bigip_sslo_service_http fails to create service with /28 netmask

[megamattzilla]

COMPONENT NAME

bigip_sslo_service_http

Environment

ANSIBLE VERSION

ansible [core 2.12.2]
  config file = None
  configured module search path = ['/home/azureuser/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/azureuser/python3.8-ansible/lib/python3.8/site-packages/ansible
  ansible collection location = /home/azureuser/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/azureuser/python3.8-ansible/bin/ansible
  python version = 3.8.5 (default, Jan 27 2021, 15:41:15) [GCC 9.3.0]
  jinja version = 3.0.3
  libyaml = True

BIGIP VERSION

Sys::Version
Main Package
  Product     BIG-IP
  Version     16.1.3.3
  Build       0.0.3
  Edition     Point Release 3
  Date        Thu Dec 22 12:07:59 PST 2022

CONFIGURATION

OS / ENVIRONMENT

Ubuntu 20.04.3

SUMMARY

When using bigip_sslo_service_http module, it cannot create an HTTP service which uses a /28 netmask.

STEPS TO REPRODUCE

  tasks:
    - name: Create a HTTP service
      bigip_sslo_service_http:
        name: "proxy1a"
        devices_to:
            vlan: "/Common/serviceChain1_in"
            self_ip: "172.23.3.4"
            netmask: "255.255.255.240"
        devices_from:
            vlan: "/Common/serviceChain1_out"
            self_ip: "172.23.3.17"
            netmask: "255.255.255.240"
        devices:
          - ip: "172.23.3.10"
        snat: none
        proxy_type: "explicit"
        auth_offload: false
        ip_family: "ipv4"
        service_down_action: "ignore"

EXPECTED RESULTS

Service is created with /28 netmask

ACTUAL RESULTS

The task fails with the below error:  

"msg": "CREATE operation error: 1ae1906d-687b-4a57-8bb9-fb98a8e36a3e : [OrchestratorConfigProcessor] Deployment failed for Error: [HAAwareICRDeployProcessor] Error: transaction failed:01070354:3: Self IP 172.23.3.4 / 255.255.255.128: This network is defined on two vlans (/Common/serviceChain1_in and /Common/serviceChain1_out)"

[G-gonzalezjimenez]

Thanks for reporting this, added to our jira backlog with INFRAANO-1152 for tracking. We will keep you posted.

[megamattzilla]

This same issue seems to be present in the similar module bigip_sslo_service_layer3.

Will this fix also apply to this other module? When using a netmask other than /25 we see the same error message because it is forcing us to use a /25 netmask.

[megamattzilla]

After looking into this some more- I think this is a TMOS limitation. The SSLO auto manage address feature seems to automatically default to /25 netmask and you cannot change it.

Example SSLO UI:

This issue is solved by disabling auto managed address on the service. We have a seperate git issue for that #63 .

If git issue #63 allows us to disable auto manage address and reference an existing self-ip, we wont run into the netmask issue.