For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

epaalx's avatar
epaalx
Icon for Cirrus rankCirrus
Sep 13, 2017

What determines unique valid VS?

Would it be correct to say that a unique VS is defined by the tuple {destination,source,vlans,ip-protocol} (of TMSH's "/ltm virtual" attributes)? That is, as long as one of these elements of the tuple is different, a VS is considered different to another VS and is allowed.

 

So, I can defined two VSs - one having {destination='X',source='10.0.0.0/24',vlans='Y',ip-protocol='Z'} and other {destination='X',source='11.0.0.0/24',vlans='Y',ip-protocol='Z'} (assuming 'X'..'Z' are valid values) then BIG-IP should accept these as different VSs - correct?

 

(If above is correct) two questions:

 

  1. what if I specify "source" address of a VS that overlaps the "source" of existing VS - does BIG-IP validate for this at configuration?
  2. why does the error "01070333:3: virtual server illegally shares destination address, source address, and service port with virtual server " not mention "vlans" attribute?
application delivery
LTM

1 Reply

  • amintej's avatar
    amintej
    Icon for Cirrus rankCirrus
    Sep 13, 2017

    Hello,

    What BIG IP version do you have ? I got the error with vlan attribute: 

     01070333:3: Virtual Server /Common/VS-3 illegally shares destination address, source address, service port, ip-protocol, and vlan with Virtual Server /Common/VS-2.

    I tested with 12.1.2 HF 0.93.249.

    Source address is address or network from which Big-IP accepts traffic for this VS, so I think you can overlap many times but the rest of combination for the VS: VLAN:Destination:Port must be different.