Forum Discussion

Ed_Carpon_13196's avatar
Ed_Carpon_13196
Icon for Nimbostratus rankNimbostratus
Feb 14, 2014

Local Traffic Policies in an iApp

To assign a local traffic policy to a virtual server you have to disable strictness which we do not want to do. Has anyone created an iApp template that would give you the ability to select policies while building the application services?

 

  • I had to fiddle around with a copy of the iApp to get it working.

    I think you were missing a close curly bracket in your multichoice in the presentation section.

    I did this with the f5.http template, but it should be similar for any iApp (profiles assignment has to come first if your traffic policy requires any profiles added by the iApp):

    virtual server array in implementation
    array set vs_arr {
            1,1 { [iapp::conf create ltm virtual ${app}_vs \
                destination [iapp::destination $::pool__addr $::pool__port_secure] \
                mask $mask \
                $vs_params \
                ip-protocol tcp \
                mirror $mirror_action \
                profiles replace-all-with \{ $vs_profiles \} \
                policies replace-all-with \{ $::policies__policies\}] \            
                \
                [iapp::conf create ltm virtual ${app}_redir_vs \
                destination [iapp::destination $::pool__addr [expr {[info exists \
                ::pool__redirect_port] ? $::pool__redirect_port : 80}]] \
                mask $mask \
                $redir_vs_params \
                ip-protocol tcp \
                mirror $mirror_action \
                profiles replace-all-with \{ $tcp_profiles http \} \
                rules \{ [iapp::substa redirect_irule($::pool__port_secure)] \}]}
            1,0 { [iapp::conf create ltm virtual ${app}_vs \
                destination [iapp::destination $::pool__addr $::pool__port_secure] \
                mask $mask \
                $vs_params \
                ip-protocol tcp \
                mirror $mirror_action \
                profiles replace-all-with \{ $vs_profiles \} \
                policies replace-all-with \{ $::policies__policies\}] \ }
            *   { [iapp::conf create ltm virtual ${app}_vs \
                destination [iapp::destination $::pool__addr $::pool__port] \
                mask $mask \
                $vs_params \
                ip-protocol tcp \
                mirror $mirror_action \
                profiles replace-all-with \{ $vs_profiles \} \
                policies replace-all-with \{ $::policies__policies\}] \ }
        }
    
        policies section in presentation
        section policies {
        multichoice policies
            tcl {
            set objs [tmsh::get_config ltm policy]
            foreach obj $objs {
                append results [tmsh::get_name $obj]
                append results "\n"
            }
            return $results
        }
    }
    
    questions for policy section in presentation
    policies "Local Traffic Policies"
    policies.policies "Select the Local Traffic Policies you like to attach to the BIG- IP Virtual Server:"
    
  • I believe an example of this is in the MS Outlook iApp. Probably fairly trivial to steal it from there and insert it into the iApp of your choice.

     

  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account

    Hi Ed,

     

    I don't think than any iApps have the option for applying an arbitrary traffic policy.

     

    We are currently working on adding AFM firewall policy functionality to iApps. Some iApps, such as f5.http and its derivatives, also allow you to create and attach an ASM policy.

     

    What does your policy do?

     

    thanks

     

    Mike

     

    • Ed_Carpon_13196's avatar
      Ed_Carpon_13196
      Icon for Nimbostratus rankNimbostratus
      We are attempting to create an iApp that lets us select local traffic policies that are created and apply them to the virtual server in the iApp. The presentation piece below works for displaying the options, i just cannot get the implementation piece to work. section policies { multichoice policies tcl { set objs [tmsh::get_config ltm policy] foreach obj $objs { append results [tmsh::get_name $obj] append results "\n" } return $results }
  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account

    You'll need to find the section in the iApp implementation section where the virtual server is created ("create ltm virtual ..."), then use the policies parameter to attach your policies.

     

    "create ltm virtual app_name/app_vs policies $::policies__policies"

     

  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account

    Ed, for some reason your last post here got lost, although I did get it in my email.

    I think this might work:

    array set vs_arr {
            1,1 { [iapp::conf create ltm virtual ${app}_vs \
                destination [iapp::destination $::pool__addr $::pool__port_secure] \
                mask $mask \
                $vs_params \
                ip-protocol tcp \
                mirror $mirror_action \
                policies replace-all-with \{ $::policies__policies\}] \
                profiles replace-all-with \{ $vs_profiles \}] \
                \
                [iapp::conf create ltm virtual ${app}_redir_vs \
                destination [iapp::destination $::pool__addr [expr {[info exists \
                ::pool__redirect_port] ? $::pool__redirect_port : 80}]] \
                mask $mask \
                $redir_vs_params \
                ip-protocol tcp \
                mirror $mirror_action \
                profiles replace-all-with \{ $redir_vs_profiles \} \
                rules \{ [iapp::substa redirect_irule($::pool__port_secure)] \}]}
            1,0 { [iapp::conf create ltm virtual ${app}_vs \
                destination [iapp::destination $::pool__addr $::pool__port_secure] \
                mask $mask \
                $vs_params \
                ip-protocol tcp \
                mirror $mirror_action \
                policies replace-all-with \{ $::policies__policies\}] \
                profiles replace-all-with \{ $vs_profiles \}] }
            *   { [iapp::conf create ltm virtual ${app}_vs \
                destination [iapp::destination $::pool__addr $::pool__port] \
                mask $mask \
                $vs_params \
                ip-protocol tcp \
                mirror $mirror_action \
                policies replace-all-with \{ $::policies__policies\}] \
                profiles replace-all-with \{ $vs_profiles \}] }
        }
    
    • Ed_Carpon_13196's avatar
      Ed_Carpon_13196
      Icon for Nimbostratus rankNimbostratus
      I tried replacing this array set with the one in the HTTP profile. I got a couple different errors. First, 01070309:3: Cookie persistence requires an HTTP or FastHTTP profile to be associated with the virtual server If I turn off persistence i get another error. I selected a http profile also. 010716d9:3: Virtual server /Common/Test.app/Test2_vs requires a profile of type http for ltm policy /Common/ed_test.
    • mikeshimkus_111's avatar
      mikeshimkus_111
      Historic F5 Account
      I wouldn't replace the entire array. You should just insert the "policies replace-all-with \{ $::policies__policies\}] \" parameter.
  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account

    I had to fiddle around with a copy of the iApp to get it working.

    I think you were missing a close curly bracket in your multichoice in the presentation section.

    I did this with the f5.http template, but it should be similar for any iApp (profiles assignment has to come first if your traffic policy requires any profiles added by the iApp):

    virtual server array in implementation
    array set vs_arr {
            1,1 { [iapp::conf create ltm virtual ${app}_vs \
                destination [iapp::destination $::pool__addr $::pool__port_secure] \
                mask $mask \
                $vs_params \
                ip-protocol tcp \
                mirror $mirror_action \
                profiles replace-all-with \{ $vs_profiles \} \
                policies replace-all-with \{ $::policies__policies\}] \            
                \
                [iapp::conf create ltm virtual ${app}_redir_vs \
                destination [iapp::destination $::pool__addr [expr {[info exists \
                ::pool__redirect_port] ? $::pool__redirect_port : 80}]] \
                mask $mask \
                $redir_vs_params \
                ip-protocol tcp \
                mirror $mirror_action \
                profiles replace-all-with \{ $tcp_profiles http \} \
                rules \{ [iapp::substa redirect_irule($::pool__port_secure)] \}]}
            1,0 { [iapp::conf create ltm virtual ${app}_vs \
                destination [iapp::destination $::pool__addr $::pool__port_secure] \
                mask $mask \
                $vs_params \
                ip-protocol tcp \
                mirror $mirror_action \
                profiles replace-all-with \{ $vs_profiles \} \
                policies replace-all-with \{ $::policies__policies\}] \ }
            *   { [iapp::conf create ltm virtual ${app}_vs \
                destination [iapp::destination $::pool__addr $::pool__port] \
                mask $mask \
                $vs_params \
                ip-protocol tcp \
                mirror $mirror_action \
                profiles replace-all-with \{ $vs_profiles \} \
                policies replace-all-with \{ $::policies__policies\}] \ }
        }
    
        policies section in presentation
        section policies {
        multichoice policies
            tcl {
            set objs [tmsh::get_config ltm policy]
            foreach obj $objs {
                append results [tmsh::get_name $obj]
                append results "\n"
            }
            return $results
        }
    }
    
    questions for policy section in presentation
    policies "Local Traffic Policies"
    policies.policies "Select the Local Traffic Policies you like to attach to the BIG- IP Virtual Server:"