Migration from Application Services iApp AS2 to AS3¶
The purpose of this page is to provide guide migrating from the Application Services iApp AS2 using iWorkflow service catalog to Application Services 3 Extension (referred to as AS3 extension or more often simply AS3). This migration will focus on the following feature collections commonly used with iWorkflow 2.3.0 service catalog and Application Services iApp AS2.
- f5-https-offload_v2.0.004
- f5-http-lb_v2.0.004
- f5-fastl4-tcp-lb_v2.0.004
- f5-fastl4-udp-lb_v2.0.004
- f5-fasthttp-lb_v2.0.004
- f5-http-url-routing-lb_v2.0.004 - Work in progress
- f5-https-waf-lb_v2.0.004
Getting Started¶
The Application Services 3 Extension uses a declarative model that is different than Application Services iApp AS2. To get started with AS3, see About AS3.
AS3 simplifies migrating from the Application Services iApp AS2 due to the JSON schema and declaration the use of ADC defaults. An AS3 declaration doesn’t require index columns used by certain APL Tables in Application Services iApp AS2. Also AS3 does not require advanced options or create string syntax. Additionally, AS3 doesn’t need certain fields to expose functionality specific entry for the field/table/column in question in the Presentation Layer Reference.
f5-https-offload_v2.0.004¶
A migration AS3 declaration for following feature collection f5-https-offload_v2.0.004 could look like:
{
"class": "ADC",
"schemaVersion": "3.0.0",
"id": "f5-https-offload_v2.0.004",
"label": "Sample 1",
"remark": "f5-https-offload",
"Sample_01": {
"class": "Tenant",
"A1": {
"class": "Application",
"template": "https",
"serviceMain": {
"class": "Service_HTTPS",
"virtualAddresses": [
"192.168.100.61"
],
"pool": "web_pool",
"serverTLS": "webtls"
},
"web_pool": {
"class": "Pool",
"monitors": [
"http"
],
"members": [
{
"servicePort": 8080,
"serverAddresses": [
"10.128.0.214",
"10.128.0.215",
"10.128.0.216",
"10.128.0.217",
"10.128.0.218"
]
}
]
},
"webtls": {
"class": "TLS_Server",
"certificates": [
{
"certificate": "webcert"
}
]
},
"webcert": {
"class": "Certificate",
"certificate": "-----BEGIN CERTIFICATE-----\nMIICnDCCAgWgAwIBAgIJAJ5n2b0OCEjwMA0GCSqGSIb3DQEBCwUAMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRQwEgYDVQQKDAtmNV9OZXR3b3JrczEbMBkGA1UEAwwSc2FtcGxlLmV4YW1wbGUubmV0MB4XDTE3MTEyNjE5NTAyNFoXDTE4MDIyNTE5NTAyNFowZzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFDASBgNVBAoMC2Y1X05ldHdvcmtzMRswGQYDVQQDDBJzYW1wbGUuZXhhbXBsZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALEsuXmSXVQpYjrZPW+WiTBjn491mwZYT7Q92V1HlSBtM6WdWlK1aZN5sovfKtOX7Yrm8xa+e4o/zJ2QYLyyv5O+t2EGN/4qUEjEAPY9mwJdfzRQy6Hyzm84J0QkTuUJ/EjNuPji3D0QJRALUTzu1UqqDCEtiN9OGyXEkh7uvb7BAgMBAAGjUDBOMB0GA1UdDgQWBBSVHPNrGWrjWyZvckQxFYWO59FRFjAfBgNVHSMEGDAWgBSVHPNrGWrjWyZvckQxFYWO59FRFjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAJeJ9SEckEwPhkXOm+IuqfbUS/RcziifBCTmVyE+Fa/j9pKSYTgiEBNdbJeBEa+gPMlQtbV7Y2dy8TKx/8axVBHiXC5geDML7caxOrAyHYBpnx690xJTh5OIORBBM/a/NvaR+P3CoVebr/NPRh9oRNxnntnqvqD7SW0U3ZPe3tJc\n-----END CERTIFICATE-----",
"privateKey": "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: AES-256-CBC,D8FFCE6B255601587CB54EC29B737D31\n\nkv4Fc3Jn0Ujkj0yRjt+gQQfBLSNF2aRLUENXnlr7Xpzqu0Ahr3jS1bAAnd8IWnsR\nyILqVmKsYF2DoHh0tWiEAQ7/y/fe5DTFhK7N4Wml6kp2yVMkP6KC4ssyYPw27kjK\nDBwBZ5O8Ioej08A5sgsLCmglbmtSPHJUn14pQnMTmLOpEtOsu6S+2ibPgSNpdg0b\nCAJNG/KHe+Vkx59qNDyDeKb7FZOlsX30+y67zUq9GQqJEDuysPJ2BUNP0IJXAjst\nFIt1qNoZew+5KDYs7u/lPxcMGTirUhgI84Jy4WcDvSOsP/tKlxj04TbIE3epmSKy\n+TihHkwY7ngIGtcm3Sfqk5jz2RXoj1/Ac3SW8kVTYaOUogBhn7zAq4Wju6Et4hQG\nRGapsJp1aCeZ/a4RCDTxspcKoMaRa97/URQb0hBRGx3DGUhzpmX9zl7JI2Xa5D3R\nmdBXtjLKYJTdIMdd27prBEKhMUpae2rz5Mw4J907wZeBq/wu+zp8LAnecfTe2nGY\nE32x1U7gSEdYOGqnwxsOexb1jKgCa67Nw9TmcMPV8zmH7R9qdvgxAbAtwBl1F9OS\nfcGaC7epf1AjJLtaX7krWmzgASHl28Ynh9lmGMdv+5QYMZvKG0LOg/n3m8uJ6sKy\nIzzvaJswwn0j5P5+czyoV5CvvdCfKnNb+3jUEN8I0PPwjBGKr4B1ojwhogTM248V\nHR69D6TxFVMfGpyJhCPkbGEGbpEpcffpgKuC/mEtMqyDQXJNaV5HO6HgAJ9F1P6v\n5ehHHTMRvzCCFiwndHdlMXUjqSNjww6me6dr6LiAPbejdzhL2vWx1YqebOcwQx3G\n-----END RSA PRIVATE KEY-----",
"passphrase": {
"ciphertext": "ZjVmNQ==",
"protected": "eyJhbGciOiJkaXIiLCJlbmMiOiJub25lIn0"
}
}
}
}
}
f5-http-lb_v2.0.004¶
A migration AS3 declaration for following feature collection f5-http-lb_v2.0.004 could look like:
{
"class": "AS3",
"action": "deploy",
"persist": true,
"declaration": {
"class": "ADC",
"schemaVersion": "3.0.0",
"id": "f5-http-lb_v2.0.004",
"label": "Sample 2",
"remark": "f5-http-lb",
"Sample_02": {
"class": "Tenant",
"A1": {
"class": "Application",
"template": "http",
"serviceMain": {
"class": "Service_HTTP",
"virtualAddresses": [
"192.168.100.62"
],
"pool": "web_pool"
},
"web_pool": {
"class": "Pool",
"monitors": [
"http"
],
"members": [
{
"servicePort": 8080,
"serverAddresses": [
"10.128.0.209",
"10.128.0.210",
"10.128.0.211",
"10.128.0.212",
"10.128.0.213"
]
}
]
}
}
}
}
}
f5-fastl4-tcp-lb_v2.0.004¶
A migration AS3 declaration for following feature collection f5-fastl4-tcp-lb_v2.0.004 could look like:
{
"class": "ADC",
"schemaVersion": "3.0.0",
"id": "f5-fastl4-tcp-lb_v2.0.004",
"label": "Sample 3",
"remark": "f5-fastl4-tcp-lb",
"Sample_03": {
"class": "Tenant",
"A1": {
"class": "Application",
"template": "l4",
"serviceMain": {
"class": "Service_L4",
"virtualAddresses": [
"192.168.100.62"
],
"profileL4": "basic",
"virtualPort": 81,
"pool": "svc_pool"
},
"svc_pool": {
"class": "Pool",
"monitors": [
{
"use": "tcp_monitor"
}
],
"members": [
{
"servicePort": 8080,
"serverAddresses": [
"10.128.0.209",
"10.128.0.210",
"10.128.0.211",
"10.128.0.212",
"10.128.0.213"
]
}
]
},
"tcp_monitor": {
"class": "Monitor",
"monitorType": "tcp",
"targetPort": 8080,
"send": "",
"receive": ""
}
}
}
}
f5-fastl4-udp-lb_v2.0.004¶
A migration AS3 declaration for following feature collection f5-fastl4-udp-lb_v2.0.004 could look like:
{
"class": "ADC",
"schemaVersion": "3.0.0",
"id": "f5-fastl4-udp-lb_v2.0.004",
"label": "Sample 4",
"remark": "f5-fastl4-udp-lb",
"Sample_04": {
"class": "Tenant",
"A1": {
"class": "Application",
"template": "l4",
"serviceMain": {
"class": "Service_L4",
"layer4":"udp",
"virtualAddresses": [
"192.168.100.63"
],
"profileL4": "basic",
"virtualPort": 53,
"pool": "svc_pool"
},
"svc_pool": {
"class": "Pool",
"monitors": [
{
"use": "udp_monitor"
}
],
"members": [
{
"servicePort": 53,
"serverAddresses": [
"10.128.0.209",
"10.128.0.210",
"10.128.0.211",
"10.128.0.212",
"10.128.0.213"
]
}
]
},
"udp_monitor": {
"class": "Monitor",
"monitorType": "udp",
"targetPort": 53,
"send": "",
"receive": ""
}
}
}
}
f5-fasthttp-lb_v2.0.004¶
AS3 doesn’t currently have support for Performance (HTTP) and Protocol Profile (Client) FastHTTP.
f5-https-waf-lb_v2.0.004¶
When using AS3 to reference a security policy the policy must already exist on the BIG-IP. A migration AS3 declaration for following feature collection f5-https-waf-lb_v2.0.004 could look like:
{
"class": "ADC",
"schemaVersion": "3.0.0",
"id": "f5-https-waf-lb_v2.0.004",
"label": "Sample 6",
"remark": "f5-https-waf-lb",
"updateMode": "selective",
"Sample_06": {
"class": "Tenant",
"A1": {
"class": "Application",
"template": "https",
"serviceMain": {
"class": "Service_HTTPS",
"virtualAddresses": [
"192.168.100.66"
],
"pool": "web_pool",
"serverTLS": "webtls",
"policyWAF": {
"bigip": "/Common/linux-high"
}
},
"web_pool": {
"class": "Pool",
"loadBalancingMode": "predictive-node",
"monitors": [
"http"
],
"members": [
{
"servicePort": 8080,
"serverAddresses": [
"10.128.0.209",
"10.128.0.210",
"10.128.0.211",
"10.128.0.212",
"10.128.0.213"
]
}
]
},
"webtls": {
"class": "TLS_Server",
"certificates": [
{
"certificate": "webcert"
}
]
},
"webcert": {
"class": "Certificate",
"certificate": "-----BEGIN CERTIFICATE-----\nMIICnDCCAgWgAwIBAgIJAJ5n2b0OCEjwMA0GCSqGSIb3DQEBCwUAMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRQwEgYDVQQKDAtmNV9OZXR3b3JrczEbMBkGA1UEAwwSc2FtcGxlLmV4YW1wbGUubmV0MB4XDTE3MTEyNjE5NTAyNFoXDTE4MDIyNTE5NTAyNFowZzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFDASBgNVBAoMC2Y1X05ldHdvcmtzMRswGQYDVQQDDBJzYW1wbGUuZXhhbXBsZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALEsuXmSXVQpYjrZPW+WiTBjn491mwZYT7Q92V1HlSBtM6WdWlK1aZN5sovfKtOX7Yrm8xa+e4o/zJ2QYLyyv5O+t2EGN/4qUEjEAPY9mwJdfzRQy6Hyzm84J0QkTuUJ/EjNuPji3D0QJRALUTzu1UqqDCEtiN9OGyXEkh7uvb7BAgMBAAGjUDBOMB0GA1UdDgQWBBSVHPNrGWrjWyZvckQxFYWO59FRFjAfBgNVHSMEGDAWgBSVHPNrGWrjWyZvckQxFYWO59FRFjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAJeJ9SEckEwPhkXOm+IuqfbUS/RcziifBCTmVyE+Fa/j9pKSYTgiEBNdbJeBEa+gPMlQtbV7Y2dy8TKx/8axVBHiXC5geDML7caxOrAyHYBpnx690xJTh5OIORBBM/a/NvaR+P3CoVebr/NPRh9oRNxnntnqvqD7SW0U3ZPe3tJc\n-----END CERTIFICATE-----",
"privateKey": "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: AES-256-CBC,D8FFCE6B255601587CB54EC29B737D31\n\nkv4Fc3Jn0Ujkj0yRjt+gQQfBLSNF2aRLUENXnlr7Xpzqu0Ahr3jS1bAAnd8IWnsR\nyILqVmKsYF2DoHh0tWiEAQ7/y/fe5DTFhK7N4Wml6kp2yVMkP6KC4ssyYPw27kjK\nDBwBZ5O8Ioej08A5sgsLCmglbmtSPHJUn14pQnMTmLOpEtOsu6S+2ibPgSNpdg0b\nCAJNG/KHe+Vkx59qNDyDeKb7FZOlsX30+y67zUq9GQqJEDuysPJ2BUNP0IJXAjst\nFIt1qNoZew+5KDYs7u/lPxcMGTirUhgI84Jy4WcDvSOsP/tKlxj04TbIE3epmSKy\n+TihHkwY7ngIGtcm3Sfqk5jz2RXoj1/Ac3SW8kVTYaOUogBhn7zAq4Wju6Et4hQG\nRGapsJp1aCeZ/a4RCDTxspcKoMaRa97/URQb0hBRGx3DGUhzpmX9zl7JI2Xa5D3R\nmdBXtjLKYJTdIMdd27prBEKhMUpae2rz5Mw4J907wZeBq/wu+zp8LAnecfTe2nGY\nE32x1U7gSEdYOGqnwxsOexb1jKgCa67Nw9TmcMPV8zmH7R9qdvgxAbAtwBl1F9OS\nfcGaC7epf1AjJLtaX7krWmzgASHl28Ynh9lmGMdv+5QYMZvKG0LOg/n3m8uJ6sKy\nIzzvaJswwn0j5P5+czyoV5CvvdCfKnNb+3jUEN8I0PPwjBGKr4B1ojwhogTM248V\nHR69D6TxFVMfGpyJhCPkbGEGbpEpcffpgKuC/mEtMqyDQXJNaV5HO6HgAJ9F1P6v\n5ehHHTMRvzCCFiwndHdlMXUjqSNjww6me6dr6LiAPbejdzhL2vWx1YqebOcwQx3G\n-----END RSA PRIVATE KEY-----",
"passphrase": {
"ciphertext": "ZjVmNQ==",
"protected": "eyJhbGciOiJkaXIiLCJlbmMiOiJub25lIn0"
}
}
}
}
}
Example migration from AS 2.0 to AS 3.0¶
This sections provides an example migration, and also covers some features that you cannot migrate using AS 3.0 (things that are not in AS 3.0, but you can workaround outside of AS 3.0):
- Ability to disable arp/icmp on a virtual-address
Example features that AS 2.0 uses that you can leverage in AS 3.0:
- Tier-1
- http/https virtual server
- attach custom Local Traffic Policy
- attach custom iRule
- attach custom tcp profile
- attach custom http profile (xff headers)
- enable snat automap
- Tier-2
- http/https virtual server
- attach custom Local Traffic Policy
- attach custom iRule
- attach custom tcp profile
- attach custom http profile (xff headers)
- enable snat automap
- attach custom http compression profile
- attach custom web acceleration profile
- fastl4
- create custom fastl4 profile
- disable destination address/port translation (DSR)