cancel
Showing results for 
Search instead for 
Did you mean: 

Using shared object with BigIP

Ed_Martens
Altocumulus
Altocumulus

Hi,
Just a "stupid" question:

Is there a reason  NOT to use Shared object address list's with a VS?

In contrast  using  multiple VS configurations (when only destination address is the difference).

 

Like to hear you thoughts

1 ACCEPTED SOLUTION

Please lookup your /config/bigip_base.conf for the ACL related configuration objects.

The shared objects concept may significantly reduce the number of configuration objects, i.e. mixing IPv4/IPv6 source/destination addresse in lists. Same story for destination ports.

View solution in original post

7 REPLIES 7

When using shared objects some ACL mechanisms are applied in the background.

In the past I saw some issues there (especially in the context of route domains), which seem to be fixed in the current TMOS v15.1.5.1.

Hi Stephan,
Thanks for the response. This is the same version we are running at the moment 😉

Please lookup your /config/bigip_base.conf for the ACL related configuration objects.

The shared objects concept may significantly reduce the number of configuration objects, i.e. mixing IPv4/IPv6 source/destination addresse in lists. Same story for destination ports.

The mix of IPv4/IPv6 is exactly why I want to use it.
Butissues will also be there , no matter what solution you will implement.
My biggest "concern" is making 2 VS (1 IPv4 and 1 IPv6) is that you need to do every config change twice. Which is a potential problem, as somebody making changes to only one VS.


By the ACL in the config file you mean "security firewall address-list"  As they must be/should be the same as the configured lists?

Doesn't seem this is quite sorted yet? @Ed_Martens - have you come to any new understandings here? or is this still a potential problem?

I'd be happy to get some Eng's to take a look here if what @StephanManthey said isn't 'the final word'.

------
Lief ZimmermanLiefZimmerman | @LiefZF5 | DevCentral Community Manager

Hi,
It is not a problem,

But he answer is in the line of my own thoughts.
I'll "Accept the Solution"

It is pitty, shared objects for us is not working.
We have a VS which configures the F5 a transparant proxy, VS with destination address 0.0.0.0/0 and port 443.
So we are running against https://support.f5.com/csp/article/K47569205
Pitty