This section discusses the steps to configure wildcard VIP in a virtual service.
Wildcard VIP is supported through the UI and CLI.
Follow the steps below to configure Wildcard VIP through the CLI.
Enabling Wildcard VIP in Virtual Service Configuration
To enable wildcard VIP, the placement subnet is mandatory for the virtual service that is referring the inline virtual service VIP.
configure vsvip <vsvip_name> vip index 0 ip_address 10.0.0.0 prefix_length 8 save vrf_context_ref <vrf> tenant_ref <tenant> cloud_ref <cloud> save
The placement subnet is configured as shown below:
[admin:abc-ctrl-wildcard]: > show vsvip vsvip-wc-Default-Cloud +---------------------------+-------------------------------------------+ | Field | Value | +---------------------------+-------------------------------------------+ | uuid |vsvip-7524a40f-33d0-4e4e-8d20-193f31b8b39 | | name | vsvip-wc-Default-Cloud | | vip[1] | | | vip_id | | | ip_address | 10.0.0.0 | | enabled | True | | auto_allocate_ip | False | | auto_allocate_floating_ip | False | | avi_allocated_vip | False | | avi_allocated_fip | False | | auto_allocate_ip_type | V4_ONLY | | placement_networks[1] | | | network_ref | vxw-dvs-26-virtualwire-9-sid-2210008-wdc-| | |02-vc21-avi-dev001 | | subnet | 100.64.1.0/24 | | prefix_length | 8 | | vrf_context_ref | global | | east_west_placement | False | | tenant_ref | admin | | cloud_ref | Default-Cloud | +---------------------------+-------------------------------------------+ [admin:abc-ctrl-wildcard]: >
Configuring the Port Range
Port ranges can be configured as part of the service object of the virtual service. You can configure port 0 that accepts the complete port-range of 1-65535
.
configure virtualservice <vs-name> services port 0 save save
Configuring the Application Profile
In the application profile, a new field, preserve_dest_ip_port
has been introduced to enable the no-DNAT
functionality.
As firewalls expect the client traffic unchanged for validation, configure the application profile of the wildcard virtual service with preserve_client_ip
, preserve_client_port
, and preserve_destination_ip_port
.
Configure preserve_destination_ip_port
in the application profile.
configure applicationprofile <app_profile_name> preserve_dest_ip_port save
The application profile is configured as shown below:
[admin:abc-ctrl-wildcard]: > show applicationprofile test1 | grep preserve| | preserve_client_ip | True || preserve_client_port | True || preserve_dest_ip_port | True |
Configuring Routing Pool
To configure the routing pool,
configure pool <pool_name> routing_pool save
The configured routing pools appear as shown below:
[admin:abc-ctrl-wildcard]: > show pool test1 | grep routing_pool| | routing_pool| True | [admin:abc-ctrl-wildcard]: >