SSL Passthrough, SSL Offloading and SSL Bridging
Hi all, Can anyone help me understand how to configure VIPs SSL Passthrough, SSL Offloading and SSL Bridging scenarios? What components are taken into consideration for each of the requirement as in VIP type, Pool member health monitor, Client and Server SSL profile, Client and Server Protocol profiles, HTTP profile and persistence if any. Thanks.
How to display the whole configuration of a BIG-IP with default value ?
Hi Guys, I'm currently seeking the CLI command or a way to display and get the configuration of a BIGIP with all default values include in the configuration file (bigip.conf). I'm not sure if it's possible with F5. Thanks for your experience. Morgan
VLAN Tagged vs Untagged. What does this mean.
I have two interfaces 1 and 2 and decided to use 1 for internal traffic and 2 for external traffic. Both Vlan and untagged. Should one be tagged or not. I don’t see any communication from the External vlan TCPDump . I don’t get any communications TCPDump on the external vlan arp. What exactly does this mean.Can't ping active LTMs self ip or floating ip
I have two 2000s (F5a and F5b) in an active/standby configuration. TMOS version = 11.5.2HF1 There are 2 VLANs. Internal, External, HA. My problem is on the internal vlan. On the internal-vlan, F5a-self-ip = .163 F5b-self-ip = .164 Floating-ip = .161 From the upstream L3 switches, I can ping .164 but cannot ping .163 or .161 When I force F5a to standby, the problem reverses. Now I can ping .163 but not .164 or .161 It appears I can only ping the standby unit's self ip. The other two do not respond. On the external VLAN, everything pings fine. Anybody have any thoughts on what may be occuring here? port-lockdown is set to allow all. Thanks!!
How does MAC Masquerading work exactly?
Hi, I am trying to grasp how exactly MAC Masquerading works, and how it behaves differently during a failover. Situation without MAC Masquerading Every floating Self IP & virtual IP will have a gARP anouncement with the new MAC address issued on the device becoming active, making the switches now route to the new device. Issues can arise if network equipment cannot handle the amount of gARPs. Situation with MAC Masquerading Every floating Self IP in the cluster has the same MAC address. Not sure about the vIPs. During failover, the switches need not learn a new MAC address but just learn it's now available on a new switch. (in our case, L3 switches with OSPF) So how do vIPs fit in the mac masquerade story? And how do switches learn the vIPs/floating Self IPs are now on this port without gARPs? The DevCentral articles do not discuss this in great detail.
