Added - Support for ESP & ICMP traffic support in NLB

Author: antonyselvajohnson-thyineshma

examples/network_load_balancer/network_load_balancer_full/nlb_full.tf

@@ -409,6 +409,32 @@ resource "oci_network_load_balancer_backend_set" "nlb-bes3" {
   depends_on = [oci_network_load_balancer_backend_set.nlb-bes2]
 }
 
+resource "oci_network_load_balancer_backend_set" "nlb-bes4" {
+  name                     = "nlb-bes4"
+  network_load_balancer_id = oci_network_load_balancer_network_load_balancer.nlb1.id
+  policy                   = "THREE_TUPLE"
+  is_fail_open = false
+  is_instant_failover_enabled = true
+  is_preserve_source = true
+
+  health_checker {
+    port                = "53"
+    protocol            = "DNS"
+    timeout_in_millis   = 10000
+    interval_in_millis  = 10000
+    retries             = 3
+    dns {
+      domain_name = "oracle.com"
+      query_class = "IN"
+      query_type = "A"
+      rcodes = ["NOERROR", "SERVFAIL"]
+      transport_protocol = "UDP"
+    }
+  }
+  depends_on = [oci_network_load_balancer_backend_set.nlb-bes3]
+}
+
+
 resource "oci_network_load_balancer_listener" "nlb-listener1" {
   network_load_balancer_id    = oci_network_load_balancer_network_load_balancer.nlb1.id
   name                        = "tcp_listener"
@@ -417,7 +443,7 @@ resource "oci_network_load_balancer_listener" "nlb-listener1" {
   protocol                    = "TCP"
   tcp_idle_timeout            = 360
   is_ppv2enabled	          = true
-  depends_on = [oci_network_load_balancer_backend_set.nlb-bes3]
+  depends_on = [oci_network_load_balancer_backend_set.nlb-bes4]
 }
 
 resource "oci_network_load_balancer_listener" "nlb-listener2" {
@@ -441,6 +467,18 @@ resource "oci_network_load_balancer_listener" "nlb-listener3" {
   depends_on = [oci_network_load_balancer_listener.nlb-listener2]
 }
 
+resource "oci_network_load_balancer_listener" "nlb-listener4" {
+  network_load_balancer_id    = oci_network_load_balancer_network_load_balancer.nlb1.id
+  name                        = "l3_ip_listener"
+  default_backend_set_name    = oci_network_load_balancer_backend_set.nlb-bes4.name
+  port                        = 0
+  protocol                    = "L3IP"
+  tcp_idle_timeout            = 240
+  udp_idle_timeout            = 180
+  l3ip_idle_timeout           = 360
+  depends_on = [oci_network_load_balancer_listener.nlb-listener3]
+}
+
 resource "oci_network_load_balancer_backend" "nlb-be1" {
   network_load_balancer_id = oci_network_load_balancer_network_load_balancer.nlb1.id
   backend_set_name         = oci_network_load_balancer_backend_set.nlb-bes1.name
@@ -450,7 +488,7 @@ resource "oci_network_load_balancer_backend" "nlb-be1" {
   is_drain                 = false
   is_offline               = false
   weight                   = 1
-  depends_on = [oci_network_load_balancer_listener.nlb-listener3]
+  depends_on = [oci_network_load_balancer_listener.nlb-listener4]
 }
 
 resource "oci_network_load_balancer_backend" "nlb-be2" {

internal/integrationtest/network_load_balancer_listener_test.go

@@ -74,9 +74,26 @@ var (
 		"ip_version":               acctest.Representation{RepType: acctest.Optional, Create: `IPV4`},
 	}
 
+	NetworkLoadBalancerL3IPListenerRepresentation = map[string]interface{}{
+		"default_backend_set_name": acctest.Representation{RepType: acctest.Required, Create: `${oci_network_load_balancer_backend_set.test_backend_set.name}`},
+		"name":                     acctest.Representation{RepType: acctest.Required, Create: `example_listener`},
+		"network_load_balancer_id": acctest.Representation{RepType: acctest.Required, Create: `${oci_network_load_balancer_network_load_balancer.test_network_load_balancer.id}`},
+		"port":                     acctest.Representation{RepType: acctest.Required, Create: `0`, Update: `0`},
+		"tcp_idle_timeout":         acctest.Representation{RepType: acctest.Optional, Create: `180`, Update: `240`},
+		"udp_idle_timeout":         acctest.Representation{RepType: acctest.Optional, Create: `180`, Update: `300`},
+		"l3ip_idle_timeout":        acctest.Representation{RepType: acctest.Optional, Create: `200`, Update: `400`},
+		"protocol":                 acctest.Representation{RepType: acctest.Required, Create: `L3IP`},
+		"ip_version":               acctest.Representation{RepType: acctest.Optional, Create: `IPV4`},
+		"is_ppv2enabled":           acctest.Representation{RepType: acctest.Optional, Create: `false`, Update: `true`},
+	}
+
 	NetworkLoadBalancerListenerResourceDependencies = acctest.GenerateResourceFromRepresentationMap("oci_core_subnet", "test_subnet", acctest.Required, acctest.Create, CoreSubnetRepresentation) +
 		acctest.GenerateResourceFromRepresentationMap("oci_core_vcn", "test_vcn", acctest.Required, acctest.Create, CoreVcnRepresentation) +
-		acctest.GenerateResourceFromRepresentationMap("oci_network_load_balancer_backend_set", "test_backend_set", acctest.Required, acctest.Create, NetworkLoadBalancerBackendSetRepresentation) +
+		acctest.GenerateResourceFromRepresentationMap("oci_network_load_balancer_backend_set", "test_backend_set", acctest.Required, acctest.Create,
+			acctest.RepresentationCopyWithNewProperties(NetworkLoadBalancerBackendSetRepresentation, map[string]interface{}{
+				"is_preserve_source": acctest.Representation{RepType: acctest.Optional, Create: `true`},
+				"policy":             acctest.Representation{RepType: acctest.Required, Create: `TWO_TUPLE`, Update: `THREE_TUPLE`},
+			})) +
 		acctest.GenerateResourceFromRepresentationMap("oci_network_load_balancer_network_load_balancer", "test_network_load_balancer", acctest.Required, acctest.Create, NetworkLoadBalancerNetworkLoadBalancerRepresentation)
 )
 
@@ -199,7 +216,6 @@ func TestNetworkLoadBalancerListenerResource_basic(t *testing.T) {
 				},
 			),
 		},
-
 		// verify updates to updatable parameters
 		{
 			Config: config + compartmentIdVariableStr + NetworkLoadBalancerListenerResourceDependencies +
@@ -228,6 +244,62 @@ func TestNetworkLoadBalancerListenerResource_basic(t *testing.T) {
 			Config: config + compartmentIdVariableStr + NetworkLoadBalancerListenerResourceDependencies,
 		},
 
+		// verify L3IP Listener create with optionals
+		{
+			Config: config + compartmentIdVariableStr + NetworkLoadBalancerListenerResourceDependencies +
+				acctest.GenerateResourceFromRepresentationMap("oci_network_load_balancer_listener", "test_listener", acctest.Optional, acctest.Create, NetworkLoadBalancerL3IPListenerRepresentation),
+			Check: acctest.ComposeAggregateTestCheckFuncWrapper(
+				resource.TestCheckResourceAttrSet(resourceName, "default_backend_set_name"),
+				resource.TestCheckResourceAttr(resourceName, "ip_version", "IPV4"),
+				resource.TestCheckResourceAttr(resourceName, "is_ppv2enabled", "false"),
+				resource.TestCheckResourceAttr(resourceName, "name", "example_listener"),
+				resource.TestCheckResourceAttrSet(resourceName, "network_load_balancer_id"),
+				resource.TestCheckResourceAttr(resourceName, "port", "0"),
+				resource.TestCheckResourceAttr(resourceName, "protocol", "L3IP"),
+				resource.TestCheckResourceAttr(resourceName, "tcp_idle_timeout", "180"),
+				resource.TestCheckResourceAttr(resourceName, "udp_idle_timeout", "180"),
+				resource.TestCheckResourceAttr(resourceName, "l3ip_idle_timeout", "200"),
+
+				func(s *terraform.State) (err error) {
+					resId, err = acctest.FromInstanceState(s, resourceName, "id")
+					if isEnableExportCompartment, _ := strconv.ParseBool(utils.GetEnvSettingWithDefault("enable_export_compartment", "true")); isEnableExportCompartment {
+						if errExport := resourcediscovery.TestExportCompartmentWithResourceName(&resId, &compartmentId, resourceName); errExport != nil {
+							return errExport
+						}
+					}
+					return err
+				},
+			),
+		},
+		// verify L3IP updates to updatable parameters
+		{
+			Config: config + compartmentIdVariableStr + NetworkLoadBalancerListenerResourceDependencies +
+				acctest.GenerateResourceFromRepresentationMap("oci_network_load_balancer_listener", "test_listener", acctest.Optional, acctest.Update, NetworkLoadBalancerL3IPListenerRepresentation),
+			Check: acctest.ComposeAggregateTestCheckFuncWrapper(
+				resource.TestCheckResourceAttrSet(resourceName, "default_backend_set_name"),
+				resource.TestCheckResourceAttr(resourceName, "is_ppv2enabled", "true"),
+				resource.TestCheckResourceAttr(resourceName, "ip_version", "IPV4"),
+				resource.TestCheckResourceAttr(resourceName, "name", "example_listener"),
+				resource.TestCheckResourceAttrSet(resourceName, "network_load_balancer_id"),
+				resource.TestCheckResourceAttr(resourceName, "port", "0"),
+				resource.TestCheckResourceAttr(resourceName, "protocol", "L3IP"),
+				resource.TestCheckResourceAttr(resourceName, "tcp_idle_timeout", "240"),
+				resource.TestCheckResourceAttr(resourceName, "udp_idle_timeout", "300"),
+				resource.TestCheckResourceAttr(resourceName, "l3ip_idle_timeout", "400"),
+				func(s *terraform.State) (err error) {
+					resId2, err = acctest.FromInstanceState(s, resourceName, "id")
+					if resId != resId2 {
+						return fmt.Errorf("Resource recreated when it was supposed to be updated.")
+					}
+					return err
+				},
+			),
+		},
+		// delete before next Create
+		{
+			Config: config + compartmentIdVariableStr + NetworkLoadBalancerListenerResourceDependencies,
+		},
+
 		// verify Create with optionals
 		{
 			Config: config + compartmentIdVariableStr + NetworkLoadBalancerListenerResourceDependencies +

internal/integrationtest/network_load_balancer_network_load_balancer_test.go

@@ -156,8 +156,18 @@ func TestNetworkLoadBalancerNetworkLoadBalancerResource_basic(t *testing.T) {
 	var resId, resId2 string
 
 	acctest.ResourceTest(t, testAccCheckNetworkLoadBalancerNetworkLoadBalancerDestroy, []resource.TestStep{
+		// Initialize Tag dependencies: After a tag is created, if it is defined in the resource immediately, a 400-InvalidParameter error due to invalid tags may be returned.
+		// However, this error is not observed if we wait for some time. To prevent the issue, a preconfigured 30-second wait is added.
+		{
+			Config: config + compartmentIdVariableStr + DefinedTagsDependencies,
+		},
+
 		// verify Create with optionals
 		{
+			//wait for 30 sec
+			PreConfig: func() {
+				time.Sleep(30 * time.Second)
+			},
 			Config: config + compartmentIdVariableStr + NetworkLoadBalancerNetworkLoadBalancerResourceDependencies + NetworkLoadBalancerReservedIpDependencies +
 				acctest.GenerateResourceFromRepresentationMap("oci_network_load_balancer_network_load_balancer", "test_network_load_balancer", acctest.Optional, acctest.Create, networkLoadBalancerRepresentationIpv6),
 			Check: acctest.ComposeAggregateTestCheckFuncWrapper(

internal/service/network_load_balancer/network_load_balancer_listener_data_source.go

@@ -84,6 +84,10 @@ func (s *NetworkLoadBalancerListenerDataSourceCrud) SetData() error {
 		s.D.Set("is_ppv2enabled", *s.Res.IsPpv2Enabled)
 	}
 
+	if s.Res.L3IpIdleTimeout != nil {
+		s.D.Set("l3ip_idle_timeout", *s.Res.L3IpIdleTimeout)
+	}
+
 	if s.Res.Name != nil {
 		s.D.Set("name", *s.Res.Name)
 	}

internal/service/network_load_balancer/network_load_balancer_listener_resource.go

@@ -69,6 +69,11 @@ func NetworkLoadBalancerListenerResource() *schema.Resource {
 				Optional: true,
 				Computed: true,
 			},
+			"l3ip_idle_timeout": {
+				Type:     schema.TypeInt,
+				Optional: true,
+				Computed: true,
+			},
 			"tcp_idle_timeout": {
 				Type:     schema.TypeInt,
 				Optional: true,
@@ -145,6 +150,11 @@ func (s *NetworkLoadBalancerListenerResourceCrud) Create() error {
 		request.IsPpv2Enabled = &tmp
 	}
 
+	if l3IpIdleTimeout, ok := s.D.GetOkExists("l3ip_idle_timeout"); ok {
+		tmp := l3IpIdleTimeout.(int)
+		request.L3IpIdleTimeout = &tmp
+	}
+
 	if name, ok := s.D.GetOkExists("name"); ok {
 		tmp := name.(string)
 		request.Name = &tmp
@@ -351,6 +361,11 @@ func (s *NetworkLoadBalancerListenerResourceCrud) Update() error {
 		request.IsPpv2Enabled = &tmp
 	}
 
+	if l3IpIdleTimeout, ok := s.D.GetOkExists("l3ip_idle_timeout"); ok {
+		tmp := l3IpIdleTimeout.(int)
+		request.L3IpIdleTimeout = &tmp
+	}
+
 	if listenerName, ok := s.D.GetOkExists("name"); ok {
 		tmp := listenerName.(string)
 		request.ListenerName = &tmp
@@ -437,6 +452,10 @@ func (s *NetworkLoadBalancerListenerResourceCrud) SetData() error {
 		s.D.Set("is_ppv2enabled", *s.Res.IsPpv2Enabled)
 	}
 
+	if s.Res.L3IpIdleTimeout != nil {
+		s.D.Set("l3ip_idle_timeout", *s.Res.L3IpIdleTimeout)
+	}
+
 	if s.Res.Name != nil {
 		s.D.Set("name", *s.Res.Name)
 	}
@@ -490,6 +509,10 @@ func NlbListenerSummaryToMap(obj oci_network_load_balancer.ListenerSummary) map[
 		result["is_ppv2enabled"] = bool(*obj.IsPpv2Enabled)
 	}
 
+	if obj.L3IpIdleTimeout != nil {
+		result["l3ip_idle_timeout"] = int(*obj.L3IpIdleTimeout)
+	}
+
 	if obj.Name != nil {
 		result["name"] = string(*obj.Name)
 	}

website/docs/d/network_load_balancer_backend_set.html.markdown

@@ -36,16 +36,16 @@ The following arguments are supported:
 
 The following attributes are exported:
 
-* `backends` - Array of backends. 
-	* `ip_address` - The IP address of the backend server. Example: `10.0.0.3`
-	* `is_backup` - Whether the network load balancer should treat this server as a backup unit. If `true`, then the network load balancer forwards no ingress traffic to this backend server unless all other backend servers not marked as "isBackup" fail the health check policy.  Example: `false`
-	* `is_drain` - Whether the network load balancer should drain this server. Servers marked "isDrain" receive no incoming traffic.  Example: `false`
-	* `is_offline` - Whether the network load balancer should treat this server as offline. Offline servers receive no incoming traffic.  Example: `false`
-	* `name` - A read-only field showing the IP address/IP OCID and port that uniquely identify this backend server in the backend set.  Example: `10.0.0.3:8080`, or `ocid1.privateip..oc1.<var>&lt;unique_ID&gt;</var>:443` or `10.0.0.3:0`
-	* `port` - The communication port for the backend server.  Example: `8080`
-	* `target_id` - The IP OCID/Instance OCID associated with the backend server. Example: `ocid1.privateip..oc1.<var>&lt;unique_ID&gt;</var>`
-	* `weight` - The network load balancing policy weight assigned to the server. Backend servers with a higher weight receive a larger proportion of incoming traffic. For example, a server weighted '3' receives three times the number of new connections as a server weighted '1'. For more information about load balancing policies, see [How Network Load Balancing Policies Work](https://docs.cloud.oracle.com/iaas/Content/Balance/Reference/lbpolicies.htm).  Example: `3`
-* `health_checker` - The health check policy configuration. For more information, see [Editing Health Check Policies](https://docs.cloud.oracle.com/iaas/Content/Balance/Tasks/editinghealthcheck.htm).
+* `backends` - An array of backends. 
+	* `ip_address` - The IP address of the backend server. Example: `10.0.0.3` 
+	* `is_backup` - Whether the network load balancer should treat this server as a backup unit. If `true`, then the network load balancer forwards no ingress traffic to this backend server unless all other backend servers not marked as "isBackup" fail the health check policy.  Example: `false` 
+	* `is_drain` - Whether the network load balancer should drain this server. Servers marked "isDrain" receive no incoming traffic.  Example: `false` 
+	* `is_offline` - Whether the network load balancer should treat this server as offline. Offline servers receive no incoming traffic.  Example: `false` 
+	* `name` - A read-only field showing the IP address/IP OCID and port that uniquely identify this backend server in the backend set.  Example: `10.0.0.3:8080`, or `ocid1.privateip..oc1.<var>&lt;unique_ID&gt;</var>:443` or `10.0.0.3:0` 
+	* `port` - The communication port for the backend server.  Example: `8080` 
+	* `target_id` - The IP OCID/Instance OCID associated with the backend server. Example: `ocid1.privateip..oc1.<var>&lt;unique_ID&gt;</var>` 
+	* `weight` - The network load balancing policy weight assigned to the server. Backend servers with a higher weight receive a larger proportion of incoming traffic. For example, a server weighted '3' receives three times the number of new connections as a server weighted '1'. For more information about load balancing policies, see [How Network Load Balancing Policies Work](https://docs.cloud.oracle.com/iaas/Content/Balance/Reference/lbpolicies.htm).  Example: `3` 
+* `health_checker` - The health check policy configuration. For more information, see [Editing Health Check Policies](https://docs.cloud.oracle.com/iaas/Content/Balance/Tasks/editinghealthcheck.htm). 
 	* `dns` - DNS healthcheck configurations.
 		* `domain_name` - The absolute fully-qualified domain name to perform periodic DNS queries. If not provided, an extra dot will be added at the end of a domain name during the query. 
 		* `query_class` - The class the dns health check query to use; either IN or CH.  Example: `IN` 

website/docs/d/network_load_balancer_backend_sets.html.markdown

@@ -38,15 +38,15 @@ The following attributes are exported:
 
 The following attributes are exported:
 
-* `backends` - Array of backends. 
-	* `ip_address` - The IP address of the backend server. Example: `10.0.0.3`
-	* `is_backup` - Whether the network load balancer should treat this server as a backup unit. If `true`, then the network load balancer forwards no ingress traffic to this backend server unless all other backend servers not marked as "isBackup" fail the health check policy.  Example: `false`
-	* `is_drain` - Whether the network load balancer should drain this server. Servers marked "isDrain" receive no incoming traffic.  Example: `false`
-	* `is_offline` - Whether the network load balancer should treat this server as offline. Offline servers receive no incoming traffic.  Example: `false`
-	* `name` - A read-only field showing the IP address/IP OCID and port that uniquely identify this backend server in the backend set.  Example: `10.0.0.3:8080`, or `ocid1.privateip..oc1.<var>&lt;unique_ID&gt;</var>:443` or `10.0.0.3:0`
-	* `port` - The communication port for the backend server.  Example: `8080`
-	* `target_id` - The IP OCID/Instance OCID associated with the backend server. Example: `ocid1.privateip..oc1.<var>&lt;unique_ID&gt;</var>`
-	* `weight` - The network load balancing policy weight assigned to the server. Backend servers with a higher weight receive a larger proportion of incoming traffic. For example, a server weighted '3' receives three times the number of new connections as a server weighted '1'. For more information about load balancing policies, see [How Network Load Balancing Policies Work](https://docs.cloud.oracle.com/iaas/Content/Balance/Reference/lbpolicies.htm).  Example: `3`
+* `backends` - An array of backends. 
+	* `ip_address` - The IP address of the backend server. Example: `10.0.0.3` 
+	* `is_backup` - Whether the network load balancer should treat this server as a backup unit. If `true`, then the network load balancer forwards no ingress traffic to this backend server unless all other backend servers not marked as "isBackup" fail the health check policy.  Example: `false` 
+	* `is_drain` - Whether the network load balancer should drain this server. Servers marked "isDrain" receive no incoming traffic.  Example: `false` 
+	* `is_offline` - Whether the network load balancer should treat this server as offline. Offline servers receive no incoming traffic.  Example: `false` 
+	* `name` - A read-only field showing the IP address/IP OCID and port that uniquely identify this backend server in the backend set.  Example: `10.0.0.3:8080`, or `ocid1.privateip..oc1.<var>&lt;unique_ID&gt;</var>:443` or `10.0.0.3:0` 
+	* `port` - The communication port for the backend server.  Example: `8080` 
+	* `target_id` - The IP OCID/Instance OCID associated with the backend server. Example: `ocid1.privateip..oc1.<var>&lt;unique_ID&gt;</var>` 
+	* `weight` - The network load balancing policy weight assigned to the server. Backend servers with a higher weight receive a larger proportion of incoming traffic. For example, a server weighted '3' receives three times the number of new connections as a server weighted '1'. For more information about load balancing policies, see [How Network Load Balancing Policies Work](https://docs.cloud.oracle.com/iaas/Content/Balance/Reference/lbpolicies.htm).  Example: `3` 
 * `health_checker` - The health check policy configuration. For more information, see [Editing Health Check Policies](https://docs.cloud.oracle.com/iaas/Content/Balance/Tasks/editinghealthcheck.htm).
 	* `dns` - DNS healthcheck configurations.
 		* `domain_name` - The absolute fully-qualified domain name to perform periodic DNS queries. If not provided, an extra dot will be added at the end of a domain name during the query.