Networking¶
Interfaces¶
Interface | Description |
ARP | The ARP interface enables you to work with the ARP table and entries. In 11.0.0, the ARP/NDP entries were changed to use an independent name as an entry identifier. Thus the following methods were deprecated: get_static_entry add_static_entry delete_static_entry replaced by another set of methods: get_static_entry_list create_static_entry set_static_entry_address get_static_entry_address set_static_entry_mac_address get_static_entry_mac_address delete_static_entry_v2 |
AdminIP | The AdminIP interface enables you to work with the definitions and attributes contained in a device&aposs administrative IP. |
BWControllerPolicy | This interface configures the Bandwidth Controller policy components to manage the egress bandwidth per policy, per session or subscriber, per application and various combinations of these. |
BWPriorityGroup | This interface configures the Bandwidth Priority Group components to manage the egress bandwidth per Bandwidth Controller (BWC) Policy instance. An instance is an in memory copy of a BWC Policy. A BWC Priority Group in turn consists of multiple Bandwidth Priority Classes with each one having its own priority. |
DNSResolver | The DNSResolver interface allows you to manage DNS resolvers. The DNS resolver resolves DNS queries and caches the results. It does not validate DNSSEC responses. A forward zone can be defined for a DNS resolver. If the answer to a query is not available in the cache, a DNS resolver configured with a forward zone will forward the query to the nameserver specified for the zone if the name in the query matches the configured zone name. |
IPsecIkeDaemon | This interface configures the IPsec Protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. |
IPsecIkePeer | This interface configures the IPsec Protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. |
IPsecManualSecurityAssociation | This interface configures the IPsec Protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. The Manual Security Association component is used to manually configure the Security Association Database (SAD) entries. The alternative is to use IKE to negotiate automatically keyed security associations. |
IPsecPolicy | This interface configures the IPsec Protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. |
IPsecTrafficSelector | This interface configures the IPsec Protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. The Traffic Selector component specifies what traffic you want the system to protect with IPsec. |
Interfaces | The Interface interface enables you to work with the definitions and attributes contained in a device&aposs interface. |
LLDPGlobals | The LLDPGlobals interface enables you to work with global attributes used to configure LLDP. |
MulticastRoute | The MulticastRoute interface enables you to get the information on all the multicast routes present in the route table. There are multiple methods that allow you to get the multicast routes based on input criteria. Note: This Interface does not allow the user to create, modify or delete the multicast routes. |
PacketFilter | The PacketFilter interface enables you to work with the definitions and attributes of packet filter rules. The goal of the packet filter is to provide a flexible and integrated perimeter security mechanism to explicitly block as well as accept traffic using complex expressions similar to those used by libpcap (e.g. tcpdump). |
PacketFilterGlobals | The PacketFilterGlobals interface enables you to work with the global lists of trusted source addresses and ingress VLANs used in packet filtering, and allows you to view and modify other overall packet filter settings. Note: The system processes exemptions before packet filter rules, so you cannot override such settings with a packet filter rule. Attributes controlling exemptions include: always_accept_arp, always_accept_important_icmp, and those involving trusted VLANs, trusted addresses, and trusted MAC addresses. |
PortMirror | The PortMirror interface enables you to work with the definitions and attributes of port mirroring. |
ProfileFEC | The ProfileFEC interface enables you to configure FEC tunnel profiles used for recovering errors in data transmission over unreliable communication channels. FEC gives the receiver the ability to correct errors without needing a reverse channel to request retransmission of data. |
ProfileGRE | The ProfileGRE interface allows you to manipulate a GRE tunnel profile to configure the General Routing Encapsulation tunneling protocol. The General Routing Encapsulation supports RFC2784, allowing the packets of any L3 protocol to be carried inside encapsulating IP packets. |
ProfileGeneve | The ProfileGeneve interface allows you to manipulate a Geneve tunnel profile to configure a Geneve gateway. A Geneve gateway provides the ability to bridge between a traditional VLAN and a Geneve or NVGRE network. |
ProfileIPIP | The ProfileIPIP interface enables you to manipulate an IP-IP tunnel profile to configure the IP-within-IP tunneling protocol. The IP-within-IP protocol (RFC2003) specifies how to encapsulate an IP packet within another IP packet. |
ProfileIPsec | The ProfileIPsec interface provides IPsec function over the network interface. When packets are sent over the IPsec interface, they are either encrypted/decrypted via the IPsec tunnel or dropped if they failed to pass the IPsec policy. In order to configure an IPsec interface, you need to create an IPsec tunnel profile, which attaches to an IPsec traffic selector, which in turn attaches to an IPsec policy that is in the “interface” mode. The IPsec policy specifies the security association parameters for the IPsec tunnel. |
ProfileLightweight4Over6Tunnel | The ProfileLightweight4Over6Tunnel interface provides Lightweight tunnel function over the network interface. The ProfileLightweight4Over6Tunnel is an IPv4-over-IPv6 tunneling protocol to deliver IPv4 unicast service across an IPv6 infrastructure. This process controlled by a Lightweight tunnel file table and port set id length are embedded in lightweight tunnel profile. As the address mapping information is embedded in the packet itself, Lightweight tunnel profile is stateless. |
ProfileMAP | MAP (Mapping of Address and Port with Encapsulation) is an IPv4-over-IPv6 tunneling protocol to deliver IPv4 unicast service across an IPv6 infrastructure, by deterministically mapping IPv4 address and port numbers to the underlying server providers&apos IPv6 addresses. As the address mapping information is embedded in the packet itself, MAP is stateless. A MAP domain consists of BR (Border Relay) gateways and CE (Customer Edge) devices to provide IPv4 packet tunneling service. BigIPs can provide the BR functionalities, and the MAP tunnel interface profile allows you to set up the MAP tunnel configuration for the MAP BR gateway. |
ProfileV6RD | The 6RD interface profile allows you to set up the 6RD tunnel configuration for 6RD CE and BR gateways. 6RD is yet-another-v6-transition solution, and is used to tunnel IPv6 packets over an IPv4 network by deterministically mapping IPv6 addresses to the underlying SP&aposs IPv4 addresses. As the address mapping information is embedded in the packet itself, 6RD is stateless. |
ProfileVXLAN | The ProfileVXLAN interface allows you to manipulate a VXLAN tunnel profile to configure a VXLAN gateway. A VXLAN gateway provides the ability to bridge between a traditional VLAN and a VXLAN or NVGRE network. |
ProfileWCCPGRE | The ProfileWCCPGRE interface allows you to manipulate a WCCP-GRE tunnel profile to configure the General Routing Encapsulation (GRE - RFC2784) tunnel protocol in conjunction with the Web-Cache Communication Protocol (WCCP). See the Networking/ProfileGRE interface for additional information. |
RouteDomain | *IMPORTANT* This entire interface has been deprecated (as of 11.0.0), due to a change from using numeric identifiers to using names to identify Route Domain objects. Please use the RouteDomainV2 interface. The RouteDomainterface enables you to work with the definitions and attributes contained in a device&aposs route domains. Route domains allow you to specify overlapping IP addresses for different objects in the system. This allows a service provider, for example, to have two different pool members at 10.10.10.1 that represent completely different real servers. The addresses for the two pool members might be 10.10.10.1%1 and 10.10.10.1%2 where the numbers after the percent signs are numeric ids of route domains. |
RouteDomainV2 | The RouteDomainterface enables you to work with the definitions and attributes contained in a device&aposs route domains. Route domains allow you to specify overlapping IP addresses for different objects in the system. This allows a service provider, for example, to have two different pool members at 10.10.10.1 that represent completely different real servers. The addresses for the two pool members might be 10.10.10.1%1 and 10.10.10.1%2 where the numbers after the percent signs are numeric ids of route domains. Note that the source and destination addresses in the firewall methods (get_fw_rule and so on) are type Common::NetAddress, a type which allows one to specify a prefix length after the address, e.g., “10.1.1.0/24” or “10.1.1.0%1/24”. |
RouteTable | *IMPORTANT* This entire interface has been deprecated (as of 11.0.0), since all table entries are now accessed by name. Please use the RouteTableV2 interface. The RouteTable interface enables you to work with the Route table and entries. |
RouteTableV2 | The RouteTable interface enables you to work with the Route table and entries. |
RouterAdvertisement | The RouterAdvertisement interface enables you to create and edit router advertisements defined in the device. Since version 11.2.0 the functionality for router advertisements (RFC 4861) has been integrated into the system. This interface allows you to configure its behavior. |
STPGlobals | The STPGlobals interface enables you to work with global attributes used to configure STP (Spanning Tree Protocol). |
STPInstance | *IMPORTANT* This entire interface has been deprecated (as of 11.0.0), due to a change from using numeric identifiers to using names to identify STP instances. Please use the STPInstanceV2 interface. The STPInstance interface enables you to work with the definitions and attributes associated with an STP instance. |
STPInstanceV2 | The STPInstance interface enables you to work with the definitions and attributes associated with an STP instance. This second version of the interface was created to handle changing the STP instance key from the STP instance identifier to an arbitrary name. Along the way, it also eliminated the unnecessary structures required to handle the STP instance interface members. |
SelfIP | *IMPORTANT* This entire interface has been deprecated (as of 11.0.0), since self IP addresses are accessed by name instead of address. Please use the SelfIPV2 interface. The SelfIP interface enables you to work with the definitions and attributes contained in a device&aposs Self IP. |
SelfIPPortLockdown | *IMPORTANT* This entire interface has been deprecated (as of 11.0.0), since self IP addresses are accessed by name instead of address. Its functionality has been moved to SelfIPV2 interface. The SelfIPPortLockdown interface enables you to lock down protocols and ports on self IP addresses. |
SelfIPV2 | The SelfIP interface enables you to work with the definitions and attributes contained in a device&aposs Self IP. Note that the source and destination addresses in the firewall methods (get_fw_rule and so on) are type Common::NetAddress, a type which allows one to specify a prefix length after the address, e.g., “10.1.1.0/24”. |
Trunk | The Trunk interface enables you to work with the definitions and attributes contained in a device&aposs trunk. |
Tunnel | The Tunnel interface manages a virtual network interface that allows a network protocol to carry packets of another protocol between two endpoints. Once created, it can be used just like a VLAN in BIG-IP configurations. |
VLAN | The VLAN interface enables you to work with the definitions and attributes contained in a device&aposs VLAN. |
VLANGroup | The VLANGroup interface enables you to work with the definitions and attributes contained in a device&aposs VLAN group. |
iSessionAdvertisedRoute | *IMPORTANT* This interface has been deprecated (as of 11.0.0) due to changing the key used to access iSession advertised routes. Please use the iSessionAdvertisedRouteV2 interface in its stead. The iSession AdvertisedRoute interface enables you to work with the definitions and attributes contained in a device&aposs optimized endpoint subnets. |
iSessionAdvertisedRouteV2 | This interface manages routes advertised for optimization reachable through the local endpoint of the WAN Optimization Module. Routes are advertised to all connected WAN Optimization Modules. The remote endpoints use the subnet configuration information to determine peer routing and optimization actions. |
iSessionDatastor | This interface configures the storage used by symmetric data deduplication and used by caching files sent in iSession traffic on the WAN. |
iSessionDeduplication | This interface configures symmetric data deduplication, which compresses iSession traffic on the WAN by identifying and removing repetitive data patterns. |
iSessionLocalInterface | The iSession Local interface enables you to work with the definitions and attributes contained in a device&aposs WAN Optimization Module local endpoint object. This interface includes an object key which is a Common::ULong value. This value is meaningless in itself, and since only one local endpoint can exist, it is of no real use. Its value is ignored in all methods in this interface. |
iSessionPeerDiscovery | The Dynamic Peer Discovery interface enables you to work with the definitions and attributes contained in a device&aposs endpoint discovery objects. This interface includes an object key which is a Common::ULong value. This value is meaningless in itself, and since only one endpoint discovery object can exist, it is of no real use. Its value is ignored in all methods in this interface. |
iSessionRemoteInterface | *IMPORTANT* This interface has been deprecated (as of 11.0.0) due to changing the key used to access iSession remote endpoints. Please use the iSessionRemoteInterfaceV2 interface in its stead. The iSession RemoteInterface interface enables you to work with the definitions and attributes contained in a device&aposs peer iSession Remote Endpoint objects. |
iSessionRemoteInterfaceV2 | Remote endpoint for the traffic from the local WAN Optimization Module endpoint. A single local endpoint can work with multiple remote endpoints. |
Structures¶
Structure
Description
A structure that specifies a tunnel protocol used in profile attributes.
A struct that specifies the WOM 128 bit uuid as two unsigned 64bit values
Enumerations¶
Enumeration | Description |
FilterAction | An enumeration of filter actions. |
FlowControlType | A list of flow control types. |
IPCompAlgorithm | An enumeration of compression algorithms for IP Payload Compression Protocol (IPComp). |
IPsecDiffieHellmanGroup | An enumeration of IPsec Diffie Hellman groups. |
IPsecDirection | An enumeration of IPsec direction types. |
IPsecDynSaEncryptAlgorithm | An enumeration of IPsec dynamic security association (SA) encryption algorithms. |
IPsecIkeEncrAlgorithm | An enumeration of encryption algorithms used for IKE phase 1 negotiation. |
IPsecIkeHashAlgorithm | An enumeration of IPsec security hash algorithms for IKE phase 1 negotiation. |
IPsecIkeLogLevel | An enumeration of IPsec IKE log levels. |
IPsecIkePeerCertType | An enumeration of IPsec IKE peer certificate types. |
IPsecIkePeerGeneratePolicy | An enumeration of IPsec peer generate policy settings. |
IPsecIkePeerIDType | An enumeration of IPsec IKE peer identifier types sent to the remote IKE agent to use in phase 1 negotiation. |
IPsecIkePeerMode | An enumeration of IPsec IKE exchange modes. |
IPsecIkePeerNatTraversal | An enumeration of IPsec IKE peer NAT traversal options. |
IPsecIkeVersion | An enumeration of IPsec IKE peer versions used to negotiate security associations for a IPsec Tunnel. |
IPsecManSaEncrAlgorithm | An enumeration of IPsec manual security association (SA) encryption algorithms. |
IPsecMode | An enumeration of IPsec modes. |
IPsecProtocol | An enumeration of IPsec protocols. |
IPsecSaAuthAlgorithm | An enumeration of IPsec dynamic security association (SA) authentication algorithms. |
IPsecSaManAlgorithm | An enumeration of IPsec manual security association authentication algorithms. |
IPsecSaMethod | An enumeration of the authentication methods used by IKE for phase 1 negotiation. |
IPsecTrafficSelectorAction | An enumeration of IPsec selector actions. |
LearningMode | A list of learning modes. |
MediaStatus | A list of interface media statuses. |
MemberTagMode | A list of member tag-mode types. |
MemberTagType | A list of member tagged/untagged types. |
MemberType | A list of member types. |
PhyMasterSlaveMode | A list of PHY master/slave relationship modes. |
RouteEntryType | A list of route entry types. |
STPLinkType | A list of Spanning Tree Protocol link types. The spanning tree algorithms include important optimizations that can only be used on point-to-point links, that is, on links which connect just two bridges. If these optimizations are used on shared links, incorrect or unstable behavior may result. By default, the implementation assumes that full-duplex links are point-to-point and that half-duplex links are shared. |
STPModeType | A list of Spanning Tree Protocol modes. The difference between STP_MODE_TYPE_DISABLED and STP_MODE_TYPE_PASSTHROUGH is that the pass-through mode forwards spanning tree bridge protocol data units (BPDUs) received on any interface to all other interfaces, whereas the disabled mode discards them. |
STPRoleType | A list of Spanning Tree Protocol role types. |
STPStateType | A list of Spanning Tree Protocol states. |
TunnelProfileType | A list of tunnel profile types. |
TunnelProtocol | An enumeration of tunneling IP protocols. |
Aliases¶
Alias | Type | Description |
FilterActionSequence | FilterAction [] | A sequence of filter actions. |
FlowControlTypeSequence | FlowControlType [] | A sequence of FlowControlTypes. |
IPCompAlgorithmSequence | IPCompAlgorithm [] | A sequence of IPComp compression algorithms. |
IPsecDiffieHellmanGroupSequence | IPsecDiffieHellmanGroup [] | A sequence of IPsec Diffie Hellman group. |
IPsecDirectionSequence | IPsecDirection [] | A sequence of IPsec directions. |
IPsecDynSaEncryptAlgorithmSequence | IPsecDynSaEncryptAlgorithm [] | A sequence of IPsec dynamic security association encryption algorithms. |
IPsecIkeEncrAlgorithmSequence | IPsecIkeEncrAlgorithm [] | A sequence of encryption algorithms used for IKE phase 1 negotiation. |
IPsecIkeHashAlgorithmSequence | IPsecIkeHashAlgorithm [] | A sequence of IPsec security hash algorithms for IKE phase 1 negotiation. |
IPsecIkeLogLevelSequence | IPsecIkeLogLevel [] | A sequence of IPsec IKE log levels. |
IPsecIkePeerCertTypeSequence | IPsecIkePeerCertType [] | A sequence of IPsec IKE peer certificate types. |
IPsecIkePeerGeneratePolicySequence | IPsecIkePeerGeneratePolicy [] | A sequence of IPsec peer generate policy settings. |
IPsecIkePeerIDTypeSequence | IPsecIkePeerIDType [] | A sequence of IPsec IKE peer identifier types sent to the remote IKE agent to use in phase 1 negotiation. |
IPsecIkePeerModeSequence | IPsecIkePeerMode [] | A sequence of IPsec IKE peer modes. |
IPsecIkePeerNatTraversalSequence | IPsecIkePeerNatTraversal [] | A sequence of IPsec peer NAT traversal options. |
IPsecIkeVersionSequence | IPsecIkeVersion [] | A sequence of IPsec IKE peer versions. |
IPsecIkeVersionSequenceSequence | IPsecIkeVersion [] [] | A sequence of IPsec IKE peer version sequences. |
IPsecManSaEncrAlgorithmSequence | IPsecManSaEncrAlgorithm [] | A sequence of IPsec manual security association encryption algorithms. |
IPsecModeSequence | IPsecMode [] | A sequence of IPsec modes. |
IPsecProtocolSequence | IPsecProtocol [] | A sequence of IPsec protocols. |
IPsecSaAuthAlgorithmSequence | IPsecSaAuthAlgorithm [] | A sequence of IPsec security association authentication algorithms. |
IPsecSaManAlgorithmSequence | IPsecSaManAlgorithm [] | A sequence of IPsec manual security association authentication algorithms. |
IPsecSaMethodSequence | IPsecSaMethod [] | A sequence of IPsec security association authentication methods. |
IPsecTrafficSelectorActionSequence | IPsecTrafficSelectorAction [] | A sequence of IPsec traffic selector actions. |
LearningModeSequence | LearningMode [] | A sequence of learning modes. |
MediaStatusSequence | MediaStatus [] | A sequence of interface media statii. |
MemberTagModeSequence | MemberTagMode [] | A sequence of member tag modes. |
MemberTagModeSequenceSequence | MemberTagMode [] [] | A sequence of member tag modes sequences. |
MemberTagTypeSequence | MemberTagType [] | A sequence of member tag types. |
MemberTypeSequence | MemberType [] | A sequence of member types. |
PhyMasterSlaveModeSequence | PhyMasterSlaveMode [] | A sequence of PhyMasterSlaveMode. |
ProfileTunnelProtocolSequence | ProfileTunnelProtocol [] | A sequence of profile tunnel protocols. |
RouteEntryTypeSequence | RouteEntryType [] | A sequence of route entry types. |
STPLinkTypeSequence | STPLinkType [] | A sequence of STP Link types. |
STPModeTypeSequence | STPModeType [] | A sequence of STP Mode types. |
STPRoleTypeSequence | STPRoleType [] | A sequence of STP role types. |
STPRoleTypeSequenceSequence | STPRoleType [] [] | A sequence of STP role type sequences. |
STPStateTypeSequence | STPStateType [] | A sequence of STP state types. |
STPStateTypeSequenceSequence | STPStateType [] [] | A sequence of STP state type sequences. |
TunnelProtocolSequence | TunnelProtocol [] | A sequence of tunneling IP protocols. |
Uuid_128Sequence | Uuid_128 [] | A sequence of WOM name entries. |
See Also¶
Warning
The links to the sample code below are remnants of the old DevCentral wiki and will result in a 404 error. For best results, please copy the link text and search the codeshare directly on DevCentral.
Sample Code¶
The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.