"F5 Connects NetOps/SecOps and DevOps" - - "5" Application Services 3 Extension

Posted by mickfitz on Mon, 07 Oct 2019 12:26:09 +0200

This paper mainly introduces the use of the third declarative component, Application Services 3 Extension (hereinafter referred to as AS3).

AS3 provides a declarative way to configure the L4-L7 configuration of F5 BIGIP, including the configuration of LTM, DNS, AFM, ASM and other modules. It supports the configuration of multi-tenant and multi-route-domain.

Contains but is not limited to the following configurations:

- L3/L4: VIP. Pool SNAT Monitors, Profiles, etc.
- HTTP/HTTPS ADC
- L4 Firewall Policy Support (AFM Policy attachment)
- HTTP/HTTPS L7 Security
- ASM/APM policy attachment
- Traffic Profiles (Endpoint Policy attachment / construction)
- iRules
- SSL/TLS
- Methods for loading policies and iRules: base64 & URL
...

At present, AS3, like DO, supports RPM packages installed on f5, and also supports using an AS3 docker container to proxy the interaction of these API s. Of course, it also supports distributing these AS3 json files to each BIGIP through BIGIQ to facilitate centralized management and help users better implement SuperNetOps.

Of course, the use of AS3, like DO, also requires some preparatory conditions:

  1. Version v12.1 or more must be used
  2. Accounts that interact with API must have administrator role authority.

A simple AS3 case is as follows:

{
"class": "AS3",
"action": "deploy",
"targetHost": "192.0.2.76",
"targetUsername": "admin",
"targetPassphrase": "admin",
"declaration": {
    "class": "ADC",
    "schemaVersion": "3.0.0",
    "id": "container",
    "label": "Sample 1 in a container",
    "remark": "Simple HTTP application with RR pool",
    "Sample_container": {
        "class": "Tenant",
        "A1": {
            "class": "Application",
            "template": "http",
            "serviceMain": {
            "class": "Service_HTTP",
            "virtualAddresses": [
                "10.0.1.10"
            ],
            "pool": "web_pool"
            },
            "web_pool": {
            "class": "Pool",
                "monitors": [
                    "http"
                ],
            "members": [{
                "servicePort": 80,
                "serverAddresses": [
                    "192.0.1.10",
                    "192.0.1.11"
                ]
            }]
            }
        }
    }
}
}

Then you put this JSON file, POST to https://[BIGIP-IP]:PORT/mgmt/shared/appsvcs/declare.

For more details, please refer to https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/

Topics: JSON DNS firewall SSL

Hot Topics

©2024 Programmer Think