LTM
18485 Topicstroubleshooting serverssl profile with client cert..
Hi all! We have a virtualserver with a serverssl profile configured with a client cert. According to the technician working with the backend nginx node they´re not getting the client cert. Does anyone know a good way for us to verify that the cert is there or not? Would a tcpdump be sufficient? /Kim42Views0likes4CommentsWhat is the best practice to deploy single Tenant in F5 rseries?
Hi, we are going to deploy new rseries 5k with single Tenant. What is the best practice to setup? I plan to setup like below, can someone please advise whether it is correct or not? And I have question on auto disk space and memory allocation. Thanks in advance! Allocate all the disk space to this large single tenant Allocate all the memory to this single tenant within the tenant, set "Large" to "Mgmt" module for the rest modules: LTM, GTM , ASM , set "Normal" under Resource Provisioning". Seems the system automatically allocate disk space and memory to each module. Based on the amount of disk space and memory allocated to these modules, seems there are still a lot spare diskspace and memory. Will these modules automatically share the rest spare diskspace and memory when necessary?23Views0likes1Commentremove www from domain
Hello Everyone, Could you please assist for below query how it will be achieved. We have a query where the customer wants to remove the www from the request. for example requested comes to https://www.abc.com and they want to remove www and forward to only abc.com. i would like to know if this is applicable using local traffic policy and irules. if possible kindly share the example irule or local traffic policy example to achieve this. Please note: there are some policies configured with https://www.abc.com/etc and being redirected to https://www.abc.com/xyz . will there be any impact on these redirections rules if we remove the www? if yes then do we need to modify all these policies to abc.com and remove www from the redirection statements.? TIA.26Views0likes1CommentHow are memory and disk allocated to different modules on bigip appliance?
hi, when doing "Resource Provisioning", the memory and disk space are auto allocated to LTM and ASM are shown as below. The amount of Memory and disk is minimum requirement, right? When a huge number of virtual server will be created later, will appliance auto allocate more spare memory and disk to the module? And what is he management module responsible for? Is it responsible for packet forwarding? should we set "Provisioning" to "Medium" or "Large" if the throughput is larger than 1Gbps? Can someone please advise? thanks in advance!66Views0likes7CommentsHow to add missing Content-Length header to an HTTP POST request?
Have tried to send an APM HTTP Auth POST request to external authentication server which requires Content-Length header. Seems to be that APM HTTP Auth does not calculate and add the Content-Length header when sending a custom POST. The POST content is small json data but its size varies. HTTP Auth sends the POST to a layered VS which converts the request to https, so can use iRules there. Tried to use HTTP::collect and then calculate the size from collected HTTP::payload and do HTTP::release. However it gets stuck.. Would be nice to be able to do it at the Layered VS. Alternatively thinking of using an iRule agent event in the VPE to form the json POST data and calculate the size into session variables prior the HTTP Auth box in the VPE and using them in the HTTP Auth custom POST definition. Any advice?272Views0likes1CommentHow to add missing Content-Length header to an HTTP POST request?
Have tried to send an APM HTTP Auth POST request to external authentication server which requires Content-Length header. Seems to be that APM HTTP Auth does not calculate and add the Content-Length header when sending a custom POST. The POST content is small json data but its size varies. HTTP Auth sends the POST to a layered VS which converts the request to https, so can use iRules there. Tried to use HTTP::collect and then calculate the size from collected HTTP::payload and do HTTP::release. However it gets stuck.. Would be nice to be able to do it at the Layered VS. Alternatively thinking of using an iRule agent event in the VPE to form the json POST data and calculate the size into session variables prior the HTTP Auth box in the VPE and using them in the HTTP Auth custom POST definition. Any advice?1.5KViews0likes3CommentsAny issue if setting up LTM and GTM/DNS on the same F5 Appliance Cluster?
Hi, we have a pair of F5 appliance, and plan to setup HA cluster. After HA configuration and both appliance in sync, LTM works well as active/standby mode as expected GTM delivery listener is active on active F5 appliance as expected, the dns queries are routed to the active appliance GTM wild-ip pool members are shown "down" state on Standby appliance. The status of Data Center/Links are also shown "down" on the Standby appliance. Is it normal? Both F5 appliances are configured under the same GTM sync-group with different external physical links. Can someone please advise? Thanks in advance!15Views0likes0CommentsSyn-Flood protection in F5 LTM BIG-IP 17.1.1.3
HI Guys Sorry maybe i have not been so clear. I've ben searching for information about syn-flood protection of f5 LTM. I know there is the this feature (i saw the command on the CLI "syn-flood protection not active) but i could not find many information. I searched in the : techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-system-syn-flood-attacks-13-0-0/1.html page but it seems all these pages of f5.com are no longer there. Can anyone explain how to activate this feature or send some exhaustive link ? device is BIG-IP 17.1.1.3 Build 0.0.5 Point Release 3 Thank You B.R Mario30Views0likes1Commentsome questions on device Trust Certificate?
hi, I have two questions on device trust certificates (client cert). why there are duplicate certificates on Device Trust Certificate list? I saw duplicate gtm device certificates in LTM devices. is it true that only gtm device certificate is sent to ltm device, and reverse "no" -- no ltm device certificate in gtm Device Trust Certificate list? I checked out gtm and ltm devices for our different regions, no ltm device certificate is on any gtm Device Trust Certificate list. Can someone please help advise, thanks in advance!Solved51Views0likes5Comments