Load Balancing to Only One Pool Member
I have an issue where all traffic in a pool is going to the fifth of 5 pool members. We are using cookie persistence and I know there can be issues with that. We are also using both an http and OneConnect profile. From the sols and DC articles I've read it seems like the problem will arise if you do NOT have a oneconnect profile assigned. I have tried pulling http/oneconnect/tcp profiles on and off, using default profiles. The only thing I haven't tried is falling back to source address persistence. That is a last resort I do not want to use. Due to the application architecture source address persistence will definitely result in uneven load. All the "custom" profiles are built from an F5 guide for the application (Epic HyperSpace Web; Link to Guide). That being said this config seems pretty straight forward, but any help would be very much appreciated. We have captured traffic and seen the cookies present in the sessions. Below is the config. ltm virtual /PARTITION/v_80 { destination /PARTITION/10.10.1.1:80 ip-protocol tcp mask 255.255.255.255 persist { /PARTITION/Custom-cookie { default yes } } pool /PARTITION/pool_80 profiles { /PARTITION/Custom-OneConnect { } /PARTITION/Custom-http { } /PARTITION/Custom-lan-optimized { } } source 0.0.0.0/0 source-address-translation { type automap } translate-address enabled translate-port enabled } ltm pool /PARTITION/Pool_80 { description "HTTP Pool" load-balancing-mode least-connections-member members { /PARTITION/001:80 { address 10.1.1.1 } /PARTITION/002:80 { address 10.1.1.2 } /PARTITION/003:80 { address 10.1.1.3 } /PARTITION/004:80 { address 10.1.1.4 } /PARTITION/005:80 { address 10.1.1.5 } } monitor /Common/http_head_f5 service-down-action reselect } Only change to custom oneconnect profile is mask is 255.255.255.255. Only change to tcp-lan-optimized profile is the idle timeout is set to 1200s. Only change to http profile is that 'Redirect Rewrite' is set to Matching. Custom cookie persistence uses default settings.
Load balancing SMPP authentication with MRF and no iRules. Can it be done?
Hi DevCentral, I will be honest, I do not completely understand how SMPP works, and the full requirements, but of all the configurations required this is the one that's throwing me for a loop. The scenario is as follows; When an external client initiates a connection to the VS, they are required to authenticate to two servers located in two differing subnets. The LTMs must traverse other gateways to reach these subnets. The requirements are to allow the connecting client to authenticate to both servers and any subsequent messages are load balanced to either of the servers, and if possible persist to only one based on the client/source. If the server fails, the pool will reselect and direct the connection to the available member. If the authenticated session fails, or the client closes the connection, they will re-authenticate to both servers and then load balancing can take place as before. I have looked at an iRule example by Dev member NAT, and trying to understand it at the moment. Some of it I get but the majority still escapes me, and I'm currently watching a TCL crash course to try and understand further. Referencing this post, from Dev user Sam, showing the SMPP message flow, which seems similar to Diameter, and from this I have been looking at MRF to possibly circumvent the iRules, limiting the complexity for future modifications. I have not begun configuring the SMPP services as yet, focusing on other configurations required prior to undertaking this one which seems mentally as a challenge. The HA pair LTMs are currently running version 12.0.0 1.0.0.628. My questions are; Is it possible to undertake this task without using iRules? and if so, any suggestions/tips for the configuration? Based on the message flow, is MRF viable for this solution? If iRules are required for the requirements, can the iRule example (from above) be used to satisfy this requirement? I would appreciate any assistance regarding the above, and also, feel free to ask for any information which can hopefully aid in a resolution. Best regards, T33
Is it possible to pair TCP and UDP streams?
Hello, I have an application that utilizes a pair of and UDP traffic streams per application session. Is it possible to configure BIG-IP load balancing so that the UDP traffic for a particular application session is directed to the same load-balanced server where the companion TCP traffic is directed? Thanks..
Device Cert Signing Request
Helo, I have recently configured an f5 device and needed an ssl certifcate for my device. Another engineer generated a cert but done in wrong menu. I needed to generate a CSR for a virtual server not device itself (which i have done now). The CSR was created as a Device Certificate Signing request under System, seperate from where you upload the SSL certificates ,they created created CSR and generated CSR for the device but this was not what i wanted. Is there any way i can delete this under that menu (as i cant find any way to) ? will this effect the ADC in any way? Much thanks for you help
Setup BigIP F5 VE 25mbps Good in an AWS VPC
Hello, I've been trying for the last few days to setup Setup BigIP F5 VE 25mbps Good in an AWS VPC, based on these tutorials: https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-ve-setup-amazon-ec2-12-1-0/2.html https://devcentral.f5.com/articles/f5-in-aws-part-2-running-big-ip-in-an-ec2-virtual-private-cloud (and probably many, many more F5 documentation pages) Desired setup: 1 Virtual Server (PublicIP1:PortN) 1 Pool 1 Node (PublicIP2:PortN) Current situation: Node is green, HTTP monitor is green. SSH -> curl to PublicIP2:PortN works. Pool is green. Virtual Server is green. No firewall is blocking the connections. However... the connection to PublicIP1:PortN does not work. BigIP does not have any IPs for eth0 and eth1 when I ifconfig, even though they should both have IPs (and they have Elastic IPs associated in AWS). The web UI just shows me interface 1.1, as uninitialized... :( I can provide any debugging information needed, just tell me where to get it since I'm obviously a BigIP newbie :)tmsh LTM connection table
When hitting a https VS I see two entries in the connection table. Can someone explain why there are 2 entries, one on :443 and one on :0 ??? I am troubleshooting a problem and would like like to know what the ::.0 connections mean and if it is an issue. tmcgover@ma-npweb-bip3600a(Active)(tmos) show sys connection cs-server-addr 198.204.13.19 Sys::Connections 198.204.15.125:53837 198.204.13.19:443 10.88.186.106:80 tcp 0 198.204.15.125:53836 198.204.13.19:443 ::.0 tcp 1 DETAILS: tmcgover@ma-npweb-bip3600a(Active)(tmos) show sys connection cs-server-addr 198.204.13.19 all-properties Sys::Connections 198.204.15.125:1609 - 198.204.13.19:443 - ::.0 TMM 0 Type any Protocol tcp Idle Time 1 Idle Timeout 300 Unit ID 1 Lasthop QA-Web-Ext-184 00:00:5e:00:01:25 Virtual Path 198.204.13.19:443 ClientSide ServerSide Client Addr 198.204.15.125:1609 ::.0 Server Addr 198.204.13.19:443 ::.0 Bits In 29.4K 0 Bits Out 38.2K 0 Packets In 15 0 Packets Out 11 0 198.204.15.125:1995 - 198.204.13.19:443 - 10.88.186.106:80 TMM 0 Type any Protocol tcp Idle Time 13 Idle Timeout 300 Unit ID 1 Lasthop QA-Web-Ext-184 00:00:5e:00:01:25 Virtual Path 198.204.13.19:443 ClientSide ServerSide Client Addr 198.204.15.125:1995 198.204.15.125:1996 Server Addr 198.204.13.19:443 10.88.186.106:80 Bits In 15.5K 5.3K Bits Out 6.9K 11.2K Packets In 9 5 Packets Out 5 6Simple HTTP Load balancing setup not working
I'm working on a F5 Lab license, just trying to learn the basics of load balancing HTTP using the F5 web interface (I have not yet done anything with the CLI). I've setup two nodes, a pool that contains those two nodes, and a virtual server which uses the pool. I have an HTTP monitor on the pool, and it says that both nodes are working correctly on the F5 web interface. I also checked both web servers, and I can see the HTTP monitor connecting every few seconds (from the F5's management IP), so I know that the F5 monitor is in fact reaching out to those servers successfully. On both web servers, I have set the default gateway on the only network adapter to the F5's management IP. Just for the heck of it, I tried setting the default gateway to the virtual server's IP, too, but I switched it back to the management IP. I have tried with SNAT turned off and set to Auto Map, but I get the same results each time (site can't be reached). I've also tried playing around with the default persistence profile - set to none, or set to client-addr, and dest-addr. Same result each time - I cannot access the web servers through the load balancer. So, anything solutions that I've seen posted for people with similar problems do not seem to be working for me. I'm sure it's probably one configuration somewhere that I'm missing. Any help to identify what the problem might be would be much appreciated. Remember, I'm a newbie to F5! Thanks, -Scott