Application: Frequently Asked Questions

This page of frequently asked questions is specific to application management on BIG-IP Next using BIG-IP AS3 or BIG-IP FAST application templates.

BIG-IP AS3 FAQ

Where can I find additional BIG-IP AS3 example declarations?

You can find example declarations for BIG-IP AS3 on BIG-IP Next on the example BIG-IP AS3 declarations page. There is also a link to download a Postman Collection of example declarations.

Are there any characters I can’t use in a property name?

For property names, you cannot use spaces or special characters other than _.-]*$"

How do I upgrade the AppSvcs subsystem?

Currently, there is not a mechanism for upgrading a specific subsystem.

How does BIG-IP AS3 on BIG-IP Next differ from BIG-IP AS3 on Core BIG-IP systems?

BIG-IP AS3 on BIG-IP Next is a subset of BIG-IP AS3 on Core BIG-IP systems. With the possible exception of minor edge cases, BIG-IP AS3 on both platforms is the same, but BIG-IP AS3 on BIG-IP Next does not support everything that BIG-IP AS3 on Core BIG-IP systems does.

To see if a BIG-IP AS3 declaration works on BIG-IP Next, see Testing a BIG-IP AS3 declaration.

Where can I find more information and reference material for BIG-IP AS3?

For more information and reference material written for BIG-IP AS3 on Core BIG-IP systems, which generally applies to BIG-IP AS3 on BIG-IP Next, see the User Guide and Reference Guide.

Remember that BIG-IP AS3 on BIG-IP Next is a subset of BIG-IP AS3 on Core BIG-IP systems, so not all information or example declarations will apply.

Can I use basic authentication when using BIG-IP AS3 APIs on BIG-IP Next like you can for Core BIG-IP?

Yes, BIG-IP AS3 on BIG-IP Next supports Basic Authentication, as well as the more secure OAuth2 Authentication scheme. BIG-IP AS3 on BIG-IP Next is designed to be backwards compatible with BIG-IP AS3 on Core BIG-IP wherever possible.

I’m using sharedNodes on the Pool_Member class, why isn’t it working like it does in BIG-IP AS3 for Core BIG-IP?

Because of the differences in BIG-IP Next and Core BIG-IP, the sharedNotes property for pool members is not available for BIG-IP AS3 on BIG-IP Next. If you attempt to use sharedNodes for a pool member in a declaration on BIG-IP Next, the property does pass validation (to maintain compatibility), but is ignored.

I used a TLS_Server object in my BIG-IP AS3 declaration, why did it create a Client SSL profile on the BIG-IP?

The BIG-IP AS3 naming convention for TLS Server and TLS Client differs from traditional BIG-IP terminology to better comply with industry usage, but may be slightly confusing for long-time BIG-IP users. The BIG-IP AS3 TLS_Server class is for connections arriving to the BIG-IP, which creates a “client SSL profile” object on the BIG-IP. The BIG-IP AS3 TLS_Client class is for connections leaving the BIG-IP, which creates a “server SSL profile” on the BIG-IP.

Where can I find general troubleshooting information for BIG-IP AS3 on BIG-IP Next?

This Troubleshooting information page contains troubleshooting information for BIG-IP AS3 and BIG-IP FAST application templates.

How does BIG-IP AS3 handle a failover event in a High Availability scenario?

Since the BIG-IP AS3 service is running on both active and standby instances, as long as the floating cluster management control plane IP is being used a failover event should have no impact on the BIG-IP AS3 API or its usability. Additionally the BIG-IP AS3 service underlying containers report their health status using the system level container orchestration provider. This means if the core process is terminated for any reason the container will be restarted and brought back to a healthy state.

How does BIG-IP AS3 logging work in a High Availability scenario?

Logging works the same as in Standalone mode, simply use the floating custer control plane management IP and follow the steps listed on the troubleshooting page related to the section “How do I retrieve logs related to the BIG-IP AS3 module?”

What information about BIG-IP AS3 is provided in the QKView?

For now the QKView includes the log file for the BIG-IP AS3 service. As the QKView service expands and adds more hooks for collection, additional information such as version or health status may be available.

For guidance on collecting and uploading a QKView to iHealth see How to: Generate & download a QKView file for BIG-IP Next and upload to F5 iHealth or Support.

What happens if the BIG-IP AS3 service goes down briefly? Does this impact upstream services such as BIG-IP FAST?

If the BIG-IP AS3 service goes down briefly, any requests during that time period will fail. Once the BIG-IP AS3 API is back up any requests made will resume normal operation.

How does BIG-IP AS3 determine which L3-network to reference when creating L4-clientsides and L4-serversides?

BIG-IP AS3 requires that certain networking configuration objects have already been created. Before using BIG-IP AS3, data-plane properties such as VLANs and self IPs as well as L2-network(s) and L3-network(s) must be configured on the BIG-IP Next instance. BIG-IP AS3 will not be able to apply any AS3 declarations without configuring these data-plane properties and at least one L3-network must be configured.

To determine the appropriate L3-network to reference when creating L4-clientsides and/or L4-serversides, AS3 will select one L3-network that already exists on the BIG-IP Next instance. AS3 uses the following logic to determine which L3-network to use:

  1. If there is only one L3-network on the BIG-IP Next instance, then: AS3 will reference that L3-network.

  2. If there are multiple L3-networks on the BIG-IP Next instance, and exactly one L3-network name contains the word default, then: AS3 will reference the L3-network that contains default in its name

  3. If there are multiple L3-networks on the BIG-IP Next instance, and no L3-network has a name that contains the word default, then: AS3 will reference the first L3-network it sees

  4. If there are multiple L3-networks on the BIG-IP Next instance, and multiple L3-network names contains the word default, then: AS3 will reference the first L3-network that contains default in its name

Note: In either the 3rd or 4th case, BIG-IP AS3 logs a warning, informing the user it had to choose which L3-network to use, and includes which L3-network it chose. For example, 2023-02-22T23:06:15.472694950Z 2023-02-22 23:06:15 | warning Unable to determine default L3 Network. Chose to use: my-l3-network

Note: If no L3-network exists on the BIG-IP Next instance when BIG-IP AS3 receives a declaration, BIG-IP AS3 will return an HTTP 422 error to the caller, along with the following error message: At least one L3-network object must be configured before applying a declaration.

The following code block provides an illustration of which objects are required, and how BIG-IP AS3 references those objects.

GET /L1-networks/xxxx (created by network operator)
{
   name: "my_l1_network",
   vlans: [
      {
         name: "my_vlan01"
      }
   ]
}

GET /L2-networks/xxxx (created by network operator)
   {
      name: "my-net:my_vlan01",
      vlans: ["my_vlan01"]
   }

GET /L3-networks/xxxx (created by network operator, queried on each declaration operation)
{
   name: "default:all-networks",
   l2Networks: ["my-net:my_vlan01"]
}

GET /L4-clientsides/xxxx (managed by AS3, created via declaration definition)
{
   name: "tenant01:app01:service01",
   l3Networks: ["deafult:all-networks"]
}

Is BIG-IP AS3 setting persistence value by default if I did not specify one a declaration?

BIG-IP AS3 does set certain defaults when configuring objects on BIG-IP Next. For example, BIG-IP AS3 sets the client-side persistence property to Source Address by default for all Services (in the next release of BIG-IP Next (v20), Service_HTTP and Service_HTTPS will default to cookie).

If you were not aware of this, you might notice the BIG-IP Next system is not distributing traffic in the way you would expect if using a load balancing method such as Round Robin.

To override the default setting for persistence and configure a Client Side without persistence, set the persistenceMethods property on the Service to an empty array. For example, "persistenceMethods": []. Also see the No Persistence example on the Miscellaneous examples page.

You can view default values for objects in the Schema Reference.

What is the maximum number of characters for a property name in BIG-IP AS3?

The maximum length of a property name is 192 characters. This is less than the overall limit of property names in BIG-IP Next (currently 255 characters), as BIG-IP AS3 concatenates the Tenant, Application, and property names.


F5 BIG-IP FAST FAQ

What is BIG-IP FAST (F5 BIG-IP Next Application Services Templates)?

BIG-IP FAST provides a way to streamline deployment of applications on BIG-IP using templatized BIG-IP AS3 declarations.

BIG-IP FAST is:

  • A flexible and powerful templating system

  • An effective way to deploy applications on the BIG-IP system using BIG-IP AS3

  • A cross-platform successor to iApp templates, built on top of our declarative APIs

  • Seamless integration and insertion into CI/CD pipelines

  • Compatibility with modern development languages like Node.js and Python

See the BIG-IP FAST documentation for a more in-depth description of BIG-IP FAST (written for BIG-IP Core, not BIG-IP NEXT).

Do BIG-IP FAST templates use BIG-IP AS3?

BIG-IP FAST uses BIG-IP AS3 declarations to deploy applications and tenants. The declarative API represents the configuration which BIG-IP AS3 is responsible for creating on a BIG-IP system. Therefore, if you manually edit a BIG-IP FAST template outside of BIG-IP FAST using a method such as TMSH, the changes will be overwritten the next time BIG-IP FAST modifies the tenant. Once a BIG-IP FAST template is used to deploy an application and tenant on a BIG-IP, BIG-IP FAST should continue to be used for that application and tenant.

Where can I find a list of known issues with BIG-IP FAST?

All known issues are on GitHub as Issues for better tracking and visibility. See issues with a label of Known Issue in the BIG-IP FAST GitHub repo.

Does BIG-IP FAST collect any usage data?

BIG-IP FAST gathers non-identifiable usage data for the purposes of improving the product as outlined in the end user license agreement for BIG-IP. To opt out of data collection, disable the BIG-IP systems phone home feature as described in the “Disabling the Automatic Phone Home” section of K15000: Overview of the Automatic Update check and Automatic Phone Home features.

How are secrets handled in BIG-IP FAST templates?

When authoring a template, be cautious when entering sensitive data into your template such as passwords, certificates and monitor information to name a few. BIG-IP FAST templates are stored and sent in plain text, and offer no additional security for secrets on top of what BIG-IP AS3 provides. Therefore, careful consideration should be made when adding this type of data onto the template. See Secret for a detailed definition of BIG-IP AS3 secrets.


BIG-IP Next Central Manager FAQ

What HTTP Methods does BIG-IP Next Central Manager support for the EA/LA releases?

Currently, BIG-IP Next Central Manager only supports the POST method in the EA/LA releases. This means you cannot yet use the PATCH or DELETE methods.

Additionally, BIG-IP Next does not support the /task endpoint. This endpoint is supported when using BIG-IP AS3 directly on BIG-IP Next.