Matching Configuration Problem.

Question

Hey, all. I am serving as a hot site for a customer, but have recently run into a bit of a snag. My colleague that previously helped this customer left the company about six months ago and due to an all around lack of communication, some things slipped through the cracks.

So the issue is that the changes the customer has made to their Big IP have not been copied to our side in a while and now I have some catch up to do. This is not a mirrored network, just a "functional equivalent". So the VIPs, pools, irules, etc... Are the same, but the management, routes, etc... are different. So I cannot just load the UCS and call it good (unfortunately).

I'm looking for the best way to do this. When I compared the conf files from the UCS they provided and against mine there were over 6000 lines of code of difference.

Is it possible that I can just copy out the entire LTM section of their UCS file and paste it over the LTM section of mine? Is there a better way to do this that anyone has experience with?

Thanks.

oscarhdz · Answer

Hi Gdoyle!&nbsp;The Single Configuration Files SCF could works for you, these are flat configuration files that you can modify previous to load the configuration, be noticed that the Network Routes are allocated on the bigip.conf file also if you import configuration some strings ( like passwords, secrets and passphrases) will be encrypted on the files and you must load the F5MKU from the origin device to the destination device to solve this. You could identify the encrypted strings cause begins with "$M".&nbsp;K13408: Overview of single configuration files (11.x - 15.x)&nbsp;K9420: Installing UCS files containing encrypted passwords&nbsp;&nbsp;&nbsp;

simon_blakely · Answer

Yes - I recommend breaking things down into smaller sections, and you need to apply dependencies first.

profiles

policies

nodes

pools

virtuals

You still may have issues with things like SSL certificates/keys, and I recommend trying to migrate them manually - you can copy the filestore (using rsync) but I generally don't recommend it, as it is hard to get the filestore and config right

simon_blakely · Answer

load sys config merge file &lt;file-name&gt;
load sys config merge from-terminalwill be your friends ...

gdoyle · Answer

Thanks, S Blakely. My one concern is that there are other sections in here (e.g. security) that I do not want to merge. Is it possible to strip everything except the LTM portion of that from the bigip.conf file they supply, load that as something like "bigip-tomerge.conf," and then merge from there?

Forum Discussion

Matching Configuration Problem.

Recent Discussions

XC Bot defense question

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

NetScaler to F5 Migration

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Related Content

F5 BIG-IP Advanced WAF – DOS profile configuration options.

Maintaining BIG-IP's Golden Compliance Configuration in Financial Services

F5 Access 3.1.0 for Android problem

Configuring BIG-IP for Zone Transfer and DNSSEC

Certificate Expiry Email alert configuration

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS