Forum Discussion
LTM 11.4.1 - Trying to Identify equivalent features to cisco ACE
We have a legacy application which uses the following features in Cisco ACE parameter-map type http PARAMETERS case-insensitive persistence-rebalance set header-maxparse-length 65535 set content-maxparse-length 65535 length-exceed continue parsing non-strict
I am looking to find equivalents for these in F5 LTM as once we migrated the application to LTM we see a lot of intermittent issues accessing the application and a lot of 'Resets' from the clients to the Virtual Server IP in tcpdump.
The application has multiple pools and we are using the following irule to switch between pools based on a cookie that the application sends to the browser,
when CLIENT_ACCEPTED {
set default_pool [LB::server pool]
}
when HTTP_REQUEST {
ONECONNECT::reuse disable
if { [HTTP::cookie exists "Pool-cookie"] } {
switch [HTTP::cookie value "Pool-cookie"] {
"Pool1" {
pool Pool1
}
"Pool2" {
pool Pool2
}
default {
pool $default_pool
}
}
}
else {
pool $default_pool
}
}
- For the persitence-rebalance in ACE we are using Onceconnect, so the LTM can do L7 load-balancing decision for every HTTP request inside the same TCP connection (content switching feature of oneconnect). Just to ensure that the 'server-connection-resuse' is not causing any issues, it has been disabled inside the iRule. Effectively trying to use oneconnect only for the content switching requirement.
- the http header size has been set tp 65535 in the http_profile. the 'length-exceed continue' option ACE makes it still process the request even if the http header size is more that 65535, but i could not find a similar option to this in LTM. LTM sends a RST if the header size exceeds. Is there any option available in LTM similar to the 'length-exceed continue' feature in ACE???
- the 'parsing non-strict' in ACE, ignores malformed cookies in a request and continues parsing the remaining cookies. The application seems to have 'non-compliant RFC2396 characters' in its http responses, which the LTM might not like if it processes only RFC2396 compliant http requests. Is there any feature in LTM similar to the 'parsing non-strict' in ACE so it can continue process other cookies eventhough there are few malformed cookies from the application???
- R_Eastman_13667Historic F5 Account
I think this should help you: https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-concepts-11-5-0/7.html
Oversize client headers
The Oversize Client Headers setting determines the way in which the BIG-IP system passes through HTTP traffic when the Maximum Header Size value is exceeded by the client. The default is disabled, which rejects the connection. Note: This feature is only available on the HTTP profile when you set the proxy mode feature to Transparent.
- Karthik_KumaranNimbostratus
Thanks. That was of real help. But looks like all the features i am looking for are available only in 11.5, reading through the link. I am still running 11.4.1, have opened a support case to see if they can suggest any similar option in 11.4.1, may be they will ask me to upgrade to 11.5. Also, the Transparent Proxy mode option in HTTP profile, in 11.5, seems to be the way to allow LTM to forward invalid HTTP traffic to the pool server, similar to the "parsing non-strict" option in Cisco ACE.
- Karthik_KumaranNimbostratus
i upgraded to 11.5.1, and tried to enable http transparent proxy mode (using http-transparent profile) to a Virtual server that already has other profiles (SSL client, OneConnect, http-compression). But i get the following error, 01070734:3: Configuration error: In Virtual Server (/oracle/prod_443) HTTP is configured as a Transparent Proxy, and thus is incompatible with any other filter other than PEM. Looks like i cannot use this Transparent proxy mode in my configuration. Primarily i am looking for an equivalent to parising non-strict in Cisco. Anyone has an idea? i opened a support case and the engineer said this feature cannot be used with the VS config i have and suggessted to use iRule to implement the same. Is there a possible way to enable this using an iRule?
- Antony2015Altostratus
Hey Karthik,
I am in a same situation where I have to provide the business solution to one of my customer. Could you finalize your standards on ACE to F 5 LTM migration? My requirement as below. Could you please some inputs on this ?
parameter-map type http HTTP-Params-Maxparse-No-Strict-8192 case-insensitive persistence-rebalance set header-maxparse-length 8192 set content-maxparse-length 8192 parsing non-strict
- Karthik_KumaranNimbostratus
hi Antony,
- Persistence-rebalance -> Use a Oneconnect profile with a 255.255.255.255 mask. This is to make sure we dont use the connection reuse feature of Oneconnect, and use Oneconnect only for 'load-balancing every HTTP request inside the same TCP connection' like exactly what persistence-rebalance in Cisco ACE does.
- header-maxparse-length -> the default 'Maximum Header Size' in F5 is 32768 bytes. You can change this to what you want using a custom HTTP profile.
- content-maxparse-length - I could not find an exact equivalent. But i think by adding a http-compression profile, you can take care of this making the F5 to compress the http content.
- parsing non-strict -> This feature in ACE ignores malformed cookies and still processes the other cookies. But F5 seems to just stop parsing the packet if it finds a malformed cookie that some of the legacy applications use. There is not option to alter this behavior of F5 like in ACE, unless we can write some iRule coding i believe.
- Antony2015AltostratusMuch appreciate your response on this Karthik. Thanks
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com