APM 11.6 - Restart of tmm when creating access policy from iRule
Using the following iRule snippet, tmm is restarted with APM 11.6.0 HF1: when CLIENT_ACCEPTED { When we accept a connection, create an Access session and save the session ID. set flow_sid [ACCESS::session create -timeout 600 -lifetime 3600] Is anyone seeing the same issue with this version? With 11.4.1 this was not happening, so we doubt this is bug brought in with that new version. Any hints are very welcome because our implementation is highly dependent from that feature Thx for your support and ideas291Views0likes4CommentsHow to turn off tmm info in tcpdump
From what I read in https://support.f5.com/csp/article/K13637 you have to actively tell the F5 implementation of tcpdump to include additional information. I have the opposite problem that there always is additional info in the capture file. I get a first packet with information about the command I used, Big-IP version, hostname, BIG-IP platform and product name. In each packet the partition and virtual server path is included at the end. (Which causes wireshark to tag the packets with "ethernet frame check sequence incorrect") It is sometimes useful to send packet captures to external parties for troubleshooting and I would prefer this to not be included. I use tcpdump as I normally do on other devices i.e. "tcpdump -i external -nn host 1.2.3.4 -w /path/ -s 0 -vv". The result is the same from tmsh, bash and regardless of which partition I have set the shell to. Should the capture file be "clean" in the sense that tcpdump will see it as a normal capture when you capture like this?484Views0likes3Comments11.6.0 wasn't mentioned as vulnerable to Meltdown and Spectre?
Dear all, in the advisory from https://support.f5.com/csp/article/K91229003 11.6.0 WAS NOT mentioned to be affected. So, customer asked if his 11.6.0 isn't affected. I have advised customer to call F5 support for an official answer. Anyone has any idea? I wanted to say this version is not affected but I dare not confirm because it doesn’t make sense for a minor release (E.g. 11.6.1) be affected and yet its base version (11.6.0) isn’t affected. This vulnerability is not a software vulnerability in F5, it’s a hardware feature in modern CPUs that can be exploited with malware. All modern computers with Intel chips reportedly produced in the last 10 years appear to be affected, including those running Windows and Linux. F5 software 11.6.0 was released on 25-Aug-2014, definitely within 10 years of modern CPUs used appliances such as the 4000s. (https://support.f5.com/csp/article/K9412)273Views0likes1CommentDoes 11.6.0 compatible for LTM 4000S hardware
We have F5 1600 and 2000 LTM model and they are running 11.6.x version, I am talking to one of the company we are going to buy used model of LTM 4000S without support so question can i install 11.6.x on 4000S model or i have to get support to download new firmware for 4000S?203Views0likes1Comment11.6.0 SPDY Connection from iOS 8
Sorry to make this so generic, but has anybody seen an iOS 8 device successfully connect to a SPDY enabled virtual server on 11.6.0? I've tried applying /Common/spdy under both HF1 and HF3, and iOS devices stop being able to connect. Wireshark shows rapid connection attempts until the user cancels. Safari on Yosemite also seems unhappy, but every other browser functions correctly and the statistics show plenty of SPDY requests happening. Thanks for any sanity check you can offer.314Views0likes4Comments