Composing a BIG-IP Declarative Onboarding declaration for a standalone BIG-IP

The most important part of using BIG-IP Declarative Onboarding is creating a declaration that includes the BIG-IP objects you want the system to configure.

To submit a BIG-IP Declarative Onboarding declaration, use a specialized RESTful API client such as Postman or a universal client such as cURL.

To transmit the declaration, you POST the declaration to the URI <BIG-IP IP address>/mgmt/shared/declarative-onboarding. If you are using a single NIC BIG-IP, include port 8443: <BIG-IP IP address>:8443/mgmt/shared/declarative-onboarding

Tip

You can use GET to the URI https://<BIG-IP>/mgmt/shared/declarative-onboarding to track whether a declaration is successful or get information on why it failed.

In this section, we first show the sample declaration, and then we break it down and describe its parts. If you are unfamiliar with any of the BIG-IP terminology, see the F5 Knowledge Center.

Additionally, see JSON Pointers for information on using JSON/BIG-IP Declarative Onboarding pointers in your declaration.

To see how to use BIG-IQ to license your BIG-IP VEs, see Composing a declaration for licensing BIG-IP with a BIG-IQ.

Important

Domain name resolution is used anywhere the declaration accepts a hostname. BIG-IP DO makes sure that any hostnames are resolvable and fails if they are not. The exception is deviceGroup.members, which do not require hostname resolution as they have been added to the trust)

Sample declaration for a standalone BIG-IP

In this section, we show an example of a standalone (non-clustered) declaration which configures some common system and networking components on the BIG-IP system. To see an example of the parts of a declaration that onboards a cluster of BIG-IPs, see Composing a BIG-IP Declarative Onboarding declaration for a cluster of BIG-IPs.

Tip

There may be additional properties available in some of the classes. Be sure to see the Appendix A: Schema Reference and Example Declarations for detailed information on each class and their associated properties.

This example is the entire declaration. The following sections break down each class of this example declaration.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
{
    "schemaVersion": "1.0.0",
    "class": "Device",
    "async": true,
    "webhook": "https://example.com/myHook",
    "label": "my BIG-IP declaration for declarative onboarding",
    "Common": {
        "class": "Tenant",
        "mySystem": {
            "class": "System",
            "hostname": "bigip.example.com",
            "cliInactivityTimeout": 1200,
            "consoleInactivityTimeout": 1200,
            "autoPhonehome": false
        },
        "myLicense": {
            "class": "License",
            "licenseType": "regKey",
            "regKey": "AAAAA-BBBBB-CCCCC-DDDDD-EEEEEEE"
        },
        "myDns": {
            "class": "DNS",
            "nameServers": [
                "8.8.8.8",
                "2001:4860:4860::8844"
            ],
            "search": [
                "f5.com"
            ]
        },
        "myNtp": {
            "class": "NTP",
            "servers": [
                "0.pool.ntp.org",
                "1.pool.ntp.org",
                "2.pool.ntp.org"
            ],
            "timezone": "UTC"
        },
        "root": {
            "class": "User",
            "userType": "root",
            "oldPassword": "default",
            "newPassword": "myNewPass1word"
        },
        "admin": {
            "class": "User",
            "userType": "regular",
            "password": "asdfjkl",
            "shell": "bash"
        },
        "guestUser": {
            "class": "User",
            "userType": "regular",
            "password": "guestNewPass1",
            "partitionAccess": {
                "Common": {
                    "role": "guest"
                }
            }
        },
        "anotherUser": {
            "class": "User",
            "userType": "regular",
            "password": "myPass1word",
            "shell": "none",
            "partitionAccess": {
                "all-partitions": {
                    "role": "guest"
                }
            }
        },
        "myProvisioning": {
            "class": "Provision",
            "ltm": "nominal",
            "gtm": "minimum"
        },
        "internal": {
            "class": "VLAN",
            "tag": 4093,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.2",
                    "tagged": true
                }
            ],
            "cmpHash": "dst-ip"
        },
        "internal-self": {
            "class": "SelfIp",
            "address": "10.10.0.100/24",
            "vlan": "internal",
            "allowService": "default",
            "trafficGroup": "traffic-group-local-only"
        },
        "external": {
            "class": "VLAN",
            "tag": 4094,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.1",
                    "tagged": true
                }
            ],
            "cmpHash": "src-ip"
        },
        "external-self": {
            "class": "SelfIp",
            "address": "10.20.0.100/24",
            "vlan": "external",
            "allowService": "none",
            "trafficGroup": "traffic-group-local-only"
        },
        "default": {
            "class": "Route",
            "gw": "10.10.0.1",
            "network": "default",
            "mtu": 1500
        },
        "managementRoute": {
            "class": "ManagementRoute",
            "gw": "192.0.2.4",
            "network": "192.0.2.1",
            "mtu": 1500
        },
        "myRouteDomain": {
            "class": "RouteDomain",
            "id": 100,
            "bandWidthControllerPolicy": "bwcPol",
            "connectionLimit": 5432991,
            "flowEvictionPolicy": "default-eviction-policy",
            "ipIntelligencePolicy": "ip-intelligence",
            "enforcedFirewallPolicy": "enforcedPolicy",
            "stagedFirewallPolicy": "stagedPolicy",
            "securityNatPolicy": "securityPolicy",
            "servicePolicy": "servicePolicy",
            "strict": false,
            "routingProtocols": [
                "RIP"
            ],
            "vlans": [
                "external"
            ]
        },
        "dbvars": {
            "class": "DbVariables",
            "ui.advisory.enabled": true,
            "ui.advisory.color": "green",
            "ui.advisory.text": "/Common/hostname"
        }
    }
}

Components of the declaration

In this section, we break down the example into each class so you can understand the options when composing your declaration. The tables below the examples contain descriptions and options for the parameters included in the example only.

If there is a default value, it is shown in bold in the Options column.

Tip

There may be additional properties available in some of the classes. Be sure to see the Appendix A: Schema Reference and Example Declarations for detailed information on each class and their associated properties.

Use the index in the left pane if you want to go directly to a particular class.

Base components

The first few lines of your declaration are a part of the base components and define top-level options. When you POST a declaration, depending on the complexity of your declaration and the modules you are provisioning, it may take some time before the system returns a success message. You can use the property “async”: “true”, in your declaration, and then use GET to poll for status.

For more information, see Device Class in the Schema Reference.

1
2
3
4
5
6
 {
     "schemaVersion": "1.0.0",
     "class": "Device",
     "async": true,
     "webhook": "https://example.com/myHook",
     "label": "my BIG-IP declaration for declarative onboarding",

Parameter Options Required? Description/Notes
schemaVersion string for version number Yes Version of Declarative Onboarding schema this declaration uses.
class Device Yes Indicates this JSON document is a Device declaration.
async true, false No If true, async tells the API to return a 202 HTTP status before processing is complete. You can then poll for status using GET.
webhook string (URL) No DO v1.6.0 and later. You can optionally specify the URL for a webhook. Once the declaration is finished processing, DO POSTs the response message to the specified endpoint. This feature works both on declarations that require and do not require a reboot to finish processing.
label string No Optional friendly label for this declaration.

Example of the request sent to the webhook

POST / HTTP/1.1
Content-Type: application/json

{
    "id": "a54b479c-9233-4ac3-b7bd-42f9e6d6e8e7",
    "selfLink": "https://localhost/mgmt/shared/declarative-onboarding/task/a54b479c-9233-4ac3-b7bd-42f9e6d6e8e7",
    "result": {
        "class": "Result",
        "code": 200,
        "status": "OK",
        "message": "success"
    },
    "declaration": {
        "schemaVersion": "1.0.0",
        "class": "Device",
        "webhook": "https://example.com/myHook",
        "async": false,
        "Common": {
            "class": "Tenant",
            "hostname": "bigip.example.com"
        }
    }
}

Common class

The next lines of the declaration set the partition (tenant) on the BIG-IP in which all other objects are placed. This must be Common. All of the other parameters in BIG-IP Declarative Onboarding are under this Common class.

While not strictly required, you must include Common and the tenant class to set any other parameters in BIG-IP Declarative Onboarding; therefore the required column is set to Yes for the Tenant class.

For more information, see Device Common Class in the Schema Reference.

Important

If you set a hostname in the Common class, you cannot use the hostname property in the System class (introduced in BIG-IP DO 1.8.0). We recommend using the System class for hostname (and have updated this example to move hostname to System).

Note

For the rest of the classes on this page, the required column in the tables applies only if you are using the class in the heading. None of the classes are required.

7
8
 "Common": {
     "class": "Tenant",

Parameter Options Required*? Description/Notes
class Tenant Yes Specifies the class for Common is a tenant. The name must be Common as in line 6.
hostname string No Hostname you want to set for this BIG-IP device (if you did NOT set hostname in the System class). Hostname is not included in this example because it is set in System.

* The required column applies only if you are using this class.


System class

The next lines of the declaration set the system-level options. This includes inactivity timeouts for CLI and Console sessions, and the ability to disable the phonehome property (see the table for details) in BIG-IP DO 1.10.0 and later.

For more information and new properties, see System Class in the Schema Reference. Also see The System Class example for an example declaration.

Important

If you set a hostname in the Common class, you cannot use the hostname property in the System class. We recommend using the System class for hostname

The name mySystem we use in this example is arbitrary; it is not used anywhere in the BIG-IP configuration. You can name this object anything, but it must have a name.

This snippet includes the autoCheck property which is not in the full declaration at the top of this page.

 9
10
11
12
13
14
15
16
 "mySystem": {
     "class": "System",
     "hostname": "bigip.example.com",
     "cliInactivityTimeout": 1200,
     "consoleInactivityTimeout": 1200,
     "autoCheck": false,
     "autoPhonehome": true
 },

Parameter Options Required*? Description/Notes
class System Yes Indicates that this property contains system information.
cliInactivityTimeout integer No Specifies automatic logout for idle users in TMSH interactive mode. A setting other than 0 automatically logs a user out after a specified number of seconds (multiples of 60). The default value 0 means that no timeout is set.
consoleInactivityTimeout integer No Specifies automatic logout for idle serial console sessions (command line sessions) in seconds. The default value 0 means that no timeout is set.
hostname string No Hostname (if you did NOT set hostname in the Common class) you want to set for this BIG-IP device. The default hostname on a new BIG-IP is bigip1.
autoCheck true, false No Enables the BIG-IP system to check for and recommend software updates. See K15000 for more information.
autoPhonehome true, false No Enables the BIG-IP system to send non-confidential, high-level device information to F5 in order to help determine product usage to optimize product development. Choose False to disable sending this information to F5.

* The required column applies only if you are using this class.


License class

The next lines of the declaration set the licensing options if you are using an F5 Bring Your Own License (BYOL). If your BIG-IP system already has a license (for example, you are using a pay-as-you-go (PAYG) license), you do not need this class. Contact your F5 sales representative if you require a license.

For more information and a full list of properties, see License Class in the Schema Reference.

The name myLicense we use in this example is arbitrary; it is not used anywhere in the BIG-IP configuration. You can name this object anything, but it must have a name.

BIG-IP Declarative Onboarding 1.24 introduced the optional chargebackTag property, the value of which is a text string that can be used as a charge back tag, making it easier to track license costs. BIG-IP Declarative Onboarding 1.38 introduced the revokeCurrent property, which allows you to revoke the current license when relicensing a BIG-IP.

New behavior in DO 1.37 If the BIG-IP has its license revoked outside of DO using tmsh revoke sys license, and a declaration is submitted with a license object, the BIG-IP now attempts to license the machine. Previously, if the license on the device had been revoked, the overwrite setting did not re-install the license.

Note that if the overwrite boolean is set to true, the BIG-IP will always attempt to license the machine.

16
17
18
19
20
 "myLicense": {
     "class": "License",
     "licenseType": "regKey",
     "regKey": "AAAAA-BBBBB-CCCCC-DDDDD-EEEEEEE"
 },

Parameter Options Required*? Description/Notes
class License Yes Indicates that this property contains licensing information.
licenseType regKey, licensePool Yes Indicates the type of license. This page only contains regKey (an F5 registration key) information. See Composing a declaration for licensing BIG-IP with a BIG-IQ for information on BIG-IQ License Pools.
reKey string Yes The valid F5 registration key to license this BIG-IP
addOnKeys array of strings No Any Add On keys for licensing this BIG-IP (not shown in the example)
overwrite true, false No Whether or not to overwrite the license if the device is already licensed (not shown in the example)
chargebackTag string No An optional string that can be used as a charge back tag (not shown in the example)

* The required column applies only if you are using this class.


DNS class

The next lines of the declaration set the DNS options on the BIG-IP system. For more information, see DNS Class in the Schema Reference.

The name myDNS we use in this example is arbitrary; it is not used anywhere in the BIG-IP configuration. You can name this object anything, but it must have a name.

Important

If you are configuring DNS in your declaration, BIG-IP Declarative Onboarding disables DHCP for DNS.

21
22
23
24
25
26
27
28
29
30
 "myDns": {
     "class": "DNS",
     "nameServers": [
         "8.8.8.8",
         "2001:4860:4860::8844"
     ],
     "search": [
         "f5.com"
     ]
 },

Parameter Options Required*? Description/Notes
class DNS Yes Indicates that this property contains DNS information.
nameServers array of strings No The nameServers property contains the IP address(es) of name servers to use for DNS, and can be either IPv4 or IPv6 addresses.
search array of strings No The search domain(s) you want to use for DNS. This must be in hostname format.

* The required column applies only if you are using this class.


NTP class

The next lines of the declaration set the NTP (network time protocol) options on the BIG-IP. For more information, see NTP Class in the Schema Reference.

The name myNTP we use in this example is arbitrary; it is not used anywhere in the BIG-IP configuration. You can name this object anything, but it must have a name.

Important

If you are configuring NTP in your declaration, BIG-IP Declarative Onboarding disables DHCP for NTP.

For instructions on how to get a current list of timezones on the BIG-IP, see https://support.f5.com/csp/article/K9098. To quickly view a static list that

31
32
33
34
35
36
37
38
39
 "myNtp": {
     "class": "NTP",
     "servers": [
         "0.pool.ntp.org",
         "1.pool.ntp.org",
         "2.pool.ntp.org"
     ],
     "timezone": "UTC"
 },

Parameter Options Required*? Description/Notes
class NTP Yes Indicates that this property contains NTP information.
servers array of strings No The servers property contain the IP address(es) or host name(s) of the NTP servers you want the BIG-IP to use. IP addresses can be either IPv4 or IPv6 addresses.
timezone string No The timezone you want to set on the BIG-IP system.

* The required column applies only if you are using this class.


User class

The next lines of the declaration create (or modify) the users and their associated roles and access control. For more information, see User Class in the Schema Reference.

If you are modifying the root password, you must supply the existing root password (default on a new BIG-IP). All other user accounts, including admin, do not have this requirement. As mentioned in the Prerequisites and Requirements, if you are using BIG-IP v14.0 or later, the root password may be the same as your admin password you reset before installing BIG-IP Declarative Onboarding.

Important

The following examples include passwords that may not be valid for BIG-IP v14.0 and later. See BIG-IP Secure Password Policy for specific requirements.

The keys property is not included in the example at the top of this page, so the line numbers for this section will not line up with that example.

Note

DO 1.35 introduced the forceInitialPasswordChange property for the User class. See the User class example for details.

40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
 "root": {
     "class": "User",
     "userType": "root",
     "oldPassword": "default",
     "newPassword": "myNewPass1word",
     "keys": [
         "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwHJLJY+/U/ioAAAADAQABAAACAQCwHJLJY+z0Rb85in7Ean6JS2J9dzo1nSssm7ZyQvGgc1e7EVtztbVpHThsvw92+1hx9wlSogXN6Co5zrtqlN8/mvlQkRRQ+sp2To8PcSMeEVI+TqBOg6BWbwwNQLz9/eUJq2o4vBfSpsn7GSDIf6C3F9EahRPGCR/z0kw5GZob3Q== test2",
         "ssh-rsa AAAAB3NzaC1yc2EAu2Gr14xRiVLnG8KxNp2fO1/U/ioAz0Rb85in7Ean6JS2J9dzo1nSssm7ZyQvGgc1e7EVtztbVpHThsvw92+/mvlQkRRQ+sp2To8PcSMeEVI+TqBOg6BWbwwNQLzu2Gr14xRiVLnG8KxNp2fO19/eUJq2o4vBfSpsn7GSDIf6C3F9EahRPGCR/z0kw5GZob3Q== test"
     ]

 },
 "admin": {
     "class": "User",
     "userType": "regular",
     "password": "asdfjkl",
     "shell": "bash"
 },
 "guestUser": {
     "class": "User",
     "userType": "regular",
     "password": "guestNewPass1",
     "partitionAccess": {
         "Common": {
             "role": "guest"
         }
     },
     "keys": [
         "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwHJLJY+/U/ioAAAADAQABAAACAQCwHJLJY+z0Rb85in7Ean6JS2J9dzo1nSssm7ZyQvGgc1e7EVtztbVpHThsvw92+1hx9wlSogXN6Co5zrtqlN8/mvlQkRRQ+sp2To8PcSMeEVI+TqBOg6BWbwwNQLz9/eUJq2o4vBfSpsn7GSDIf6C3F9EahRPGCR/z0kw5GZob3Q== test2",
         "ssh-rsa AAAAB3NzaC1yc2EAu2Gr14xRiVLnG8KxNp2fO1/U/ioAz0Rb85in7Ean6JS2J9dzo1nSssm7ZyQvGgc1e7EVtztbVpHThsvw92+/mvlQkRRQ+sp2To8PcSMeEVI+TqBOg6BWbwwNQLzu2Gr14xRiVLnG8KxNp2fO19/eUJq2o4vBfSpsn7GSDIf6C3F9EahRPGCR/z0kw5GZob3Q== test"
     ]
 },
 "anotherUser": {
     "class": "User",
     "userType": "regular",
     "password": "myPass1word",
     "shell": "none",
     "partitionAccess": {
         "all-partitions": {
             "role": "guest"
         }
     }
 },

Parameter Options Required*? Description/Notes
class User Yes Indicates that this property contains user information.
userType root, regular (any non-root user) Yes The type of user you want to add. Use regular for any non-root user
oldPassword string (root only) Yes (root) The existing root password. By default on a new BIG-IP, the root password is default. For root user only.
newPassword string (root only) Yes (root) The new root password. For root user only. See BIG-IP Secure Password Policy for requirements for BIG-IP 14.0 and later.
password string (non-root only) Yes The password you want to set for the non-root user. See BIG-IP Secure Password Policy for requirements for BIG-IP 14.0 and later.
partitionAccess object (must contain a partition and role) No PartitionAccess allows you to restrict non-root users to a partition (only Common in v1.0.0, Common or All Partitions in v1.1.0 and later) and role on the BIG-IP. The first line under partitionAccess must contain the name of the partition.
role admin, auditor, guest, manager, operator, user-manager, application-editor, certificate-manager, irule-manager, no-access, resource-admin Yes The BIG-IP user role you want to assign to the user. See User Role documentation for information on specific user roles. Required if you are using partitionAccess.
shell tmsh, bash, none (non-root only) No The shell you want the user to be able to use. The default is tmsh. In Declarative Onboarding 1.1.0 and later, you can use none when creating non-root users.
keys array of strings No DO 1.5.0+ only: An array of public keys for the user. The authorized_keys file will be overwritten with this value (note default of []). If the user is root, the primary key will be preserved. See Keys example

* The required column applies only if you are using this class.


Provision class

The next lines of the declaration set the provisioning options on the BIG-IP. For information on the available modules, see F5 product modules, and for information on provisioning levels, see Provisioning Levels. By default, the BIG-IP has the Local Traffic Manager (ltm) provisioned as nominal. For more information, see Provision Class in the Schema Reference.

The name myProvisioning we use in this example is arbitrary; it is not used anywhere in the BIG-IP configuration. You can name this object anything, but it must have a name.

Note

Provisioning CGNAT is currently only available in TMOS versions 15.0 and later.
Provisioning SSL Orchestrator (SSLO) is available in BIG-IP DO 1.11 and later.

73
74
75
76
77
 "myProvisioning": {
         "class": "Provision",
         "ltm": "nominal",
         "gtm": "minimum"
 },

Parameter Options Required*? Description/Notes
class Provision Yes Indicates that this property contains provisioning information.
<module>:<level> Modules: class, afm, am, apm, asm, avr, dos, fps, gtm, ilx, lc, ltm, pem, swg, urldb, cgnat (v15+), sslo (DO 1.11+)
Level: dedicated, nominal, minimum, none
Yes Individually list the modules you want to provision on this BIG-IP and the level of licensing for each module. Your BIG-IP must have enough memory and space for the modules you provision.

* The required column applies only if you are using this class.


VLAN class

The next lines of the declaration configure VLANs on the BIG-IP system. In this case, the name you give the VLAN class is used for the name of the VLAN on the BIG-IP. For more information, see VLAN Class in the Schema Reference.

New in BIG-IP DO 1.7.0 and later BIG-IP Declarative Onboarding v1.7.0 and later includes the cmp-hash property, which is not included in this example declaration. For information on this property, see the table below the example, and CMP Hash example.

78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
 "external": {
     "class": "VLAN",
     "tag": 1234,
     "mtu": 1500,
     "interfaces": [
         {
             "name": "1.1",
             "tagged": true
         }
     ]
 },
 "internal": {
     "class": "VLAN",
     "tag": 4093,
     "mtu": 1500,
     "interfaces": [
         {
             "name": "1.2",
             "tagged": true
         }
     ]
 },
Parameter Options Required*? Description/Notes
class VLAN Yes Indicates that this property contains VLAN configuration.
tag integer No Tag for the VLAN. Must be a minimum of 1 and a maximum of 4094. If set, the VLAN defaults the tagged parameter to true.
mtu integer No The maximum transmission unit (mtu) for the VLAN. Must be a minimum of 576 and a maximum of 9198.
interfaces string Yes Interfaces for the VLAN.
name string Yes The name for the interface, such as 1.1 or 1.2.
tagged true, false No Specifies whether or not the interface is tagged. Default is true if a VLAN tag is provided, otherwise false.
cmp-hash default, dst-ip, src-ip No This optional setting allows all connections from a client system to use the same set of TMMs, improving system performance. You can choose source or destination IP, or default which specifies that the default CMP hash uses L4 ports. See CMP Hash example.

* The required column applies only if you are using this class.


Self IP class

The next lines of the declaration configure self IP address(es) on the BIG-IP system. In this case, the name you give the Self IP class is used for the name of the Self IP on the BIG-IP.

Important

Beginning with DO 1.36.0, the default value for allowService on a self IP address changed from default to none. This change helps DO be more secure and consistent with TMSH.

For more information, see NTP Class in the Schema Reference.

 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
 "external-self": {
     "class": "SelfIp",
     "address": "192.0.2.4/24",
     "vlan": "external",
     "allowService": "none",
     "trafficGroup": "traffic-group-local-only"
 },
 "internal-self": {
     "class": "SelfIp",
     "address": "10.10.0.100/24",
     "vlan": "internal",
     "allowService": "default",
     "trafficGroup": "traffic-group-local-only"
 },
Parameter Options Required*? Description/Notes
class SelfIp Yes Indicates that this property contains self IP configuration.
address string (IPv4/IPv6 address, optional %RD and/or /masklen) Yes IP address you want to use for the self IP address. You can optionally include a route domain and/or a mask length.
vlan string Yes The VLAN to which the self IP should be associated. This field should match any VLANs you are including in this declaration.
allowService all, none, default, or array of <service:port> No Specifies which services (ports) to allow on the self IP. For the external-self, we use none.
trafficGroup traffic-group-local-only, traffic-group-1 No Traffic group for the Self IP.

* The required column applies only if you are using this class.


Route class

The next lines of the declaration configure routes on the BIG-IP system. In this case, the name you give the Route class is used for the name of the route on the BIG-IP. For more information, see Route Class in the Schema Reference.

In this example, we use the name default, which sets the default route on the BIG-IP system. If you want to create a different route, simply use a unique name (something other than default).

116
117
118
119
120
121
     "default": {
         "class": "Route",
         "gw": "10.10.0.1",
         "network": "default",
         "mtu": 1500
     },
Parameter Options Required*? Description/Notes
class Route Yes Indicates that this property contains route configuration.
gw string (IPv4 or IPv6 address) Yes Gateway for the route.
network string (IPv4/IPv6 address, optional %RD and/or /masklen), default, or default-inet6 No IP address/netmask for route. The default network is default.
mtu integer No The maximum transmission unit (mtu) for the VLAN. Must be a minimum of 0 and a maximum of 9198.

* The required column applies only if you are using this class.


Management Route class

The next lines of the declaration configure the management route on the BIG-IP system. For specific information on management routes, see BIG-IP Management Routes in the BIG-IP Routing Administration guide.

For more information, see Management Route Class in the Schema Reference.

122
123
124
125
126
127
128
     "managementRoute": {
         "class": "ManagementRoute",
         "gw": "192.0.2.4",
         "network": "192.0.2.1",
         "mtu": 1000,
         "type": "interface"
     },
Parameter Options Required*? Description/Notes
class managementRoute Yes Indicates that this property contains management route configuration.
gw string (IPv4 or IPv6 address) Yes Gateway for the route.
network string (IPv4/IPv6 address, optional %RD and/or /masklen), default, or default-inet6 No IP address/netmask for route. The default network is default.
mtu integer No The maximum transmission unit (mtu) for the VLAN. Must be a minimum of 0 and a maximum of 9198.
type string (interface, blackhole) No Type of the management route

* The required column applies only if you are using this class.


Route Domain class

The next lines of the declaration configure route domains on the BIG-IP system. For specific information on Route Domains, see the Route Domain documentation. For more information on Route Domains in BIG-IP DO, see Route Domain Class in the Schema Reference.

With Route Domains, the id is required, and you use the id as an identifier in other parts of the declaration. You can see a specific example of this in Route Domain example.

128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
     "myRouteDomain": {
         "class": "RouteDomain",
         "id": 100,
         "bandWidthControllerPolicy": "bwcPol",
         "connectionLimit": 5432991,
         "flowEvictionPolicy": "default-eviction-policy",
         "ipIntelligencePolicy": "ip-intelligence",
         "enforcedFirewallPolicy": "enforcedPolicy",
         "stagedFirewallPolicy": "stagedPolicy",
         "securityNatPolicy": "securityPolicy",
         "servicePolicy": "servicePolicy",
         "strict": false,
         "routingProtocols": [
             "RIP"
         ],
         "vlans": [
             "newVlan"
         ]
     },
Parameter Options Required*? Description/Notes
class RouteDomain Yes Indicates that this property contains route domain configuration.
id integer Yes Specifies a unique numeric identifier for the route domain.
bandWidthControllerPolicy string No Specifies the bandwidth controller policy for the route domain
connectionLimit integer (min/default: 0, max 4294967295) No The connection limit for the route domain
flowEvictionPolicy string No Specifies a flow eviction policy for the route domain to use
ipIntelligencePolicy string No Specifies an IP intelligence policy for the route domain to use
enforcedFirewallPolicy string No Specifies an enforced firewall policy on the route domain
stagedFirewallPolicy string No Specifies a staged firewall policy on the route domain
securityNatPolicy string No Specifies the security NAT policy for the route domain
servicePolicy string No Specifies the service policy for the route domain
strict boolean (true) No Determines whether a connection can span route domains
routingProtocols array of strings (BFD, BGP, IS-IS, OSPFv2, OSPFv3, PIM, RIP, RIPng) No Specifies routing protocols for the system to use in the route domain
vlan array of strings No Specifies VLANS for the system to use in the route domain

* The required column applies only if you are using this class.


DB Variable class

The next lines of the declaration enable the ability to set arbitrary database variables in a declaration. You simply supply a name and a value for the database variable you want to use. For more information, see DB Variables Class in the Schema Reference.


147
148
149
150
151
152
153
154
             "dbvars": {
                 "class": "DbVariables",
                 "ui.advisory.enabled": true,
                 "ui.advisory.color": "green",
                 "ui.advisory.text": "/Common/hostname"
             }
         }
     }
Parameter Options Required*? Description/Notes
class DbVariables Yes Indicates that this property contains global db variable configuration.
propertyNames string Yes The name of the db variable.
additionalProperties string Yes The value to set for the db variable.

* The required column applies only if you are using this class.