Proxy URL to ALB on AWS
We need to do the following: . When users access www-xxx.test.com/subsite1, the traffic needs to proxy to www-yyy.test.com/subsite1 on AWS so that www-xxx.test.com/subsite1 retains its name on the browser. Currently, is pointing to an ALB record on AWS. There are listeners on ALB to break the traffic into subsites such as www-yyy.test.com/subsite1, www-yyy.test.com/test2. Can we accomplish this task on F5?
Passive FTP using FTP profile
Hi Community, I have an F5 Big-IP 16.0.1.1 running on AWS with a FTP server behind running vsftpd. The idea is balance passive ftp publically. So, clients should hit public IP of the F5 for passive ftp. This scenario is running perfectly without an FTP profile, just a tcp profile (all ports) and the option pasv_address on the ftp server pointing to the public IP address of the F5. But I need to have this working with the FTP profile in order to implement extra security for FTP on the F5. I've tried to implement FTP passive load balancing using official documentations like (https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-local-traffic-manager-implementations/load-balancing-passive-mode-ftp-traffic.html ) , but no matter what combination or configuration is implemented on the F5 & the ftp server, if I have the ftp profile the message ("passive mode refused") is always received after request PASV and only works if I use this for internal passive ftp, meaning that I not configure a "pasv_address" on the ftp server, and the client that request the connection is in the same Lan than the F5 & ftp server, resolving everything internally. As a said, i've tried a lot of combinations and settings on the F5 and ftp servers, but nothing works. Could someone give me a little of guidance here? Thanks in advance.
Upgrade F5 BIG-IP from 11.5 to 11.6
Hi, We got a security notice from AWS that our current F5 version 11.5 has a known security risk and they recommend us to update the version. So we did and created a new instance and uploaded the config but it didn't work so good. This is from the output: Jan 22 10:19:57 ip-10-26-0-202 emerg mcpd[4619]: 0107070e:0: Software version not covered by service agreement. Reactivate license before continuing. Jan 22 10:19:57 ip-10-26-0-202 emerg mcpd[4619]: 01070608:0: License is not operational (expired or digital signature does not match contents). Jan 22 10:20:02 ip-10-26-0-202 emerg load_config_files: "/usr/bin/tmsh -n -g load sys config partitions all" - failed. -- 01070356:3: SNAT feature not licensed. Unexpected Error: Loading configuration process failed. Jan 22 10:20:21 ip-10-26-0-164 emerg load_config_files: "/usr/bin/tmsh -n -g load sys config partitions all" - failed. -- Error: failed to reset strict operations; disconnecting from mcpd. Will reconnect on next command. The connection to mcpd has been lost, try again. Jan 22 10:20:21 ip-10-26-0-164 emerg logger: Re-starting lind Jan 22 10:20:22 ip-10-26-0-164 emerg logger: Re-starting mcpd Jan 22 10:20:42 ip-10-26-0-164 emerg load_config_files: "/usr/bin/tmsh -n -g load sys config partitions all" - failed. -- 01070356:3: SNAT feature not licensed. Unexpected Error: Loading configuration process failed. What do I need to do to get the license working again?
AWS auto scaling working together with AWS BIG-IP ?
Hi I am trying to figure out how AWS auto scaling can work together with AWS BIG-IP/F5 LTM. Did quite some investigation. Unfortunately could not find helpful information and I doubt that this can be accomplished in a reliable way. https://devcentral.f5.com/articles/news/now-playing-on-amazon-aws-big-ip.U8fLh5SSzzg states: "*Users can additionally leverage scripts to automatically spin up nodes as needed, enabling organizations to execute on an auto-scaling strategy without needing to build out a complicated system" -> Sounds good, but is it true or just big words ? How ? White paper page 6 : http://www.f5.com/pdf/white-papers/migrating-tier-1-application-workloads-with-aws-white-paper.pdf tell about the same, not talking about interesting details. Main issue to me is: how to dynamically and automatically change F5 LTM pools properly, when AWS auto scale adds new servers (instances) with some new (dynamic) IP address, or delete any server. I know I could basically use tmsh on the F5 to change pool members. But how could this be triggered by AWS (e.g. CloudWatch, SNS) in a robust way ? I don't see one so far. Any hints or even experiences ? Thanks a lot. Urs
