This section discusses the steps to configure wildcard VIP in a virtual service.

Wildcard VIP is supported through the UI and CLI.

Follow the steps below to configure Wildcard VIP through the CLI.

Enabling Wildcard VIP in Virtual Service Configuration

  1. To enable wildcard VIP, the placement subnet is mandatory for the virtual service that is referring the inline virtual service VIP.

configure vsvip <vsvip_name>
    vip index 0
    ip_address 10.0.0.0
    prefix_length 8
    save 
    vrf_context_ref <vrf>
    tenant_ref <tenant>
    cloud_ref <cloud>
save

The placement subnet is configured as shown below:

[admin:abc-ctrl-wildcard]: > show vsvip vsvip-wc-Default-Cloud
+---------------------------+-------------------------------------------+
| Field                     | Value                                     |                      
+---------------------------+-------------------------------------------+
| uuid                       |vsvip-7524a40f-33d0-4e4e-8d20-193f31b8b39 |    
| name                       | vsvip-wc-Default-Cloud                   |                        
| vip[1]                     |                                          |                                                               
|   vip_id                   |                                          |                  
|   ip_address               | 10.0.0.0                                 |                  
|   enabled                  | True                                     |                                                         
|   auto_allocate_ip         | False                                    |                                                    
|  auto_allocate_floating_ip | False                                    | 
|   avi_allocated_vip        | False                                    |                   
|   avi_allocated_fip        | False                                    |                    
|   auto_allocate_ip_type    | V4_ONLY                                  |                                                
|   placement_networks[1]    |                                          |                                                             
|     network_ref            | vxw-dvs-26-virtualwire-9-sid-2210008-wdc-|     
|                            |02-vc21-avi-dev001                        |   
|     subnet                 | 100.64.1.0/24                            |                                       
|   prefix_length            | 8                                        |                                                         
| vrf_context_ref            | global                                   |                                                     
| east_west_placement        | False                                    |                                                     
| tenant_ref                 | admin                                    |                                                        
| cloud_ref                  | Default-Cloud                            |
+---------------------------+-------------------------------------------+
[admin:abc-ctrl-wildcard]: >                                            

Configuring the Port Range

Port ranges can be configured as part of the service object of the virtual service. You can configure port 0 that accepts the complete port-range of 1-65535.

configure virtualservice <vs-name>
     services
        port 0
     save
save

Configuring the Application Profile

In the application profile, a new field, preserve_dest_ip_port has been introduced to enable the no-DNAT functionality.

As firewalls expect the client traffic unchanged for validation, configure the application profile of the wildcard virtual service with preserve_client_ip, preserve_client_port, and preserve_destination_ip_port.

Configure preserve_destination_ip_port in the application profile.

configure applicationprofile <app_profile_name>
    preserve_dest_ip_port
save

The application profile is configured as shown below:

[admin:abc-ctrl-wildcard]: > 
show applicationprofile test1          | grep preserve|                                                                         
| preserve_client_ip                   | True         || preserve_client_port                 | True         || preserve_dest_ip_port                | True         |

Configuring Routing Pool

To configure the routing pool,

configure pool <pool_name>
    routing_pool
save

The configured routing pools appear as shown below:

[admin:abc-ctrl-wildcard]: > show pool test1 | grep routing_pool|
| routing_pool| True             |                                                       
[admin:abc-ctrl-wildcard]: >