Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Local Traffic Policies in an iApp

To assign a local traffic policy to a virtual server you have to disable strictness which we do not want to do. Has anyone created an iApp template that would give you the ability to select policies while building the application services?

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I had to fiddle around with a copy of the iApp to get it working.

I think you were missing a close curly bracket in your multichoice in the presentation section.

I did this with the f5.http template, but it should be similar for any iApp (profiles assignment has to come first if your traffic policy requires any profiles added by the iApp):

###virtual server array in implementation
array set vs_arr {
        1,1 { [iapp::conf create ltm virtual ${app}_vs \
            destination [iapp::destination $::pool__addr $::pool__port_secure] \
            mask $mask \
            $vs_params \
            ip-protocol tcp \
            mirror $mirror_action \
            profiles replace-all-with \{ $vs_profiles \} \
            policies replace-all-with \{ $::policies__policies\}] \            
            \
            [iapp::conf create ltm virtual ${app}_redir_vs \
            destination [iapp::destination $::pool__addr [expr {[info exists \
            ::pool__redirect_port] ? $::pool__redirect_port : 80}]] \
            mask $mask \
            $redir_vs_params \
            ip-protocol tcp \
            mirror $mirror_action \
            profiles replace-all-with \{ $tcp_profiles http \} \
            rules \{ [iapp::substa redirect_irule($::pool__port_secure)] \}]}
        1,0 { [iapp::conf create ltm virtual ${app}_vs \
            destination [iapp::destination $::pool__addr $::pool__port_secure] \
            mask $mask \
            $vs_params \
            ip-protocol tcp \
            mirror $mirror_action \
            profiles replace-all-with \{ $vs_profiles \} \
            policies replace-all-with \{ $::policies__policies\}] \ }
        *   { [iapp::conf create ltm virtual ${app}_vs \
            destination [iapp::destination $::pool__addr $::pool__port] \
            mask $mask \
            $vs_params \
            ip-protocol tcp \
            mirror $mirror_action \
            profiles replace-all-with \{ $vs_profiles \} \
            policies replace-all-with \{ $::policies__policies\}] \ }
    }

    ###policies section in presentation
    section policies {
    multichoice policies
        tcl {
        set objs [tmsh::get_config ltm policy]
        foreach obj $objs {
            append results [tmsh::get_name $obj]
            append results "\n"
        }
        return $results
    }
}

###questions for policy section in presentation
policies "Local Traffic Policies"
policies.policies "Select the Local Traffic Policies you like to attach to the BIG- IP Virtual Server:"
1
Comments on this Answer
Comment made 24-Feb-2014 by Ed Carpon 13
This worked. Thanks for the help!
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I believe an example of this is in the MS Outlook iApp. Probably fairly trivial to steal it from there and insert it into the iApp of your choice.

0
Comments on this Answer
Comment made 14-Feb-2014 by Ed Carpon 13
I did not see this in any of the outlook iApps. Which one are you referencing specifically?
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi Ed,

I don't think than any iApps have the option for applying an arbitrary traffic policy.

We are currently working on adding AFM firewall policy functionality to iApps. Some iApps, such as f5.http and its derivatives, also allow you to create and attach an ASM policy.

What does your policy do?

thanks

Mike

0
Comments on this Answer
Comment made 14-Feb-2014 by Ed Carpon 13
We are attempting to create an iApp that lets us select local traffic policies that are created and apply them to the virtual server in the iApp. The presentation piece below works for displaying the options, i just cannot get the implementation piece to work. section policies { multichoice policies tcl { set objs [tmsh::get_config ltm policy] foreach obj $objs { append results [tmsh::get_name $obj] append results "\n" } return $results }
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

You'll need to find the section in the iApp implementation section where the virtual server is created ("create ltm virtual ..."), then use the policies parameter to attach your policies.

"create ltm virtual app_name/app_vs policies $::policies__policies"

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Ed, for some reason your last post here got lost, although I did get it in my email.

I think this might work:

array set vs_arr {
        1,1 { [iapp::conf create ltm virtual ${app}_vs \
            destination [iapp::destination $::pool__addr $::pool__port_secure] \
            mask $mask \
            $vs_params \
            ip-protocol tcp \
            mirror $mirror_action \
            policies replace-all-with \{ $::policies__policies\}] \
            profiles replace-all-with \{ $vs_profiles \}] \
            \
            [iapp::conf create ltm virtual ${app}_redir_vs \
            destination [iapp::destination $::pool__addr [expr {[info exists \
            ::pool__redirect_port] ? $::pool__redirect_port : 80}]] \
            mask $mask \
            $redir_vs_params \
            ip-protocol tcp \
            mirror $mirror_action \
            profiles replace-all-with \{ $redir_vs_profiles \} \
            rules \{ [iapp::substa redirect_irule($::pool__port_secure)] \}]}
        1,0 { [iapp::conf create ltm virtual ${app}_vs \
            destination [iapp::destination $::pool__addr $::pool__port_secure] \
            mask $mask \
            $vs_params \
            ip-protocol tcp \
            mirror $mirror_action \
            policies replace-all-with \{ $::policies__policies\}] \
            profiles replace-all-with \{ $vs_profiles \}] }
        *   { [iapp::conf create ltm virtual ${app}_vs \
            destination [iapp::destination $::pool__addr $::pool__port] \
            mask $mask \
            $vs_params \
            ip-protocol tcp \
            mirror $mirror_action \
            policies replace-all-with \{ $::policies__policies\}] \
            profiles replace-all-with \{ $vs_profiles \}] }
    }
0
Comments on this Answer
Comment made 17-Feb-2014 by Ed Carpon 13
I tried replacing this array set with the one in the HTTP profile. I got a couple different errors. First, 01070309:3: Cookie persistence requires an HTTP or FastHTTP profile to be associated with the virtual server If I turn off persistence i get another error. I selected a http profile also. 010716d9:3: Virtual server /Common/Test.app/Test2_vs requires a profile of type http for ltm policy /Common/ed_test.
0
Comment made 18-Feb-2014 by mikeshimkus
I wouldn't replace the entire array. You should just insert the "policies replace-all-with \{ $::policies__policies\}] \" parameter.
0
Comment made 21-Feb-2014 by Ed Carpon 13
I tried to do that, still having the same errors.
0