Applications: Frequently Asked Questions¶
This page of frequently asked questions is specific to application management using BIG-IP Next Central Manager, BIG-IP Next FAST or BIG-IP Next AS3.
BIG-IP Next Central Manager FAQ¶
Can I deploy an application using the declare endpoint and then update the application using the documents endpoint?¶
No, using the declare
endpoint means application services are managed declaratively on a per-instance basis, similar to BIG-IP AS3. These application services should be managed using the declare
endpoint throughout their lifecycle. This means if one of the application services is omitted from the payload, it will result in the application service being deleted.
If you instead want to manage application services one at a time, use the documents
endpoint when the application is initially created and deployed.
Can I deploy a combination of FAST and AS3 applications to a given BIG-IP Next instance?¶
Yes, BIG-IP Next Central Manager supports deploying a combination of FAST and AS3 application services to any specific BIG-IP Next instance. One important limitation to be aware of is that, AS3 application services created using the declare
endpoint which is a per-instance process, should not be modified with the documents
method, which is a per-application process, and vice versa.
What HTTP Methods does BIG-IP Next Central Manager support for the EA/LA releases?¶
Currently, BIG-IP Next Central Manager only supports the POST method in the EA/LA releases. This means you cannot yet use the PATCH or DELETE methods.
Additionally, BIG-IP Next does not support the /task endpoint. This endpoint is supported when using BIG-IP AS3 directly on BIG-IP Next.
BIG-IP AS3 FAQ¶
Where can I find additional BIG-IP AS3 example declarations?¶
You can find example declarations for BIG-IP AS3 on BIG-IP Next on the example BIG-IP AS3 declarations page. There is also a link to download a Postman Collection of example declarations.
Are there any characters I can’t use in a property name?¶
For property names, you cannot use spaces or special characters other than _.-]*$"
How do I upgrade the AppSvcs subsystem?¶
Currently, there is not a mechanism for upgrading a specific subsystem.
How does BIG-IP Next AS3 differ from BIG-IP AS3?¶
The BIG-IP Next AS3 schema is a subset of the schema supported by AS3 on BIG-IP systems. With the possible exception of minor edge cases, the AS3 schema on both platforms is the same, but BIG-IP Next AS3 does not support everything that BIG-IP AS3 does.
To see if a BIG-IP AS3 declaration works on BIG-IP Next, see Testing a BIG-IP AS3 declaration.
Where can I find more information and reference material for BIG-IP AS3?¶
For more information and reference material written for BIG-IP AS3, which generally applies to BIG-IP Next AS3, see the User Guide and Reference Guide.
Remember that BIG-IP Next AS3 is a subset of BIG-IP AS3, so not all information or example declarations will apply.
Can I use basic authentication when using BIG-IP Next AS3 APIs like you can for BIG-IP AS3 APIs?¶
Yes, BIG-IP Next AS3 supports Basic Authentication, as well as the more secure OAuth2 Authentication scheme. BIG-IP Next AS3 is designed to be backwards compatible with BIG-IP AS3 wherever possible.
I used a TLS_Server object in my BIG-IP AS3 declaration, why did it create a Client SSL profile on the BIG-IP?¶
The BIG-IP AS3 naming convention for TLS Server and TLS Client differs from traditional BIG-IP terminology to better comply with industry usage, but may be slightly confusing for long-time BIG-IP users. The BIG-IP AS3 TLS_Server class is for connections arriving to the BIG-IP, which creates a “client SSL profile” object on the BIG-IP. The BIG-IP AS3 TLS_Client class is for connections leaving the BIG-IP, which creates a “server SSL profile” on the BIG-IP.
Where can I find general troubleshooting information for BIG-IP Next AS3?¶
This Troubleshooting information page contains troubleshooting information for BIG-IP AS3 and BIG-IP FAST application templates.
How does BIG-IP Next AS3 handle a failover event in a High Availability scenario?¶
Since the BIG-IP Next AS3 service is running on both active and standby instances, as long as the floating cluster management control plane IP is being used a failover event should have no impact on the BIG-IP Next AS3 API or its usability. Additionally the BIG-IP Next AS3 service underlying containers report their health status using the system level container orchestration provider. This means if the core process is terminated for any reason the container will be restarted and brought back to a healthy state.
How does BIG-IP Next AS3 logging work in a High Availability scenario?¶
Logging works the same as in Standalone mode, simply use the floating custer control plane management IP and follow the steps listed on the troubleshooting page related to the section “How do I retrieve logs related to the BIG-IP AS3 module?”
What information about BIG-IP Next AS3 is provided in the QKView?¶
For now the QKView includes the log file for the BIG-IP Next AS3 service. As the QKView service expands and adds more hooks for collection, additional information such as version or health status may be available.
For guidance on collecting and uploading a QKView to iHealth see How to: Generate & download a QKView file for BIG-IP Next and upload to F5 iHealth or Support.
What happens if the BIG-IP Next AS3 service goes down briefly? Does this impact upstream services such as BIG-IP FAST?¶
If the BIG-IP Next AS3 service goes down briefly, any requests during that time period will fail. Once the BIG-IP Next S3 API is back up any requests made will resume normal operation.
How does BIG-IP Next AS3 determine which L3-network to reference when creating L4-clientsides and L4-serversides?¶
BIG-IP AS3 requires that certain networking configuration objects have already been created. Before using BIG-IP AS3, data-plane properties such as VLANs and self IPs as well as L2-network(s) and L3-network(s) must be configured on the BIG-IP Next instance. BIG-IP AS3 will not be able to apply any AS3 declarations without configuring these data-plane properties and at least one L3-network must be configured.
To determine the appropriate L3-network to reference when creating L4-clientsides and/or L4-serversides, AS3 will select one L3-network that already exists on the BIG-IP Next instance. AS3 uses the following logic to determine which L3-network to use:
If there is only one L3-network on the BIG-IP Next instance, then: AS3 will reference that L3-network.
If there are multiple L3-networks on the BIG-IP Next instance, and one of the L3-networks has set the isDefault property to true, then: AS3 will reference the L3-network that has isDefault set to true.
If there are multiple L3-networks on the BIG-IP Next instance, no L3-network with isDefault property set to true and multiple L3-network names contains the word default, then: AS3 will reference the first L3-network that contains default in its name.
If there are multiple L3-networks on the BIG-IP Next instance, no L3-network with isDefault property set to true and no L3-network has a name that contains the word default, then: AS3 will reference the first L3-network it sees.
Note: In either the 3rd or 4th case, BIG-IP AS3 logs a warning, informing the user it had to choose which L3-network to use, and includes which L3-network it chose. For example, 2023-02-22T23:06:15.472694950Z 2023-02-22 23:06:15 | warning Unable to determine default L3 Network. Chose to use: my-l3-network
Note: If no L3-network exists on the BIG-IP Next instance when BIG-IP AS3 receives a declaration, BIG-IP AS3 will return an HTTP 422 error to the caller, along with the following error message:
At least one L3-network object must be configured before applying a declaration
.
The following code block provides an illustration of which objects are required, and how BIG-IP AS3 references those objects.
GET /L1-networks/xxxx (created by network operator)
{
name: "my_l1_network",
vlans: [
{
name: "my_vlan01"
}
]
}
GET /L2-networks/xxxx (created by network operator)
{
name: "my-net:my_vlan01",
vlans: ["my_vlan01"]
}
GET /L3-networks/xxxx (created by network operator, queried on each declaration operation)
{
name: "default:all-networks",
l2Networks: ["my-net:my_vlan01"]
}
GET /L4-clientsides/xxxx (managed by AS3, created via declaration definition)
{
name: "tenant01:app01:service01",
l3Networks: ["deafult:all-networks"]
}
Is BIG-IP AS3 setting persistence value by default if I did not specify one a declaration?¶
BIG-IP AS3 does set certain defaults when configuring objects on BIG-IP Next. For example, BIG-IP AS3 sets the client-side persistence property to Source Address by default for all Services (in the next release of BIG-IP Next (v20), Service_HTTP and Service_HTTPS will default to cookie).
If you were not aware of this, you might notice the BIG-IP Next system is not distributing traffic in the way you would expect if using a load balancing method such as Round Robin.
To override the default setting for persistence and configure a Client Side without persistence, set the persistenceMethods property on the Service to an empty array. For example, "persistenceMethods": []
. Also see the No Persistence example on the Miscellaneous examples page.
You can view default values for objects in the Schema Reference.
What is the maximum number of characters for a property name in BIG-IP AS3?¶
The maximum length of a property name is 192 characters. This is less than the overall limit of property names in BIG-IP Next (currently 255 characters), as BIG-IP AS3 concatenates the Tenant, Application, and property names.
F5 BIG-IP FAST FAQ¶
What is BIG-IP FAST (F5 BIG-IP Next Application Services Templates)?¶
BIG-IP FAST provides a way to streamline deployment of applications on BIG-IP using templatized BIG-IP AS3 declarations.
BIG-IP FAST is:
A flexible and powerful templating system
An effective way to deploy applications on the BIG-IP system using BIG-IP AS3
A cross-platform successor to iApp templates, built on top of our declarative APIs
Seamless integration and insertion into CI/CD pipelines
Compatibility with modern development languages like Node.js and Python
See the BIG-IP FAST documentation for a more in-depth description of BIG-IP FAST (written for BIG-IP, not BIG-IP Next).
Do BIG-IP FAST templates use BIG-IP AS3?¶
BIG-IP FAST uses BIG-IP AS3 declarations to deploy applications and tenants. The declarative API represents the configuration which BIG-IP AS3 is responsible for creating on a BIG-IP system. Therefore, if you manually edit a BIG-IP FAST template outside of BIG-IP FAST using a method such as TMSH, the changes will be overwritten the next time BIG-IP FAST modifies the tenant. Once a BIG-IP FAST template is used to deploy an application and tenant on a BIG-IP, BIG-IP FAST should continue to be used for that application and tenant.
Where can I find a list of known issues with BIG-IP FAST?¶
All known issues are on GitHub as Issues for better tracking and visibility. See issues with a label of Known Issue in the BIG-IP FAST GitHub repo.
Does BIG-IP FAST collect any usage data?¶
BIG-IP FAST gathers non-identifiable usage data for the purposes of improving the product as outlined in the end user license agreement for BIG-IP. To opt out of data collection, disable the BIG-IP systems phone home feature as described in the “Disabling the Automatic Phone Home” section of K15000: Overview of the Automatic Update check and Automatic Phone Home features.
How are secrets handled in BIG-IP FAST templates?¶
When authoring a template, be cautious when entering sensitive data into your template such as passwords, certificates and monitor information to name a few. BIG-IP FAST templates are stored and sent in plain text, and offer no additional security for secrets on top of what BIG-IP AS3 provides. Therefore, careful consideration should be made when adding this type of data onto the template. See Secret for a detailed definition of BIG-IP AS3 secrets.