy link

Environment

  • ACC Version: Latest
  • AS3 Version: 3.35.0
  • BIG-IP Version: 16.1.0 and 14.1.4.6

Summary

When converting a virtual server that has a separate clientside/serverside tcp profile the AS3 conversion only has the egress configuration and this fails to deploy to the BIG-IP because the ingress tcp profile is required but doesn't exist in the AS3 configuration.

Steps To Reproduce

Just create virtual server with 2 separate TCP profiles for the clientside and serverside, then use ACC docker image to convert the configuration and notice that only the serverside profile is converted.

Expected Behavior

Expecting to have the following output for the tcp profiles:

"profileTCP": {
"ingress": {
"bigip": "/Common/f5-tcp-wan"
},
"egress": {
"bigip": "/Common/tcp"
}
},

Actual Behavior

AS3 Output:
"vs_as3tcp-test-443": {
"layer4": "tcp",
"pool": "pl_as3mig_443",
"translateServerAddress": true,
"translateServerPort": true,
"class": "Service_TCP",
"profileTCP": { #Missing ingress profile
"egress": {
"bigip": "/Common/tcp"
}
},
"virtualAddresses": [
"10.1.0.51"
],
"virtualPort": 443,
"persistenceMethods": [],
"snat": "auto"
},

TMOS configuration output:
ltm virtual vs_as3tcp-test-443 {
destination 10.1.0.51:https
ip-protocol tcp
mask 255.255.255.255
pool pl_as3mig_443
profiles {
f5-tcp-wan { #This profile doesn't get converted
context clientside
}
tcp {
context serverside
}
}
serverssl-use-sni disabled
source 0.0.0.0/0
source-address-translation {
type automap
}
translate-address enabled
translate-port enabled
vs-index 32
}
@BarryHaines BarryHaines added the bug Something isn't working label Jun 24, 2022
@mdditt2000 mdditt2000 self-assigned this Jun 24, 2022
@mdditt2000
Copy link

@BarryHaines looking to this issue. Here is my contact if you need to send me any additional information automation_toolchain_pm@f5.com

@mdditt2000
Copy link

@BarryHaines can you email me your qkview or bigip.conf. TMOS configuration above is break ACC using Docker/VScode. I file Jira CHARON-692

@mdditt2000
Copy link

@BarryHaines thanks for the configuration

I validated the configuration using your UCS file and i do see the correct TCP policy

"profileTCP": {
                    "ingress": {
                        "bigip": "/Common/f5-tcp-wan"
                    },
                    "egress": {
                        "bigip": "/Common/tcp"
                    }
                },

I will send you the converted file.

@mdditt2000
Copy link

Current version of ACC 1.21 works as expected. Closing issue. Thanks @BarryHaines please continue to open issue!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mdditt2000 mdditt2000

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mdditt2000 @BarryHaines