Non-HTTP Services¶
This section contains relatively simple examples of declarations that create non-HTTP services or objects, such as TCP, UDP, and so on.
Use the index on the right to locate specific examples.
1: UDP virtual service¶
This example is for a UDP DNS load balancer service, and creates the following objects on the BIG-IP:
- Partition (tenant) named Sample_non_http_01.
- A UDP virtual server named serviceMain on port 53.
- A pool named Pool1 monitored by the default ICMP health monitor.
{
"class": "AS3",
"action": "deploy",
"declaration": {
"class": "ADC",
"schemaVersion": "3.0.0",
"id": "UDP_DNS_Sample",
"label": "UDP_DNS_Sample",
"remark": "Sample of a UDP DNS Load Balancer Service",
"Sample_non_http_01": {
"class": "Tenant",
"DNS_Service": {
"class": "Application",
"template": "udp",
"serviceMain": {
"class": "Service_UDP",
"virtualPort": 53,
"virtualAddresses": [
"10.1.20.121"
],
"pool": "Pool1"
},
"Pool1": {
"class": "Pool",
"monitors": [
"icmp"
],
"members": [
{
"servicePort": 53,
"serverAddresses": [
"10.1.10.100"
]
},
{
"servicePort": 53,
"serverAddresses": [
"10.1.10.101"
]
}
]
}
}
}
}
}
2: TCP load-balanced to ICAP with custom monitor¶
This example creates the following objects on the BIG-IP:
- Partition (tenant) named Sample_non_http_02.
- A TCP virtual server named serviceMain on port 1344 (called _A1 in the BIG-IP GUI).
- A TCP profile using the mptcp-mobile-optimized parent.
- A pool named svc_pool containing two members (also using port 1344).
- A custom TCP health monitor with custom Send and Receive strings for ICAP.
{
"class": "AS3",
"action": "deploy",
"persist": true,
"declaration": {
"class": "ADC",
"schemaVersion": "3.0.0",
"id": "123456abcd",
"label": "Sample TCP 1",
"remark": "TCP load-balanced to ICAP with custom monitor",
"Sample_non_http_02": {
"class": "Tenant",
"A1": {
"class": "Application",
"template": "tcp",
"serviceMain": {
"class": "Service_TCP",
"virtualAddresses": [
"10.0.5.10"
],
"virtualPort": 1344,
"pool": "svc_pool"
},
"svc_pool": {
"class": "Pool",
"monitors": [{
"use": "icap_monitor"
}],
"members": [{
"servicePort": 1344,
"serverAddresses": [
"192.0.5.10",
"192.0.5.11"
]
}]
},
"icap_monitor": {
"class": "Monitor",
"monitorType": "tcp",
"send": "OPTIONS icap://icap.example.net/ ICAP/1.0\r\nUser-Agent: f5-ADC\r\n\r\n",
"receive": "ICAP/1.0 200 OK",
"adaptive": false
}
}
}
}
}
3: Using BIG-IP DNS features in a declaration¶
This example shows how you can use some BIG-IP DNS features (DNS profiles, TSIG keys, DNS Zones, Nameservers) in an AS3 declaration. The DNS features we use in this declaration are well-documented in the BIG-IP DNS Services: Implementations guide, so for specific information, see this documentation. Also see the Schema Reference for usage options for using these features in your AS3 declarations.
This declaration creates the following objects on the BIG-IP:
- Partition (tenant) named Sample_non_http_03.
- A virtual server named serviceMain.
- A DNS Zone that uses DNS Express.
- A DNS Nameserver Zone.
- A DNS TSIG Key using the hmacmd5 algorithm.
{
"class": "ADC",
"updateMode": "selective",
"schemaVersion": "3.0.0",
"id": "DNS",
"Sample_non_http_03": {
"class": "Tenant",
"TEST_DNS_Zone": {
"class": "Application",
"template": "generic",
"dnsZone": {
"class": "DNS_Zone",
"label": "dnsZone",
"remark": "DNS Zone test",
"dnsExpress": {
"enabled": true,
"nameserver": {
"use": "dnsNameserverZone"
},
"notifyAction": "consume",
"allowNotifyFrom": [
"10.1.1.1"
],
"verifyNotifyTsig": false
},
"responsePolicyEnabled": true,
"serverTsigKey": {
"use": "tsigKeyZone"
},
"transferClients": [
{
"use": "dnsNameserverZone"
}
]
},
"dnsNameserverZone": {
"class": "DNS_Nameserver",
"label": "dnsNameserverZone",
"remark": "A DNS Nameserver",
"address": "10.1.1.2",
"port": 53,
"routeDomain": {
"bigip": "/Common/0"
},
"tsigKey": {
"use": "tsigKeyZone"
}
},
"tsigKeyZone": {
"class": "DNS_TSIG_Key",
"label": "tsigKeyZone",
"remark": "TSIG Key test",
"algorithm": "hmacmd5",
"secret": {
"ciphertext": "ZjVmNQ==",
"miniJWE": true,
"protected": "eyJhbGciOiJkaXIiLCJlbmMiOiJub25lIn0",
"ignoreChanges": true,
"allowReuse": false
}
}
}
},
"DNS_PROFILE_1": {
"class": "Tenant",
"DNS_PROFILE_1": {
"class": "Application",
"template": "udp",
"serviceMain": {
"class": "Service_UDP",
"virtualPort": 80,
"virtualAddresses": [
"198.19.192.210"
],
"profileUDP": {
"use": "profileUdp"
},
"profileDNS": {
"use": "profileDnsHW"
}
},
"profileDnsHW": {
"class": "DNS_Profile",
"label": "profileDnsHW",
"remark": "DNS Profile test",
"parentProfile": {
"bigip": "/Common/dns"
},
"rapidResponseEnabled": false,
"rapidResponseLastAction": "allow",
"hardwareQueryValidationEnabled": true,
"hardwareResponseCacheEnabled": true,
"dnssecEnabled": false,
"globalServerLoadBalancingEnabled": false,
"dnsExpressEnabled": false,
"cacheEnabled": false,
"dns64Mode": "secondary",
"dns64Prefix": "0:0:0:0:0:0:0:0",
"dns64AdditionalSectionRewrite": "any",
"unhandledQueryAction": "drop",
"localBindServerEnabled": false,
"zoneTransferEnabled": true,
"recursionDesiredEnabled": false,
"securityEnabled": false,
"loggingEnabled": false,
"statisticsSampleRate": 20
},
"profileUdp": {
"class": "UDP_Profile",
"datagramLoadBalancing": true
}
}
}
}
4: Using a FIX profile and data groups in a declaration¶
This example shows how you can create a FIX (Financial Information eXchange) Profile which is commonly used for electronic trading. It also shows how the tag substitution mapping can be configured using data groups. Note: Some FIX features may require appropriate licensing. For more information, see https://www.f5.com/pdf/solution-profiles/fix-solution-profile.pdf. This declaration creates the following objects on the BIG-IP:
- Partition (tenant) named Sample_non_http_04.
- A standard TCP service named serviceMain with a pool named poolWeb.
- A FIX Profile.
- A tag substitution mapping using data groups.
- Three types of referenced data groups: (new) internal, (new) external, and an external data group from an existing data-group file.
{
"class": "ADC",
"schemaVersion": "3.0.0",
"id": "profileFix",
"label": "sample 23 FIX profile",
"remark": "Sample Application with FIX Profile",
"Sample_non_http_04": {
"class": "Tenant",
"appWeb": {
"class": "Application",
"template": "tcp",
"serviceMain": {
"class": "Service_TCP",
"virtualAddresses": [
"192.0.2.21"
],
"virtualPort": 100,
"pool": "poolWeb",
"profileTCP": "normal",
"profileFIX": {
"use": "profileFIXcustom"
}
},
"poolWeb": {
"class": "Pool",
"monitors": [
"tcp-half-open"
],
"members": [
{
"servicePort": 80,
"serverAddresses": [
"192.0.2.12",
"192.0.2.13"
]
}
]
},
"profileFIXcustom": {
"class": "FIX_Profile",
"label": "test",
"parentProfile": {
"bigip": "/Common/fix"
},
"errorAction": "drop-connection",
"fullLogonParsingEnabled": false,
"messageLogPublisher": {
"bigip": "/Common/local-db-publisher"
},
"reportLogPublisher": {
"bigip": "/Common/local-db-publisher"
},
"quickParsingEnabled": true,
"responseParsingEnabled": true,
"statisticsSampleInterval": 45,
"senderTagMappingList": [
{
"senderId": "ExistingInternalDG",
"tagDataGroup": {
"bigip": "/Common/testInternalDG"
}
},
{
"senderId": "ExistingExternalDG",
"tagDataGroup": {
"bigip": "/Common/testExternalDG",
"isExternal": true
}
},
{
"senderId": "RefInternalDG",
"tagDataGroup": {
"use": "dataGroupRefInternal"
}
},
{
"senderId": "RefExternalDG",
"tagDataGroup": {
"use": "dataGroupRefExternal"
}
},
{
"senderId": "RefExternalDGFile",
"tagDataGroup": {
"use": "dataGroupRefExistingFileNoDG"
}
}
]
},
"dataGroupRefInternal": {
"class": "Data_Group",
"label": "Tag values mapping",
"storageType": "internal",
"name": "Internal Int",
"keyDataType": "integer",
"records": [
{
"key": 121212,
"value": "Summer"
},
{
"key": 3434,
"value": "Internal Field: \"see guide\""
}
]
},
"dataGroupRefExternal": {
"class": "Data_Group",
"label": "From URL or file path",
"storageType": "external",
"keyDataType": "string",
"externalFilePath": "http://yourfile.yourdomain.com",
"ignoreChanges": true,
"separator": ":"
},
"dataGroupRefExistingFileNoDG": {
"class": "Data_Group",
"label": "From existing data-group file",
"storageType": "external",
"keyDataType": "string",
"dataGroupFile": {
"bigip": "/Common/{{dataGroupFileName}}"
}
}
}
}
}
5: Using tcpOptions in a TCP Profile¶
This simple example declaration shows how you use TCP Options for use in a TCP profile. This allows to specify which of the TCP Header option number fields should be collected and stored for iRules. First and Last determines if the first or last appearance of the field is stored. For information on TCP Options, see https://www.iana.org/assignments/tcp-parameters/tcp-parameters.xml. For information on using TCP options in iRules, see https://devcentral.f5.com/articles/accessing-tcp-options-from-irules.
- Partition (tenant) named Sample_non_http_06.
- A TCP profile named pTcpOptions that uses tcpOptions.
{
"class": "ADC",
"schemaVersion": "3.6.0",
"id": "TEST_TCP_OPTIONS",
"Sample_non_http_06": {
"class": "Tenant",
"TEST_TCP_Profile": {
"class": "Application",
"template": "generic",
"pTcpOptions" : {
"class": "TCP_Profile",
"tcpOptions": [
{
"option": 8,
"when": "first"
},
{
"option": 28,
"when": "last"
}
]
}
}
}
}
6: Using GSLB features in a declaration¶
This example shows how you use F5s Global Server Load Balancing (GSLB) features in a declaration. You must have BIG-IP DNS (formerly GTM) provisioned to use these features. See the Schema Reference for usage options and additional features for GSLB.
Warning
When using GSLB features, you must be aware of the items pointed out in Warnings, notably AS3 completely overwrites non-AS3 topologies when a declaration is submitted.
This declaration creates the following objects on the BIG-IP:
- Partition (tenant) named Sample_non_http_05.
- A GSLB wide IP (domain) named example.edu with an alias of another.example.
- A GSLB pool named testPool monitored by both the http and https health monitors.
- A GSLB data center named testDataCenter.
- A GSLB server named testServer with a device and two virtual servers.
{
"class": "ADC",
"schemaVersion": "3.6.0",
"id": "GSLB_Sample",
"Sample_non_http_05": {
"class": "Tenant",
"Application": {
"class": "Application",
"template": "generic",
"testDomain": {
"class": "GSLB_Domain",
"domainName": "example.edu",
"aliases": [
"another.example*" ],
"resourceRecordType": "A",
"poolLbMode": "ratio",
"pools": [
{ "use": "testPool" }
]
},
"testPool": {
"class": "GSLB_Pool",
"enabled": false,
"lbModeAlternate": "ratio",
"lbModeFallback": "ratio",
"manualResumeEnabled": true,
"verifyMemberEnabled": false,
"qosHitRatio": 10,
"qosHops": 11,
"qosKbps": 8,
"qosLinkCapacity": 35,
"qosPacketRate": 5,
"qosRoundTripTime": 75,
"qosTopology": 3,
"qosVirtualServerCapacity": 2,
"qosVirtualServerScore": 1,
"members": [
{
"ratio": 10,
"server": {
"use": "/Common/Shared/testServer"
},
"virtualServer": "0"
}
],
"bpsLimit": 5,
"bpsLimitEnabled": true,
"ppsLimit": 4,
"ppsLimitEnabled": true,
"connectionsLimit": 3,
"connectionsLimitEnabled": true,
"maxAnswersReturned": 10,
"monitors": [
{
"bigip": "/Common/http"
},
{
"bigip": "/Common/https"
}
],
"resourceRecordType": "A",
"fallbackIP": "1.1.1.1"
}
}
},
"Common": {
"class": "Tenant",
"Shared": {
"class": "Application",
"template": "shared",
"testDataCenter": {
"class": "GSLB_Data_Center"
},
"testServer": {
"class": "GSLB_Server",
"dataCenter": {
"use": "testDataCenter"
},
"devices": [
{
"address": "1.2.3.7"
}
],
"virtualServers": [
{
"address": "1.2.3.8",
"port": 5050
},
{
"address": "2001:0db8:85a3:0000:0000:8a2e:0370:7334",
"port": 5051
}
]
}
}
}
}
7: Service Discovery for virtual servers in GSLB Servers¶
This simple example shows how you can use Service Discovery to automatically discover virtual servers in GSLB Servers. You must have BIG-IP DNS (formerly GTM) provisioned to use these features. See GSLB Server in the Schema Reference for usage options and additional features for GSLB.
Warning
When using GSLB features, you must be aware of the items pointed out in Warnings, notably AS3 completely overwrites non-AS3 topologies when a declaration is submitted.
This declaration creates the following objects on the BIG-IP (note that this declaration doesn’t not create a tenant, but uses the Common tenant as required for some GSLB features):
- A GSLB data center named testDataCenter.
- A GSLB server named testServer with one device, virtualServerDiscoveryMode set to enabled-no-delete (which only allows Service Discovery to add or modify, but not delete), and exposeRouteDomainsEnabled set to true (which allows virtual servers from all route domains to be auto-discovered).
{
"class": "ADC",
"schemaVersion": "3.11.0",
"id": "GSLB_VS_Discovery",
"Common": {
"class": "Tenant",
"Shared": {
"class": "Application",
"template": "shared",
"testDataCenter": {
"class": "GSLB_Data_Center"
},
"testServer": {
"class": "GSLB_Server",
"dataCenter": {
"use": "testDataCenter"
},
"devices": [{ "address": "10.10.10.10"}],
"virtualServerDiscoveryMode": "enabled-no-delete",
"exposeRouteDomainsEnabled": true
}
}
}
}
8: Creating a DNS cache in a declaration¶
This example shows how can create a DNS cache in a declaration (in versions prior to 3.13 you could reference a cache, but not create one). A DNS Cache allows the system to more quickly respond to repeated DNS queries. See the Configuring DNS Caching chapter of the BIG-IP DNS Implementation guide for detailed information.
You must have BIG-IP DNS (formerly GTM) provisioned to use these features.
See DNS_Cache in the Schema Reference for usage options and additional features for DNS Cache.
This declaration creates the following objects on the BIG-IP:
- Partition (tenant) named Example_DNS_Cache.
- A DNS Cache object named DNSCache_example that contains a number of options. See DNS_Cache for details.
{
"class": "ADC",
"schemaVersion": "3.13.0",
"id": "DNS_Cache",
"Example_DNS_Cache": {
"class": "Tenant",
"Application": {
"class": "Application",
"template": "generic",
"DNSCache_example": {
"class": "DNS_Cache",
"remark": "DNS Cache",
"answerDefaultZones": true,
"msgCacheSize": 0,
"recordCacheSize": 1,
"recordRotationMethod": "query-id",
"localZones": {
"norecords.com": {
"type": "transparent",
"records": []
},
"onerecord.com": {
"type": "transparent",
"records": [
"wiki.onerecord.com 300 IN A 10.10.10.124"
]
},
"tworecords.com": {
"type": "transparent",
"records": [
"wiki.tworecords.com 300 IN A 10.10.10.125",
"wiki.tworecords.com 300 IN A 10.10.10.126"
]
}
},
"type": "transparent"
}
}
}
}