AAM Web App Policy - invalidation rule regex problem
When I enter a regex in the "Client IP" field I get the message The field has invalid characters if the regex contains certain characters like \ and ^ . That seems a bit odd since those characters are rather fundamental parts of regex. Has anyone else encountered this?How to clear Web acceleration cache?
So I have been trying to clear the web acceleration profile cache on applications and have ended up deleting the profile instead with this command: DELETE '/mgmt/tm/ltm/profile/web-acceleration/~partion~app.app~optimized-caching_profile' Can someone please help with the right commands for this? Also tried to clear all with DELETE '/mgmt/tm/ltm/profile/web-acceleration/all' not sure it worked as the only response is null "" Any references to better documentation or understanding would be greatly appreciated.AAM not caching JPGs - "Another request is updating the content"
AAM is caching everything but JPGs. Apparently it's bypassing the cache because "Another request is updating the content". However, it's been saying that for almost an hour. Browsers are displaying the image without any problem - it's just not getting cached by AAM. Ideas? wainfodecode "[V2.S10413.A34484.P65790.N37551.RN0.U0].[OT/jpeg.OG/images].[P/0.0].[O/0.2].[EH0/0].[DH0/0].[C/00.u].[K/n]" V2: X-WA-Info Format Version S10413: Response bypassed the WebAccelerator system. A34484: Application: /Common/www.domain.com_aam_custom P65790: Local-policy: /Common/www.domain.com_custom N37551: Request Policy Node: JPEG RN0: Response match did not supersede request match UCI hash: 0 Object type: jpeg Object group: images Request served from TMM: 0.0 Request owned by TMM: 0.2 Entity hit count (local/remote): 0/0 Document hit count (local/remote): 0/0 Document not in cache. Reason: Not applicable. Bypass: Another request is updating the content. Parking: Not parked.V11.5.3--- different domain encryption and decryption by different certificate
Hello A file introuduce different domain encryption and decryption by defferent certificate,but it's no longer available in BIG-IP 11.4.0 and later versions; I need a file which is available for BIG-IP 11.4.0 and later version ; 3Q!! Clearing of RAM-Cache or Web Acceleration profiles
I need a way to clear the web cache from off box. I'm playing around with PowerShell for iControl but don't see any ramcache related commands listed. I found a sample script the references the 'Get-RAMCacheEntry' command but this doesn't seem to exist any more. Basically, I need a good way of doing what this command does without giving my application people CLI access to the big-ip. tmsh delete ltm profile ramcache [cache profile name] Ideas? Thanks, Patrick
Why is this not being Cached
I have banged my head for two days now attempting to figure out what and why this isnt being cached by the F5. It appears that its a long dark road when you are attempting to figure out why things arent hapenning in regards to wam. > GET /myCOMPANY/node/6 HTTP/1.1 > User-Agent: curl/7.35.0 > Host: t-www.COMPANY.com > Accept: */* > < HTTP/1.1 200 OK < Date: Tue, 27 May 2014 20:11:01 GMT * Server Apache is not blacklisted < Server: Apache < X-Drupal-Cache: HIT < Content-Language: en < Link: ; rel="canonical",; rel="shortlink" < X-Generator: Drupal 7 (http://drupal.org) < Cache-Control: no-cache < Last-Modified: Tue, 27 May 2014 13:37:24 +0000 < Expires: Tue, 27 May 2014 20:11:03 GMT < Vary: Cookie,Accept-Encoding < X-XSS-Protection: 1; mode=block < Content-Type: text/html; charset=utf-8 < Set-Cookie: BIGipServerCOMPANY_CORPORATE_DEV.app~COMPANY_CORPORATE_DEV_pool=rd2o00000000000000000000ffff8ed6f029o80; path=/ < Accept-Ranges: none < X-WA-Info: [V2.S10201.A5777.P45671.N13710.RN0.U2407940255].[OT/html.OG/pages].[P/0.3].[O/0.2].[EH1/0].[DH1/0].[C/P] < Transfer-Encoding: chunked < { [data not shown] * Connection 0 to host t-www.COMPANY.com left intact wainfodecode returns the following: V2: X-WA-Info Format Version S10201: Response was served from the origin web server, because the request was for new content. A5777: Application: /Common/DRUPAL-TEST.app/DRUPAL-TEST_aam P45671: Local-policy: /Common/Generic Policy - MyCompany N13710: Request Policy Node: Pages RN0: Response match did not supersede request match UCI hash: da7ae1cc Object type: html Object group: pages Request served from TMM: 0.2 Request owned by TMM: 0.3 Entity hit count (local/remote): 1/0 Document hit count (local/remote): 1/0 Document cacheable, but not seen enough to cache. I am at my wits end and I have no understanding of why, or how to make this cache.
network to network connection with iSession over the Internet
We want to achieve a L2L connection over the Internet, with iSession: encryption, compression. And no NAT (similar like a L2L IPSec tunnel) We have 2 LAB VE LTMs (11.4.1, LTM and AAM provisioned), the WAN is only simulated with a VLAN: LAN1 (10.31.5.0/24)---(10.31.5.246) LTM1 (1.1.1.1)---WAN---(1.1.1.2) LTM2 (10.31.29.246)---LAN2 (10.31.29.0/24) LTM1 has an interface in LAN1, which is 10.31.5.246 LTM1 has an interface in WAN, which is 1.1.1.1 LTM2 has an interface in LAN2, which is 10.31.29.246 LTM2 has an interface in WAN, which is 1.1.1.2 We successfully created the iSession between the devices, and advertised the networks through the iSession. Please check below there is the output from LTM1. Diagnostics: Acceleration ›› Symmetric Optimization : Diagnostics : Diagnose WOM Configuration also shows everything is OK. There is NO route added to the device (we believe iSessions should handle routing through iSession advertised routes): Plus we can successfully ping LAN2 from LTM1 and LAN1 from LTM2 without additional routes. On the LAN1|2 servers we added routes, routing the other LAN to the LTM device self IP. We have created iSession virtual with wizard: Acceleration ›› Quick Start : Symmetric Properties We have created name: iSession-TEST, which is forwarding(IP) virtual servers, all sources, destination 0.0.0.0/0, all VLAN, all ports, all protocols So again, iSession is UP traffic is OK when initiating from LTM. But when initiating from the LANs, it is not working. We receive: Reply from 10.31.5.246: Destination net unreachable. in the LTM tcpdump 10:34:30.864869 IP 10.31.5.21 > 10.31.29.21: ICMP echo request, id 1, seq 16887, length 40 in slot1/tmm1 lis=/Common/iSession-TEST We see the request hitting the LTM, but not transferred through the iSession. Please advise! OUTPUT OF SHOW WOM Deduplication Status : ONLINE Codec : sdd-v2 Endpoints maximum : 1 Endpoints active : 1 Endpoint discovery stats ICMP probes Req. sent: 0 Resp. received: 0 ICMP probes Req. received: 0 Resp. sent: 0 TCP options SYNs sent: 0 ACKs received: 0 TCP options SYNs received: 0 ACKs sent: 0 Endpoints discovered ICMP: 0 TCP: 0 Local endpoint ADDRESSES: 1.1.1.1 MGMT ADDR: 10.31.0.128 VERSION: 11.4.1 UUID: c7a0:9252:37fb:794e:1a48:b7d2:aca2:2b53 SEVERSSL: serverssl TUNNEL PORT: 443 ALLOW NAT: disabled SNAT: none Remote endpoint: 1.1.1.2 Status HOSTNAME: lab2-big-fra1.datahost.int MGMT ADDR: 10.31.0.129 VERSION: 11.4.1 UUID: 3961:b581:69c4:b0b1:6dd8:b392:2f30:481f enabled STATE: ready BEHIND NAT: no CONFIG STATUS: none DEDUP CACHE: 10.3G CODEC: sdd-v2 REFRESH count: 0 REFRESH timestamp: 0 ALLOW ROUTING: enabled Endpoint Isession Statistic: _tunnel_data_1.1.1.2 Connections Current Maximum Total Connections OUT IDLE: 0 0 0 Connections OUT ACTIVE: 0 0 0 Connections IN ACTIVE: 0 0 0 Direction Action Raw Opt Out (to WAN) bits Deduplication 0 0 Out (to WAN) bits Compression 0 0 Direction Action Opt Raw In (from WAN) bits Decompression 0 0 In (from WAN) bits Deduplication 0 0 Remote Route: 10.31.29.0/24 Include: enabled Label: Remote endpoint: 1.1.1.2 Server discovery stats Discovered routes: 0 Routes dropped due to max Discovered routes system limit: 0 Old Discovered routes pruned to make room for new ones: 0 Old Discovered routes pruned from the system: 0 llenard@(lab1-big-fra1)(cfg-sync Standalone)(Active)(/Common)(tmos) show wom rem Components: remote-endpoint remote-route llenard@(lab1-big-fra1)(cfg-sync Standalone)(Active)(/Common)(tmos) show wom remote-route Remote Route: 10.31.29.0/24 Include: enabled Label: Remote endpoint: 1.1.1.2
Update 11.5.1. HF4 to HF6 fails with configuration problem - BUG
Hi, There seems to be a bug in the new Hotfix! After the update from HF4 to HF6 and a reboot, I get the know error message "The configuration has not yet loaded. If this message persists, it may indicate a configuration problem." The ASM module will be stopped. If I run "tmsh load sys conf", I get Syntax Error:(/config/bigip.conf at line: 112) "predefined-report-name" may not be specified with "multi-leveled-report.limit" If I look into the conf on the activ device, I find "predefined-report-name" in my configured analytics reports (Security/Application/Charts Scheduler). Strange: If I delete the scheduler on the active device, it will still exist in the config on the active device, but it will be removeed from the config of the standby device. If I create a new one and delete it again, everything is removed from the config. An update without a any chart scheduler and a clean bigip.conf results in another error. Now, I get 010717e1:3: Client SSL profile cannot contain more than one set of same certificate/key type. Unexpected Error: Loading configuration process failed. This is described here: https://devcentral.f5.com/questions/010717e13-client-ssl-profile-cannot-contain-more-than-one-set-of-same-certificate-key-type This is a bad hotfix. Be careful.
