Forum Discussion
Ed_Martens
Cirrus
CirrusUsing shared object with BigIP
Hi, Just a "stupid" question: Is there a reason NOT to use Shared object address list's with a VS? In contrast using multiple VS configurations (when only destination address is the difference)...
Please lookup your /config/bigip_base.conf for the ACL related configuration objects.
The shared objects concept may significantly reduce the number of configuration objects, i.e. mixing IPv4/IPv6 source/destination addresse in lists. Same story for destination ports.
When using shared objects some ACL mechanisms are applied in the background.
In the past I saw some issues there (especially in the context of route domains), which seem to be fixed in the current TMOS v15.1.5.1.
Ed_MartensCirrus
CirrusHi Stephan,
Thanks for the response. This is the same version we are running at the moment 😉
Please lookup your /config/bigip_base.conf for the ACL related configuration objects.
The shared objects concept may significantly reduce the number of configuration objects, i.e. mixing IPv4/IPv6 source/destination addresse in lists. Same story for destination ports.
- Ed_Martens
The mix of IPv4/IPv6 is exactly why I want to use it.
Butissues will also be there , no matter what solution you will implement.
My biggest "concern" is making 2 VS (1 IPv4 and 1 IPv6) is that you need to do every config change twice. Which is a potential problem, as somebody making changes to only one VS.
By the ACL in the config file you mean "security firewall address-list" As they must be/should be the same as the configured lists?- LiefZimmerman
Admin
Doesn't seem this is quite sorted yet? Ed_Martens - have you come to any new understandings here? or is this still a potential problem?
I'd be happy to get some Eng's to take a look here if what StephanManthey said isn't 'the final word'.
