TMOS
1490 TopicsVerify change in behavior for (major) software updates
Dear all, I can remember there was a cool feature within ihealth, where you could perform some kind of simulation for a software update and the output was telling you, which of your configuration items needs to be adjusted before/after the change and where is a change in behavior. This was removed I think already several years ago 😞 Therefor my question, is there something similar available or what's the latest recommendation from F5 for a major software update (e.g. from 13.1.5 to 16.x) to check any "conflicts" with the existing configuration. Thank you! Regards Stefan 🙂536Views3likes4CommentsCookie persistence and source address fallback
I wonder what will be result of such setup: LB set to Round Robin Default Persistence Profile: Cookie (Cookie Insert) Fallback Persistence Profile: Source Address Source IP same for all requests (SNATed) My assumption is: First new TCP connection established, no cookie present Fallback Persistence used, no Persistence Record (PR) found No persistence is applied because none exist so connection will be directed to first member What will happen then? Persistence Record for source IP will be created pointing to first server? In HTTP response cookie is inserted pointing to first pool member Then second connection from the same IP comes, assuming that PR was created and did not time out then LB will be ignored and connection will be directed to first server In HTTP response again cookie pointing to first server will be inserted Then all returning connections (with cookies set) will be directed to first server, LB in fact will not be used, except for situation when there is enough period of inactivity between connections to allow PR to expire, but will then new connection be send to second server according to RR or not necessarily? Is above correct? PiotrSolved857Views0likes19CommentsQuestion regarding K22301343, extend /var/ folder after upgrade..
Hi all! We´ve been looking to extend the space of /var/ as it´s causing all types of problems for us when it´s gets full (which happens all the the time). So I´ve been reading and found this article, https://my.f5.com/manage/s/article/K22301343. We´re doing an upgrade at the same this so does anyone know if the /var/ needs to have been extended previously before doing this?? /Kim59Views0likes2Comments201 Recommendations for Study
Hello mates, I am a new member of the forum 😀 I have to retake my 201 exam again in February and it´s been a while since the last time I touch a F5 device. I tried to look for the PDF which, as I remember, it was pretty solid material for the exam and the last time, I was able to pass the exam at the first attempt by only using the study guide and a F5 device I had on the lab. But I´ve seen recently that the guide is not longer available where it was: https://clouddocs.f5.com/training/community/f5cert/html/class3/class3.html May you kindly recommend me documentation and good material for my study. Much appreciate it! Regards,2.3KViews0likes9CommentsF5 VE on Proxmox
Has anybody been successful running F5 BIG-IP VE on Proxmox? Proxmox: Operating System: Debian GNU/Linux 10 (buster) Kernel: Linux 5.0.18-1-pve Architecture: x86-64 F5 VE: virtual edition 14.1.2.2 from downloads.f5.com I tried both qcow2 and .ova(scsi) licensing with trial license obtained from F5 single NIC mode According to https://clouddocs.f5.com/cloud/public/v1/matrix.html, Debian should be supported distribution. Following instructions on https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-ve-setup-linux-kvm-13-0-0/1.html. Creating new VM in Proxmox: OS: guest OS Linux, 2.6 Kernel, no media for OS Hard Disk: bus SCSI, VirtIO SCSI, NFS storage, QEMU format (qcow2), 100GB CPU: 4 sockets Memory: 8GB Network: bridge vmbr0 openvswitch with appropriate vlan tag, VirtIO, no firewall VM is created replacing just created qcow2 on remote storage with downloaded F5 qcow2 image. VM is started I am able to get prompt in Proxmox console, log in with default root account. But then mcpd keeps on restarting - constantly every few seconds. Logs show errors caused by permission errors. For some reason F5 is complaining that it cannot create "/shared/.snapshots_d/" because of permission problem. However permissions of "/shared" are OK. When I create .snapshots_d folder manually as root, mcpd no longer restarts, no more console errors... I run config utility to setup management IP/mask/gateway. As expected in single NIC mode, https port is automatically configured to 8443. I am able to reach GUI configuration utility and login as admin. Up until now everything looks fine. When trying to license the VM, I am able to generate dossier, also receive the generated license file from F5. But when I apply the license to the VM and click next, it acts as if nothing has happened. GUI keeps showing VE is not yet licensed. LTM logs says: err mcpd: License file open fails, Permission denied. "/config/bigip.license" has read permission for all and write for tomcat. Those are expected permissions for the license file. Funny though, content of /config/bigip.license is now actually populated with the correct new license. But "Registration Key" in "tmsh show sys hardware" is empty. There are several other file system related warnings or errors in logs.. so I suspect that the whole issue is with how F5 VE is accessing file system on Proxmox. But I don't know what to check or fix further. Is it even possible to run F5 VE on Proxmox? (although F5 clearly states it should be.) thx.2.3KViews0likes3CommentsHow to config BGP peering for F5 in HA-pair?
Hi I've setup F5 BGP peering with router and have problem due to we can't use floating IP as IP BGP neighbor address https://support.f5.com/csp/article/K62454350 . So we need to use self IP as IP BGP neighbor address. Problem is It's make router can't decide which path is correct when they send response traffic to F5. F5 active unit or standby unit. Router can't know status on F5. I try to add prepend on BGP which is standby unit and it's fine. but when standby unit takeover . it's failed again. Is there a way to deploy BGP with F5 HA-pair? Thank you3.1KViews0likes2Commentstcpdump flooded with failover packets
Hi, I often have a problem with tcpdump on clustered devices. If I e.g. start a dump like this: 'tcpdump -ni 0.0:p host 192.168.1.1' the terminal is flooded with messages like these every few microseconds: 13:20:56.003601 IP 1.1.1.2.44098 > 1.1.1.1.cap: failover_packet { failover_packet_cluster_mgmt_ip ip_address 10.10.10.10 failover_packet_slot_id uword 0 failover_packet_state ulong 5 failover_packet_sub_state ulong 0 failover_packet_monitor_fault ulong 0 failover_packet_hop_cnt uword 2 failover_packet_peer_signal ulong 0 failover_packet_version ulong 2 failover_packet_msg_bits ulong 2 failover_packet_traffic_grp_score ulong 8386 failover_packet_device_load ulong 2 failover_packet_device_capacity ulong 0 failover_packet_traffic_group_load ulong 2 failover_packet_build_num ulong 3944176344 failover_packet_next_active ulong 1 failover_packet_traffic_grp string `/Common/traffic-group-1` failover_packet_previous_active ulong 1 failover_packet_active_reason ulong 0 failover_packet_left_active_reason ulong 8 } out slot1/tmm0 lis= It's a little annoying, since with the 0.0:p I want to see the packet on client and server side (which SNAT-IP it uses, which member) - so the only possibility to get rid of it is to constantly exclude with grep -v Am I doing something wrong about TCPdump? Or is there any flag that disables these messages? Or is this due to a wrong configuration of the F5 itself? Or is it intended behavior?615Views0likes4CommentsPriority Group Activation Failback with HTTP Cookie Insert
Hello All, Can someone help me the below issue? We have a pool with 3 members. 2 members have high priority (Round Robin) and 1 member has low priority. When both the primary members go down, the low priority member should take over the traffic. We have Cookie Insert persistence enabled on the virtual server. In Cookie persistence, "Expiration: Session Cookie" enabled. When both the primary members were made down, the low priority member took over the traffic. When both the primary members came back UP, the traffic continued to go to low priority backend member. When the browser tab is closed and tried to access the URL in new tab, the traffic went to low priority backend member. When the browser window is closed and tried to access the URL in new tab, the traffic still went to low priority backend member. When the browser cookies were deleted and tried to access the URL in new tab, the traffic was taken over by the high priority members. This behavior is not desired and we need to force the LB to use high priority backend members as soon as they come UP. When user tries the connection from new browser or new tab, the traffic should go to high priority pool members. Please let me know how i can achieve the desired behavior. Regards877Views0likes4Comments