Networking

Introduced : BIG-IP_v9.0
The Networking module contains the L2/L3 interfaces that enable you to get information on, and work with the components, attributes, and objects of Layer 2/3.

Interfaces

Interface Description
ARP The ARP interface enables you to work with the ARP table and entries. In 11.0.0, the ARP/NDP entries were changed to use an independent name as an entry identifier. Thus the following methods were deprecated: get_static_entry add_static_entry delete_static_entry replaced by another set of methods: get_static_entry_list create_static_entry set_static_entry_address get_static_entry_address set_static_entry_mac_address get_static_entry_mac_address delete_static_entry_v2
AdminIP The AdminIP interface enables you to work with the definitions and attributes contained in a device&aposs administrative IP.
BWControllerPolicy This interface configures the Bandwidth Controller policy components to manage the egress bandwidth per policy, per session or subscriber, per application and various combinations of these.
BWPriorityGroup This interface configures the Bandwidth Priority Group components to manage the egress bandwidth per Bandwidth Controller (BWC) Policy instance. An instance is an in memory copy of a BWC Policy. A BWC Priority Group in turn consists of multiple Bandwidth Priority Classes with each one having its own priority.
DNSResolver The DNSResolver interface allows you to manage DNS resolvers. The DNS resolver resolves DNS queries and caches the results. It does not validate DNSSEC responses. A forward zone can be defined for a DNS resolver. If the answer to a query is not available in the cache, a DNS resolver configured with a forward zone will forward the query to the nameserver specified for the zone if the name in the query matches the configured zone name.
IPsecIkeDaemon This interface configures the IPsec Protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session.
IPsecIkePeer This interface configures the IPsec Protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session.
IPsecManualSecurityAssociation This interface configures the IPsec Protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. The Manual Security Association component is used to manually configure the Security Association Database (SAD) entries. The alternative is to use IKE to negotiate automatically keyed security associations.
IPsecPolicy This interface configures the IPsec Protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session.
IPsecTrafficSelector This interface configures the IPsec Protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. The Traffic Selector component specifies what traffic you want the system to protect with IPsec.
Interfaces The Interface interface enables you to work with the definitions and attributes contained in a device&aposs interface.
LLDPGlobals The LLDPGlobals interface enables you to work with global attributes used to configure LLDP.
MulticastRoute The MulticastRoute interface enables you to get the information on all the multicast routes present in the route table. There are multiple methods that allow you to get the multicast routes based on input criteria. Note: This Interface does not allow the user to create, modify or delete the multicast routes.
PacketFilter The PacketFilter interface enables you to work with the definitions and attributes of packet filter rules. The goal of the packet filter is to provide a flexible and integrated perimeter security mechanism to explicitly block as well as accept traffic using complex expressions similar to those used by libpcap (e.g. tcpdump).
PacketFilterGlobals The PacketFilterGlobals interface enables you to work with the global lists of trusted source addresses and ingress VLANs used in packet filtering, and allows you to view and modify other overall packet filter settings. Note: The system processes exemptions before packet filter rules, so you cannot override such settings with a packet filter rule. Attributes controlling exemptions include: always_accept_arp, always_accept_important_icmp, and those involving trusted VLANs, trusted addresses, and trusted MAC addresses.
PortMirror The PortMirror interface enables you to work with the definitions and attributes of port mirroring.
ProfileFEC The ProfileFEC interface enables you to configure FEC tunnel profiles used for recovering errors in data transmission over unreliable communication channels. FEC gives the receiver the ability to correct errors without needing a reverse channel to request retransmission of data.
ProfileGRE The ProfileGRE interface allows you to manipulate a GRE tunnel profile to configure the General Routing Encapsulation tunneling protocol. The General Routing Encapsulation supports RFC2784, allowing the packets of any L3 protocol to be carried inside encapsulating IP packets.
ProfileGeneve The ProfileGeneve interface allows you to manipulate a Geneve tunnel profile to configure a Geneve gateway. A Geneve gateway provides the ability to bridge between a traditional VLAN and a Geneve or NVGRE network.
ProfileIPIP The ProfileIPIP interface enables you to manipulate an IP-IP tunnel profile to configure the IP-within-IP tunneling protocol. The IP-within-IP protocol (RFC2003) specifies how to encapsulate an IP packet within another IP packet.
ProfileIPsec The ProfileIPsec interface provides IPsec function over the network interface. When packets are sent over the IPsec interface, they are either encrypted/decrypted via the IPsec tunnel or dropped if they failed to pass the IPsec policy. In order to configure an IPsec interface, you need to create an IPsec tunnel profile, which attaches to an IPsec traffic selector, which in turn attaches to an IPsec policy that is in the “interface” mode. The IPsec policy specifies the security association parameters for the IPsec tunnel.
ProfileLightweight4Over6Tunnel The ProfileLightweight4Over6Tunnel interface provides Lightweight tunnel function over the network interface. The ProfileLightweight4Over6Tunnel is an IPv4-over-IPv6 tunneling protocol to deliver IPv4 unicast service across an IPv6 infrastructure. This process controlled by a Lightweight tunnel file table and port set id length are embedded in lightweight tunnel profile. As the address mapping information is embedded in the packet itself, Lightweight tunnel profile is stateless.
ProfileMAP MAP (Mapping of Address and Port with Encapsulation) is an IPv4-over-IPv6 tunneling protocol to deliver IPv4 unicast service across an IPv6 infrastructure, by deterministically mapping IPv4 address and port numbers to the underlying server providers&apos IPv6 addresses. As the address mapping information is embedded in the packet itself, MAP is stateless. A MAP domain consists of BR (Border Relay) gateways and CE (Customer Edge) devices to provide IPv4 packet tunneling service. BigIPs can provide the BR functionalities, and the MAP tunnel interface profile allows you to set up the MAP tunnel configuration for the MAP BR gateway.
ProfileV6RD The 6RD interface profile allows you to set up the 6RD tunnel configuration for 6RD CE and BR gateways. 6RD is yet-another-v6-transition solution, and is used to tunnel IPv6 packets over an IPv4 network by deterministically mapping IPv6 addresses to the underlying SP&aposs IPv4 addresses. As the address mapping information is embedded in the packet itself, 6RD is stateless.
ProfileVXLAN The ProfileVXLAN interface allows you to manipulate a VXLAN tunnel profile to configure a VXLAN gateway. A VXLAN gateway provides the ability to bridge between a traditional VLAN and a VXLAN or NVGRE network.
ProfileWCCPGRE The ProfileWCCPGRE interface allows you to manipulate a WCCP-GRE tunnel profile to configure the General Routing Encapsulation (GRE - RFC2784) tunnel protocol in conjunction with the Web-Cache Communication Protocol (WCCP). See the Networking/ProfileGRE interface for additional information.
RouteDomain *IMPORTANT* This entire interface has been deprecated (as of 11.0.0), due to a change from using numeric identifiers to using names to identify Route Domain objects. Please use the RouteDomainV2 interface. The RouteDomainterface enables you to work with the definitions and attributes contained in a device&aposs route domains. Route domains allow you to specify overlapping IP addresses for different objects in the system. This allows a service provider, for example, to have two different pool members at 10.10.10.1 that represent completely different real servers. The addresses for the two pool members might be 10.10.10.1%1 and 10.10.10.1%2 where the numbers after the percent signs are numeric ids of route domains.
RouteDomainV2 The RouteDomainterface enables you to work with the definitions and attributes contained in a device&aposs route domains. Route domains allow you to specify overlapping IP addresses for different objects in the system. This allows a service provider, for example, to have two different pool members at 10.10.10.1 that represent completely different real servers. The addresses for the two pool members might be 10.10.10.1%1 and 10.10.10.1%2 where the numbers after the percent signs are numeric ids of route domains. Note that the source and destination addresses in the firewall methods (get_fw_rule and so on) are type Common::NetAddress, a type which allows one to specify a prefix length after the address, e.g., “10.1.1.0/24” or “10.1.1.0%1/24”.
RouteTable *IMPORTANT* This entire interface has been deprecated (as of 11.0.0), since all table entries are now accessed by name. Please use the RouteTableV2 interface. The RouteTable interface enables you to work with the Route table and entries.
RouteTableV2 The RouteTable interface enables you to work with the Route table and entries.
RouterAdvertisement The RouterAdvertisement interface enables you to create and edit router advertisements defined in the device. Since version 11.2.0 the functionality for router advertisements (RFC 4861) has been integrated into the system. This interface allows you to configure its behavior.
STPGlobals The STPGlobals interface enables you to work with global attributes used to configure STP (Spanning Tree Protocol).
STPInstance *IMPORTANT* This entire interface has been deprecated (as of 11.0.0), due to a change from using numeric identifiers to using names to identify STP instances. Please use the STPInstanceV2 interface. The STPInstance interface enables you to work with the definitions and attributes associated with an STP instance.
STPInstanceV2 The STPInstance interface enables you to work with the definitions and attributes associated with an STP instance. This second version of the interface was created to handle changing the STP instance key from the STP instance identifier to an arbitrary name. Along the way, it also eliminated the unnecessary structures required to handle the STP instance interface members.
SelfIP *IMPORTANT* This entire interface has been deprecated (as of 11.0.0), since self IP addresses are accessed by name instead of address. Please use the SelfIPV2 interface. The SelfIP interface enables you to work with the definitions and attributes contained in a device&aposs Self IP.
SelfIPPortLockdown *IMPORTANT* This entire interface has been deprecated (as of 11.0.0), since self IP addresses are accessed by name instead of address. Its functionality has been moved to SelfIPV2 interface. The SelfIPPortLockdown interface enables you to lock down protocols and ports on self IP addresses.
SelfIPV2 The SelfIP interface enables you to work with the definitions and attributes contained in a device&aposs Self IP. Note that the source and destination addresses in the firewall methods (get_fw_rule and so on) are type Common::NetAddress, a type which allows one to specify a prefix length after the address, e.g., “10.1.1.0/24”.
Trunk The Trunk interface enables you to work with the definitions and attributes contained in a device&aposs trunk.
Tunnel The Tunnel interface manages a virtual network interface that allows a network protocol to carry packets of another protocol between two endpoints. Once created, it can be used just like a VLAN in BIG-IP configurations.
VLAN The VLAN interface enables you to work with the definitions and attributes contained in a device&aposs VLAN.
VLANGroup The VLANGroup interface enables you to work with the definitions and attributes contained in a device&aposs VLAN group.
iSessionAdvertisedRoute *IMPORTANT* This interface has been deprecated (as of 11.0.0) due to changing the key used to access iSession advertised routes. Please use the iSessionAdvertisedRouteV2 interface in its stead. The iSession AdvertisedRoute interface enables you to work with the definitions and attributes contained in a device&aposs optimized endpoint subnets.
iSessionAdvertisedRouteV2 This interface manages routes advertised for optimization reachable through the local endpoint of the WAN Optimization Module. Routes are advertised to all connected WAN Optimization Modules. The remote endpoints use the subnet configuration information to determine peer routing and optimization actions.
iSessionDatastor This interface configures the storage used by symmetric data deduplication and used by caching files sent in iSession traffic on the WAN.
iSessionDeduplication This interface configures symmetric data deduplication, which compresses iSession traffic on the WAN by identifying and removing repetitive data patterns.
iSessionLocalInterface The iSession Local interface enables you to work with the definitions and attributes contained in a device&aposs WAN Optimization Module local endpoint object. This interface includes an object key which is a Common::ULong value. This value is meaningless in itself, and since only one local endpoint can exist, it is of no real use. Its value is ignored in all methods in this interface.
iSessionPeerDiscovery The Dynamic Peer Discovery interface enables you to work with the definitions and attributes contained in a device&aposs endpoint discovery objects. This interface includes an object key which is a Common::ULong value. This value is meaningless in itself, and since only one endpoint discovery object can exist, it is of no real use. Its value is ignored in all methods in this interface.
iSessionRemoteInterface *IMPORTANT* This interface has been deprecated (as of 11.0.0) due to changing the key used to access iSession remote endpoints. Please use the iSessionRemoteInterfaceV2 interface in its stead. The iSession RemoteInterface interface enables you to work with the definitions and attributes contained in a device&aposs peer iSession Remote Endpoint objects.
iSessionRemoteInterfaceV2 Remote endpoint for the traffic from the local WAN Optimization Module endpoint. A single local endpoint can work with multiple remote endpoints.

Structures

Structure

Description

ProfileTunnelProtocol

A structure that specifies a tunnel protocol used in profile attributes.

Uuid_128

A struct that specifies the WOM 128 bit uuid as two unsigned 64bit values


Enumerations

Enumeration Description
FilterAction An enumeration of filter actions.
FlowControlType A list of flow control types.
IPCompAlgorithm An enumeration of compression algorithms for IP Payload Compression Protocol (IPComp).
IPsecDiffieHellmanGroup An enumeration of IPsec Diffie Hellman groups.
IPsecDirection An enumeration of IPsec direction types.
IPsecDynSaEncryptAlgorithm An enumeration of IPsec dynamic security association (SA) encryption algorithms.
IPsecIkeEncrAlgorithm An enumeration of encryption algorithms used for IKE phase 1 negotiation.
IPsecIkeHashAlgorithm An enumeration of IPsec security hash algorithms for IKE phase 1 negotiation.
IPsecIkeLogLevel An enumeration of IPsec IKE log levels.
IPsecIkePeerCertType An enumeration of IPsec IKE peer certificate types.
IPsecIkePeerGeneratePolicy An enumeration of IPsec peer generate policy settings.
IPsecIkePeerIDType An enumeration of IPsec IKE peer identifier types sent to the remote IKE agent to use in phase 1 negotiation.
IPsecIkePeerMode An enumeration of IPsec IKE exchange modes.
IPsecIkePeerNatTraversal An enumeration of IPsec IKE peer NAT traversal options.
IPsecIkeVersion An enumeration of IPsec IKE peer versions used to negotiate security associations for a IPsec Tunnel.
IPsecManSaEncrAlgorithm An enumeration of IPsec manual security association (SA) encryption algorithms.
IPsecMode An enumeration of IPsec modes.
IPsecProtocol An enumeration of IPsec protocols.
IPsecSaAuthAlgorithm An enumeration of IPsec dynamic security association (SA) authentication algorithms.
IPsecSaManAlgorithm An enumeration of IPsec manual security association authentication algorithms.
IPsecSaMethod An enumeration of the authentication methods used by IKE for phase 1 negotiation.
IPsecTrafficSelectorAction An enumeration of IPsec selector actions.
LearningMode A list of learning modes.
MediaStatus A list of interface media statuses.
MemberTagMode A list of member tag-mode types.
MemberTagType A list of member tagged/untagged types.
MemberType A list of member types.
PhyMasterSlaveMode A list of PHY master/slave relationship modes.
RouteEntryType A list of route entry types.
STPLinkType A list of Spanning Tree Protocol link types. The spanning tree algorithms include important optimizations that can only be used on point-to-point links, that is, on links which connect just two bridges. If these optimizations are used on shared links, incorrect or unstable behavior may result. By default, the implementation assumes that full-duplex links are point-to-point and that half-duplex links are shared.
STPModeType A list of Spanning Tree Protocol modes. The difference between STP_MODE_TYPE_DISABLED and STP_MODE_TYPE_PASSTHROUGH is that the pass-through mode forwards spanning tree bridge protocol data units (BPDUs) received on any interface to all other interfaces, whereas the disabled mode discards them.
STPRoleType A list of Spanning Tree Protocol role types.
STPStateType A list of Spanning Tree Protocol states.
TunnelProfileType A list of tunnel profile types.
TunnelProtocol An enumeration of tunneling IP protocols.

Exceptions

Exception Description

Constants

Constant Type Value Description

Aliases

Alias Type Description
FilterActionSequence FilterAction [] A sequence of filter actions.
FlowControlTypeSequence FlowControlType [] A sequence of FlowControlTypes.
IPCompAlgorithmSequence IPCompAlgorithm [] A sequence of IPComp compression algorithms.
IPsecDiffieHellmanGroupSequence IPsecDiffieHellmanGroup [] A sequence of IPsec Diffie Hellman group.
IPsecDirectionSequence IPsecDirection [] A sequence of IPsec directions.
IPsecDynSaEncryptAlgorithmSequence IPsecDynSaEncryptAlgorithm [] A sequence of IPsec dynamic security association encryption algorithms.
IPsecIkeEncrAlgorithmSequence IPsecIkeEncrAlgorithm [] A sequence of encryption algorithms used for IKE phase 1 negotiation.
IPsecIkeHashAlgorithmSequence IPsecIkeHashAlgorithm [] A sequence of IPsec security hash algorithms for IKE phase 1 negotiation.
IPsecIkeLogLevelSequence IPsecIkeLogLevel [] A sequence of IPsec IKE log levels.
IPsecIkePeerCertTypeSequence IPsecIkePeerCertType [] A sequence of IPsec IKE peer certificate types.
IPsecIkePeerGeneratePolicySequence IPsecIkePeerGeneratePolicy [] A sequence of IPsec peer generate policy settings.
IPsecIkePeerIDTypeSequence IPsecIkePeerIDType [] A sequence of IPsec IKE peer identifier types sent to the remote IKE agent to use in phase 1 negotiation.
IPsecIkePeerModeSequence IPsecIkePeerMode [] A sequence of IPsec IKE peer modes.
IPsecIkePeerNatTraversalSequence IPsecIkePeerNatTraversal [] A sequence of IPsec peer NAT traversal options.
IPsecIkeVersionSequence IPsecIkeVersion [] A sequence of IPsec IKE peer versions.
IPsecIkeVersionSequenceSequence IPsecIkeVersion [] [] A sequence of IPsec IKE peer version sequences.
IPsecManSaEncrAlgorithmSequence IPsecManSaEncrAlgorithm [] A sequence of IPsec manual security association encryption algorithms.
IPsecModeSequence IPsecMode [] A sequence of IPsec modes.
IPsecProtocolSequence IPsecProtocol [] A sequence of IPsec protocols.
IPsecSaAuthAlgorithmSequence IPsecSaAuthAlgorithm [] A sequence of IPsec security association authentication algorithms.
IPsecSaManAlgorithmSequence IPsecSaManAlgorithm [] A sequence of IPsec manual security association authentication algorithms.
IPsecSaMethodSequence IPsecSaMethod [] A sequence of IPsec security association authentication methods.
IPsecTrafficSelectorActionSequence IPsecTrafficSelectorAction [] A sequence of IPsec traffic selector actions.
LearningModeSequence LearningMode [] A sequence of learning modes.
MediaStatusSequence MediaStatus [] A sequence of interface media statii.
MemberTagModeSequence MemberTagMode [] A sequence of member tag modes.
MemberTagModeSequenceSequence MemberTagMode [] [] A sequence of member tag modes sequences.
MemberTagTypeSequence MemberTagType [] A sequence of member tag types.
MemberTypeSequence MemberType [] A sequence of member types.
PhyMasterSlaveModeSequence PhyMasterSlaveMode [] A sequence of PhyMasterSlaveMode.
ProfileTunnelProtocolSequence ProfileTunnelProtocol [] A sequence of profile tunnel protocols.
RouteEntryTypeSequence RouteEntryType [] A sequence of route entry types.
STPLinkTypeSequence STPLinkType [] A sequence of STP Link types.
STPModeTypeSequence STPModeType [] A sequence of STP Mode types.
STPRoleTypeSequence STPRoleType [] A sequence of STP role types.
STPRoleTypeSequenceSequence STPRoleType [] [] A sequence of STP role type sequences.
STPStateTypeSequence STPStateType [] A sequence of STP state types.
STPStateTypeSequenceSequence STPStateType [] [] A sequence of STP state type sequences.
TunnelProtocolSequence TunnelProtocol [] A sequence of tunneling IP protocols.
Uuid_128Sequence Uuid_128 [] A sequence of WOM name entries.

See Also

Warning

The links to the sample code below are remnants of the old DevCentral wiki and will result in a 404 error. For best results, please copy the link text and search the codeshare directly on DevCentral.

Sample Code


The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.