Appendix B: Additional Example Declarations

This section contains a number of additional example declarations you can use. The numbering of these examples continues from the Examples section.

Example 5: HTTP with no compression, BIG-IP tcp profile, iRule for pool

In example 5, we create separate internal and external pools, and use an iRule to direct traffic based on the IP address of the client. This example creates the following objects on the BIG-IP:

  • Partition (tenant) named Sample_05.
  • Virtual server (HTTP) named serviceMain (called _A1 in the BIG-IP GUI).
  • A TCP profile using the mptcp-mobile-optimized parent. This bigip keyword exists in the TCP profile section schema and tells the system to look for the pathname of an existing TCP profile.
  • Two pools named dfl_pool and pvt_pool, each with 2 members monitored by the default HTTP health monitor.
  • An iRule which sends internal users to a private pool based on their IP address.
{
    "class": "AS3",
    "action": "deploy",
    "persist": true,
    "declaration": {
            "class": "ADC",
            "schemaVersion": "3.0.0",
            "id": "urn:uuid:a858e55e-bbe6-42ce-a9b9-0f4ab33e3bf7",
            "label": "Sample 5",
            "remark": "HTTP with no compression, BIG-IP tcp profile, iRule for pool",
            "constants": {
                    "myNotes": "F5 suggested I timestamp declarations, so...",
                    "timestamp": "2017-11-27T18:26:45Z",
                    "anotherProperty": "And I can put anything I want here...",
                    "someUsefulNumber": 3.14159265
            },
            "Sample_05": {
                    "class": "Tenant",
                    "A1": {
                            "class": "Application",
                            "template": "http",
                            "serviceMain": {
                                    "class": "Service_HTTP",
                                    "virtualAddresses": [
                                            "10.0.3.10"
                                    ],
                                    "pool": "dfl_pool",
                                    "profileHTTPCompression": "",
                                    "iRules": [
                                            "choose_pool"
                                    ],
                                    "profileTCP": {
                                            "bigip": "/Common/mptcp-mobile-optimized"
                                    }
                            },
                            "dfl_pool": {
                                    "class": "Pool",
                                    "monitors": [
                                            "http"
                                    ],
                                    "members": [{
                                            "servicePort": 80,
                                            "serverAddresses": [
                                                    "192.0.3.10",
                                                    "192.0.3.11"
                                            ]
                                    }]
                            },
                            "pvt_pool": {
                                    "class": "Pool",
                                    "monitors": [
                                            "http"
                                    ],
                                    "members": [{
                                            "servicePort": 80,
                                            "serverAddresses": [
                                                    "192.0.3.20",
                                                    "192.0.3.21"
                                            ]
                                    }]
                            },
                            "choose_pool": {
                                    "class": "iRule",
                                    "remark": "choose private pool based on IP",
                                    "iRule": "when CLIENT_ACCEPTED {\nif {[IP::client_addr] starts_with \"10.\"} {\n pool `*pvt_pool`\n }\n}"
                            }
                    }
            }
    }
}

Example 6: TCP load-balanced to ICAP with custom monitor

This example creates the following objects on the BIG-IP:

  • Partition (tenant) named Sample_06.
  • A TCP virtual server named serviceMain on port 1344 (called _A1 in the BIG-IP GUI).
  • A TCP profile using the mptcp-mobile-optimized parent.
  • A pool named svc_pool containing two members (also using port 1344).
  • A custom TCP health monitor with custom Send and Receive strings for ICAP.
{
   "class": "AS3",
   "action": "deploy",
   "persist": true,
   "declaration": {
           "class": "ADC",
           "schemaVersion": "3.0.0",
           "id": "123456abcd",
           "label": "Sample 6",
           "remark": "TCP load-balanced to ICAP with custom monitor",
           "Sample_06": {
                   "class": "Tenant",
                   "A1": {
                           "class": "Application",
                           "template": "tcp",
                           "serviceMain": {
                                   "class": "Service_TCP",
                                   "virtualAddresses": [
                                           "10.0.5.10"
                                   ],
                                   "virtualPort": 1344,
                                   "pool": "svc_pool"
                           },
                           "svc_pool": {
                                   "class": "Pool",
                                   "monitors": [{
                                           "use": "icap_monitor"
                                   }],
                                   "members": [{
                                           "servicePort": 1344,
                                           "serverAddresses": [
                                                   "192.0.5.10",
                                                   "192.0.5.11"
                                           ]
                                   }]
                           },
                           "icap_monitor": {
                                   "class": "Monitor",
                                   "monitorType": "tcp",
                                   "send": "OPTIONS icap://icap.example.net/ ICAP/1.0\r\nUser-Agent: f5-ADC\r\n\r\n",
                                   "receive": "ICAP/1.0 200 OK",
                                   "adaptive": false
                           }
                   }
           }
   }
}

Example 7: HTTP with custom persistence

This example creates the following objects on the BIG-IP:

  • Partition (tenant) named Sample_07.
  • An HTTP virtual server named serviceMain (called _A1 in the BIG-IP GUI).
  • A pool named web_pool containing two members using the HTTP health monitor.
  • A custom persistence profile based on cookie persistence for JSESSIONID.
{
  "class": "AS3",
  "action": "deploy",
  "persist": true,
  "declaration": {
     "class": "ADC",
     "schemaVersion": "3.0.0",
     "id": "fghijkl7890",
     "label": "Sample 6",
     "remark": "HTTP with custom persistence",
     "Sample_07": {
        "class": "Tenant",
        "A1": {
           "class": "Application",
           "template": "http",
           "serviceMain": {
              "class": "Service_HTTP",
              "virtualAddresses": [
                 "10.0.6.10"
              ],
              "pool": "web_pool",
              "persistenceMethods": [{
                 "use": "jsessionid"
              }]
           },
           "web_pool": {
              "class": "Pool",
              "monitors": [
                 "http"
              ],
              "members": [{
                 "servicePort": 80,
                 "serverAddresses": [
                    "192.0.6.10",
                    "192.0.6.11"
                 ]
              }]
           },
           "jsessionid": {
              "class": "Persist",
              "persistenceMethod": "cookie",
              "cookieMethod": "hash",
              "cookieName": "JSESSIONID"
           }
        }
     }
  }
}

Example 8: HTTP with additional virtual server for corporate clients

This example creates the following objects on the BIG-IP:

  • Partition (tenant) named Sample_08.
  • Two HTTP virtual servers named serviceMain (called _A1 in the BIG-IP GUI) and pvt_vs.
  • A pool named web_pool containing two members using the HTTP health monitor. Both virtual servers reference this pool.
  • A custom persistence profile based on cookie persistence for JSESSIONID.
{
   "class": "AS3",
   "action": "deploy",
   "persist": true,
   "declaration": {
      "class": "ADC",
      "schemaVersion": "3.0.0",
      "id": "urn:uuid:76f06c5a-b673-430d-8df4-d817cb3b9f3c",
      "label": "Sample 8",
      "remark": "HTTP with extra corp-only virtual",
      "controls": {
         "trace": true
      },
      "Sample_08": {
         "class": "Tenant",
         "A1": {
            "class": "Application",
            "template": "http",
            "serviceMain": {
               "class": "Service_HTTP",
               "virtualAddresses": [
                  "10.0.7.10"
               ],
               "pool": "web_pool",
               "persistenceMethods": [{
                  "use": "jsessionid"
               }]
            },
            "pvt_vs": {
               "class": "Service_HTTP",
               "remark": "Serves corporate LAN clients only",
               "virtualAddresses": [
                  [
                     "10.1.7.10",
                     "10.0.0.0/8"
                  ]
               ],
               "snatpool": "auto",
               "pool": "web_pool"
            },
            "web_pool": {
               "class": "Pool",
               "monitors": [
                  "http"
               ],
               "members": [{
                  "servicePort": 80,
                  "serverAddresses": [
                     "192.0.7.10",
                     "192.0.7.11"
                  ]
               }]
            },
            "jsessionid": {
               "class": "Persist",
               "persistenceMethod": "cookie",
               "cookieMethod": "hash",
               "cookieName": "JSESSIONID"
            }
         }
      }
   }
}

Example 9: HTTP and HTTPS virtual servers in one declaration

This example creates the following objects on the BIG-IP:

  • Partition (tenant) named Sample_09.
  • An HTTP virtual server named serviceMain (called _A1 in the BIG-IP GUI) and an HTTPS virtual server named A2.
  • A pool named gce_pool and a pool named web_pool, each containing two members using the HTTP health monitor.
  • TLS/SSL profile (including certificate and private key) named TLS_Server. In the BIG-IP UI, this is a Client SSL profile.
{
   "class": "AS3",
   "action": "deploy",
   "persist": true,
   "declaration": {
      "class": "ADC",
      "schemaVersion": "3.0.0",
      "id": "lmnop543421",
      "label": "Sample 9",
      "remark": "An HTTP and an HTTPS application",
      "controls": {
         "trace": true
      },
      "Sample_09": {
         "class": "Tenant",
         "A1": {
             "class": "Application",
             "template": "http",
             "serviceMain": {
                 "class": "Service_HTTP",
                 "virtualAddresses": [
                 "10.0.9.10"
                 ],
                 "pool": "gce_pool"
             },
             "gce_pool": {
                 "class": "Pool",
                 "monitors": [
                     "http"
                 ],
                 "members": [
                     {
                         "serverAddresses": [
                             "192.0.7.10",
                             "192.0.7.11"
                         ]
                     }
                 ]
             }
         },
         "A2": {
            "class": "Application",
            "template": "https",
            "serviceMain": {
               "class": "Service_HTTPS",
               "virtualAddresses": [
                  "10.0.9.20"
               ],
               "pool": "web_pool",
               "serverTLS": "webtls"
            },
            "web_pool": {
               "class": "Pool",
               "monitors": [
                  "http"
               ],
               "members": [{
                   "servicePort": 80,
                   "serverAddresses": [
                      "192.0.9.10",
                      "192.0.9.11"
                   ]
               }]
            },
            "webtls": {
               "class": "TLS_Server",
               "certificates": [{
                  "certificate": "webcert"
               }]
            },
            "webcert": {
               "class": "Certificate",
               "remark": "in practice we recommend using a passphrase",
               "certificate": "-----BEGIN CERTIFICATE-----\nMIICnDCCAgWgAwIBAgIJAJ5n2b0OCEjwMA0GCSqGSIb3DQEBCwUAMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRQwEgYDVQQKDAtmNV9OZXR3b3JrczEbMBkGA1UEAwwSc2FtcGxlLmV4YW1wbGUubmV0MB4XDTE3MTEyNjE5NTAyNFoXDTE4MDIyNTE5NTAyNFowZzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFDASBgNVBAoMC2Y1X05ldHdvcmtzMRswGQYDVQQDDBJzYW1wbGUuZXhhbXBsZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALEsuXmSXVQpYjrZPW+WiTBjn491mwZYT7Q92V1HlSBtM6WdWlK1aZN5sovfKtOX7Yrm8xa+e4o/zJ2QYLyyv5O+t2EGN/4qUEjEAPY9mwJdfzRQy6Hyzm84J0QkTuUJ/EjNuPji3D0QJRALUTzu1UqqDCEtiN9OGyXEkh7uvb7BAgMBAAGjUDBOMB0GA1UdDgQWBBSVHPNrGWrjWyZvckQxFYWO59FRFjAfBgNVHSMEGDAWgBSVHPNrGWrjWyZvckQxFYWO59FRFjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAJeJ9SEckEwPhkXOm+IuqfbUS/RcziifBCTmVyE+Fa/j9pKSYTgiEBNdbJeBEa+gPMlQtbV7Y2dy8TKx/8axVBHiXC5geDML7caxOrAyHYBpnx690xJTh5OIORBBM/a/NvaR+P3CoVebr/NPRh9oRNxnntnqvqD7SW0U3ZPe3tJc\n-----END CERTIFICATE-----",
               "privateKey": "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: AES-256-CBC,D8FFCE6B255601587CB54EC29B737D31\n\nkv4Fc3Jn0Ujkj0yRjt+gQQfBLSNF2aRLUENXnlr7Xpzqu0Ahr3jS1bAAnd8IWnsR\nyILqVmKsYF2DoHh0tWiEAQ7/y/fe5DTFhK7N4Wml6kp2yVMkP6KC4ssyYPw27kjK\nDBwBZ5O8Ioej08A5sgsLCmglbmtSPHJUn14pQnMTmLOpEtOsu6S+2ibPgSNpdg0b\nCAJNG/KHe+Vkx59qNDyDeKb7FZOlsX30+y67zUq9GQqJEDuysPJ2BUNP0IJXAjst\nFIt1qNoZew+5KDYs7u/lPxcMGTirUhgI84Jy4WcDvSOsP/tKlxj04TbIE3epmSKy\n+TihHkwY7ngIGtcm3Sfqk5jz2RXoj1/Ac3SW8kVTYaOUogBhn7zAq4Wju6Et4hQG\nRGapsJp1aCeZ/a4RCDTxspcKoMaRa97/URQb0hBRGx3DGUhzpmX9zl7JI2Xa5D3R\nmdBXtjLKYJTdIMdd27prBEKhMUpae2rz5Mw4J907wZeBq/wu+zp8LAnecfTe2nGY\nE32x1U7gSEdYOGqnwxsOexb1jKgCa67Nw9TmcMPV8zmH7R9qdvgxAbAtwBl1F9OS\nfcGaC7epf1AjJLtaX7krWmzgASHl28Ynh9lmGMdv+5QYMZvKG0LOg/n3m8uJ6sKy\nIzzvaJswwn0j5P5+czyoV5CvvdCfKnNb+3jUEN8I0PPwjBGKr4B1ojwhogTM248V\nHR69D6TxFVMfGpyJhCPkbGEGbpEpcffpgKuC/mEtMqyDQXJNaV5HO6HgAJ9F1P6v\n5ehHHTMRvzCCFiwndHdlMXUjqSNjww6me6dr6LiAPbejdzhL2vWx1YqebOcwQx3G\n-----END RSA PRIVATE KEY-----",
               "passphrase": {
                   "ciphertext": "ZjVmNQ==",
                   "protected": "eyJhbGciOiJkaXIiLCJlbmMiOiJub25lIn0"
               }
           }
         }
      }
   }
}

Example 10: Two applications sharing a pool

In this example, we show a declaration that creates two applications that use the same load balancing pool. In this scenario, one of our virtual servers is for HTTP (port 80) traffic and one for HTTPS (port 443) traffic. It creates the following objects on the BIG-IP:

  • Partition (tenant) named Sample_10.
  • Three virtual servers, one HTTP and one HTTPS. The names are _A1, _A2, and a _A2-Redirect (created by default to redirect port 80 traffic to 443).
  • TLS/SSL profile (including certificate and private key) named TLS_Server. In the BIG-IP UI, this is a Client SSL profile.
  • Pool named dual_pool with 2 members monitored by the default HTTP health monitor. Both virtual servers reference this same pool.
{
   "class": "AS3",
   "action": "deploy",
   "persist": true,
   "declaration": {
      "class": "ADC",
      "schemaVersion": "3.0.0",
      "id": "zyxwu8675309",
      "label": "Sample 10",
      "remark": "Two applications sharing a pool",
      "Sample_10": {
         "class": "Tenant",
         "Shared": {
            "class": "Application",
            "template": "shared",
            "dual_pool": {
               "class": "Pool",
               "monitors": [
                  "http"
               ],
               "members": [{
                  "servicePort": 80,
                  "serverAddresses": [
                     "192.0.10.10",
                     "192.0.10.11"
                  ]
               }]
            }
         },
         "A1": {
            "class": "Application",
            "template": "http",
            "serviceMain": {
               "class": "Service_HTTP",
               "virtualAddresses": [
                  "10.0.10.10"
               ],
               "pool": "/Sample_10/Shared/dual_pool"
            }
         },
         "A2": {
            "class": "Application",
            "template": "https",
            "serviceMain": {
               "class": "Service_HTTPS",
               "virtualAddresses": [
                  "10.0.10.20"
               ],
               "pool": "/Sample_10/Shared/dual_pool",
               "serverTLS": "webtls"
            },
            "webtls": {
               "class": "TLS_Server",
               "certificates": [{
                  "certificate": "webcert"
               }]
            },
            "webcert": {
               "class": "Certificate",
               "remark": "in practice we recommend using a passphrase",
               "certificate": "-----BEGIN CERTIFICATE-----\nMIICnDCCAgWgAwIBAgIJAJ5n2b0OCEjwMA0GCSqGSIb3DQEBCwUAMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRQwEgYDVQQKDAtmNV9OZXR3b3JrczEbMBkGA1UEAwwSc2FtcGxlLmV4YW1wbGUubmV0MB4XDTE3MTEyNjE5NTAyNFoXDTE4MDIyNTE5NTAyNFowZzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFDASBgNVBAoMC2Y1X05ldHdvcmtzMRswGQYDVQQDDBJzYW1wbGUuZXhhbXBsZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALEsuXmSXVQpYjrZPW+WiTBjn491mwZYT7Q92V1HlSBtM6WdWlK1aZN5sovfKtOX7Yrm8xa+e4o/zJ2QYLyyv5O+t2EGN/4qUEjEAPY9mwJdfzRQy6Hyzm84J0QkTuUJ/EjNuPji3D0QJRALUTzu1UqqDCEtiN9OGyXEkh7uvb7BAgMBAAGjUDBOMB0GA1UdDgQWBBSVHPNrGWrjWyZvckQxFYWO59FRFjAfBgNVHSMEGDAWgBSVHPNrGWrjWyZvckQxFYWO59FRFjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAJeJ9SEckEwPhkXOm+IuqfbUS/RcziifBCTmVyE+Fa/j9pKSYTgiEBNdbJeBEa+gPMlQtbV7Y2dy8TKx/8axVBHiXC5geDML7caxOrAyHYBpnx690xJTh5OIORBBM/a/NvaR+P3CoVebr/NPRh9oRNxnntnqvqD7SW0U3ZPe3tJc\n-----END CERTIFICATE-----",
               "privateKey": "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: AES-256-CBC,D8FFCE6B255601587CB54EC29B737D31\n\nkv4Fc3Jn0Ujkj0yRjt+gQQfBLSNF2aRLUENXnlr7Xpzqu0Ahr3jS1bAAnd8IWnsR\nyILqVmKsYF2DoHh0tWiEAQ7/y/fe5DTFhK7N4Wml6kp2yVMkP6KC4ssyYPw27kjK\nDBwBZ5O8Ioej08A5sgsLCmglbmtSPHJUn14pQnMTmLOpEtOsu6S+2ibPgSNpdg0b\nCAJNG/KHe+Vkx59qNDyDeKb7FZOlsX30+y67zUq9GQqJEDuysPJ2BUNP0IJXAjst\nFIt1qNoZew+5KDYs7u/lPxcMGTirUhgI84Jy4WcDvSOsP/tKlxj04TbIE3epmSKy\n+TihHkwY7ngIGtcm3Sfqk5jz2RXoj1/Ac3SW8kVTYaOUogBhn7zAq4Wju6Et4hQG\nRGapsJp1aCeZ/a4RCDTxspcKoMaRa97/URQb0hBRGx3DGUhzpmX9zl7JI2Xa5D3R\nmdBXtjLKYJTdIMdd27prBEKhMUpae2rz5Mw4J907wZeBq/wu+zp8LAnecfTe2nGY\nE32x1U7gSEdYOGqnwxsOexb1jKgCa67Nw9TmcMPV8zmH7R9qdvgxAbAtwBl1F9OS\nfcGaC7epf1AjJLtaX7krWmzgASHl28Ynh9lmGMdv+5QYMZvKG0LOg/n3m8uJ6sKy\nIzzvaJswwn0j5P5+czyoV5CvvdCfKnNb+3jUEN8I0PPwjBGKr4B1ojwhogTM248V\nHR69D6TxFVMfGpyJhCPkbGEGbpEpcffpgKuC/mEtMqyDQXJNaV5HO6HgAJ9F1P6v\n5ehHHTMRvzCCFiwndHdlMXUjqSNjww6me6dr6LiAPbejdzhL2vWx1YqebOcwQx3G\n-----END RSA PRIVATE KEY-----",
               "passphrase": {
                   "ciphertext": "ZjVmNQ==",
                   "protected": "eyJhbGciOiJkaXIiLCJlbmMiOiJub25lIn0"
               }
           }
         }
      }
   }
}

Example 11: UDP virtual server

This example is a sample of a UDP DNS load balancer service, and creates the following objects on the BIG-IP:

  • Partition (tenant) named Sample_11.
  • A UDP virtual server named serviceMain on port 53.
  • A pool named Pool1 monitored by the default ICMP health monitor.
  {
   "class": "AS3",
   "action": "deploy",
   "declaration": {
       "class": "ADC",
       "schemaVersion": "3.0.0",
       "id": "UDP_DNS_Sample",
       "label": "UDP_DNS_Sample",
       "remark": "Sample of a UDP DNS Load Balancer Service",
       "Sample_11": {
           "class": "Tenant",
           "DNS_Service": {
               "class": "Application",
               "template": "udp",
               "serviceMain": {
                   "class": "Service_UDP",
                   "virtualPort": 53,
                   "virtualAddresses": [
                       "10.1.20.121"
                   ],
                   "pool": "Pool1"
               },
               "Pool1": {
                   "class": "Pool",
                   "monitors": [
                       "icmp"
                   ],
                   "members": [
                       {
                           "servicePort": 53,
                           "serverAddresses": [
                               "10.1.10.100"
                           ]
                       },
                       {
                           "servicePort": 53,
                           "serverAddresses": [
                               "10.1.10.101"
                           ]
                       }

                   ]
               }
           }
       }
   }
}