For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

sandiksk_35282's avatar
sandiksk_35282
Icon for Altostratus rankAltostratus
Sep 03, 2015

need config help on f5

we are moving a vip from cisco ace to f5 .need some help as how my config need to be on f5. below is the config from cisco ace

 

serverfarm host vip_prod probe PROBE_TCP_HTTP rserver app03p inservice rserver app04p inservice

 

class-map match-all prod_CLASS 2 match virtual-address 192.168.10.2 tcp eq www

 

sticky http-cookie prod prod_STICKY cookie insert browser-expire serverfarm vip_prod timeout 30 replicate sticky

 

class-map type http loadbalance match-any prod_CLASSURL 2 match http url .* 3 match http url /*

 

parameter-map type http PROD_PARAM persistence-rebalance parsing non-strict

 

policy-map type loadbalance first-match prod_POLICY class prod_CLASSURL sticky-serverfarm prod_STICKY

 

policy-map multi-match POLICY class prod_CLASS loadbalance vip inservice loadbalance policy prod_POLICY loadbalance vip icmp-reply active nat dynamic 26 vlan 22 appl-parameter http advanced-options PROD_PARAM

 

interface vlan 2 mtu 1500 no normalization access-group input ALL nat-pool 26 192.168.10.2 192.168.10.2 netmask 255.255.255.255 pat service-policy input remote_mgmt_allow_policy service-policy input POLICY no shutdown

 

3 Replies

  • sandiksk_35282's avatar
    sandiksk_35282
    Icon for Altostratus rankAltostratus
    Sep 03, 2015

    thanks for your response ,so for each vip do i need to create a zipfile and import it to f5 using getting the below erro command not found [root@f501b:Active:In Sync] config $ perl ace2f5-tmsh.pl ace_config bash: $: command not found

     

    Can you help me with the process

     

    and in cisco ace we define class-map type http loadbalance match-any prod_CLASSURL 2 match http url .* 3 match http url /*

     

    So how should i configiure this on F5

     

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Sep 07, 2015

    that script isn't available on the F5 if you didn't put it there. personally i would put it on an external linux box and not the big-ip. also the script was built for version 10, so it might be blindly work on version 11. but in principle if you don't have a lot of vips you can do rebuild them on the big-ip. you just have to understand well your cisco ace config and your big-ip config.

     

    it helps if you can explain what that exactly does, most people here know F5 config, but less ACE config.

     

    i did a short google search on this and seems to do something with conditional load balancing if the URL is either .* or /*, which to me feels like always, or are there cases load balancing should not happen on this vip?

     

    if you do need something like this you can look at iRules or local traffic policies. both are able to add conditional load balancing.