Active/Standby load balancing dynamically with LTM
I'm not sure if I'm using the right terminology, but some application folks want to set up identical web servers where they can test upgrades and changes to server A while maintaining production traffic to server B. LTM is currently directing traffic for the application using an iRule and matching URIs so it looks like: www.company.com/app1 -> App1_Pool -> Node1 & Node2 Is there something I can do to intelligently determine which node (or a different pool) this lands on without administrator intervention? Ideally something that they can trigger themselves when they are ready to upgrade their apps. www.company.com/app1 -> App1_Pool -> Node 1 (if active) or Node 2 (if active) I thought of them possibly disabling the site in IIS which would make the port monitor go down and stop traffic flow but they want to still access the app in a testing capacity so that likely won't work. Any help is appreciated, thanks!Solved614Views0likes8Commentstmsh LTM connection table
When hitting a https VS I see two entries in the connection table. Can someone explain why there are 2 entries, one on :443 and one on :0 ??? I am troubleshooting a problem and would like like to know what the ::.0 connections mean and if it is an issue. tmcgover@ma-npweb-bip3600a(Active)(tmos) show sys connection cs-server-addr 198.204.13.19 Sys::Connections 198.204.15.125:53837 198.204.13.19:443 10.88.186.106:80 tcp 0 198.204.15.125:53836 198.204.13.19:443 ::.0 tcp 1 DETAILS: tmcgover@ma-npweb-bip3600a(Active)(tmos) show sys connection cs-server-addr 198.204.13.19 all-properties Sys::Connections 198.204.15.125:1609 - 198.204.13.19:443 - ::.0 TMM 0 Type any Protocol tcp Idle Time 1 Idle Timeout 300 Unit ID 1 Lasthop QA-Web-Ext-184 00:00:5e:00:01:25 Virtual Path 198.204.13.19:443 ClientSide ServerSide Client Addr 198.204.15.125:1609 ::.0 Server Addr 198.204.13.19:443 ::.0 Bits In 29.4K 0 Bits Out 38.2K 0 Packets In 15 0 Packets Out 11 0 198.204.15.125:1995 - 198.204.13.19:443 - 10.88.186.106:80 TMM 0 Type any Protocol tcp Idle Time 13 Idle Timeout 300 Unit ID 1 Lasthop QA-Web-Ext-184 00:00:5e:00:01:25 Virtual Path 198.204.13.19:443 ClientSide ServerSide Client Addr 198.204.15.125:1995 198.204.15.125:1996 Server Addr 198.204.13.19:443 10.88.186.106:80 Bits In 15.5K 5.3K Bits Out 6.9K 11.2K Packets In 9 5 Packets Out 5 6375Views0likes4CommentsLoad Balancing to Only One Pool Member
I have an issue where all traffic in a pool is going to the fifth of 5 pool members. We are using cookie persistence and I know there can be issues with that. We are also using both an http and OneConnect profile. From the sols and DC articles I've read it seems like the problem will arise if you do NOT have a oneconnect profile assigned. I have tried pulling http/oneconnect/tcp profiles on and off, using default profiles. The only thing I haven't tried is falling back to source address persistence. That is a last resort I do not want to use. Due to the application architecture source address persistence will definitely result in uneven load. All the "custom" profiles are built from an F5 guide for the application (Epic HyperSpace Web; Link to Guide). That being said this config seems pretty straight forward, but any help would be very much appreciated. We have captured traffic and seen the cookies present in the sessions. Below is the config. ltm virtual /PARTITION/v_80 { destination /PARTITION/10.10.1.1:80 ip-protocol tcp mask 255.255.255.255 persist { /PARTITION/Custom-cookie { default yes } } pool /PARTITION/pool_80 profiles { /PARTITION/Custom-OneConnect { } /PARTITION/Custom-http { } /PARTITION/Custom-lan-optimized { } } source 0.0.0.0/0 source-address-translation { type automap } translate-address enabled translate-port enabled } ltm pool /PARTITION/Pool_80 { description "HTTP Pool" load-balancing-mode least-connections-member members { /PARTITION/001:80 { address 10.1.1.1 } /PARTITION/002:80 { address 10.1.1.2 } /PARTITION/003:80 { address 10.1.1.3 } /PARTITION/004:80 { address 10.1.1.4 } /PARTITION/005:80 { address 10.1.1.5 } } monitor /Common/http_head_f5 service-down-action reselect } Only change to custom oneconnect profile is mask is 255.255.255.255. Only change to tcp-lan-optimized profile is the idle timeout is set to 1200s. Only change to http profile is that 'Redirect Rewrite' is set to Matching. Custom cookie persistence uses default settings.1.6KViews0likes41CommentsIs this achievable? Mark a LTM VIP down if one of the Pool is down.
Hi All, I've an LTM VIP, which has two pools V1, V2. I've an iRule that directs URLs based on context path to respective Pools. Currently, even if one pool goes down (underlying member nodes are down), LTM is still up & serves call to other Pool. Is it possible to mark LTM VIP as down even if one Pool is down? Because GTM will not mark LTM as down unless all pools under LTM is down & I want LTM to be down even if one Pool in LTM goes down. We've the below iRule now when HTTP_REQUEST { switch -glob [string tolower [HTTP::uri]] { "/test/v1/*" { pool BK7-TEST-8080 } "/example/v2/*" { pool BK7-EXAMPLE-8280 } } }306Views0likes2CommentsSetup BigIP F5 VE 25mbps Good in an AWS VPC
Hello, I've been trying for the last few days to setup Setup BigIP F5 VE 25mbps Good in an AWS VPC, based on these tutorials: https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-ve-setup-amazon-ec2-12-1-0/2.html https://devcentral.f5.com/articles/f5-in-aws-part-2-running-big-ip-in-an-ec2-virtual-private-cloud (and probably many, many more F5 documentation pages) Desired setup: 1 Virtual Server (PublicIP1:PortN) 1 Pool 1 Node (PublicIP2:PortN) Current situation: Node is green, HTTP monitor is green. SSH -> curl to PublicIP2:PortN works. Pool is green. Virtual Server is green. No firewall is blocking the connections. However... the connection to PublicIP1:PortN does not work. BigIP does not have any IPs for eth0 and eth1 when I ifconfig, even though they should both have IPs (and they have Elastic IPs associated in AWS). The web UI just shows me interface 1.1, as uninitialized... :( I can provide any debugging information needed, just tell me where to get it since I'm obviously a BigIP newbie :)431Views0likes3CommentsSimple HTTP Load balancing setup not working
I'm working on a F5 Lab license, just trying to learn the basics of load balancing HTTP using the F5 web interface (I have not yet done anything with the CLI). I've setup two nodes, a pool that contains those two nodes, and a virtual server which uses the pool. I have an HTTP monitor on the pool, and it says that both nodes are working correctly on the F5 web interface. I also checked both web servers, and I can see the HTTP monitor connecting every few seconds (from the F5's management IP), so I know that the F5 monitor is in fact reaching out to those servers successfully. On both web servers, I have set the default gateway on the only network adapter to the F5's management IP. Just for the heck of it, I tried setting the default gateway to the virtual server's IP, too, but I switched it back to the management IP. I have tried with SNAT turned off and set to Auto Map, but I get the same results each time (site can't be reached). I've also tried playing around with the default persistence profile - set to none, or set to client-addr, and dest-addr. Same result each time - I cannot access the web servers through the load balancer. So, anything solutions that I've seen posted for people with similar problems do not seem to be working for me. I'm sure it's probably one configuration somewhere that I'm missing. Any help to identify what the problem might be would be much appreciated. Remember, I'm a newbie to F5! Thanks, -Scott369Views0likes1Commentbest file types to apply compression
when studying the web acceleration,I come to a point when someone said that there's certain types of files in which applying compression is useless such as videos and images,while others are very useful such as text and html. I want to know is this true and why368Views0likes5CommentsMove connections to another node via the API
I am very new to F5 and the API. I am looking for a way to move our Application's active sessions/connections from one node to another via the native API. I need to do this so I can shut down the node after all connections are moved over, so I can upgrade it. Is this possible? Thank you!253Views0likes0CommentsLoad balancing SMPP authentication with MRF and no iRules. Can it be done?
Hi DevCentral, I will be honest, I do not completely understand how SMPP works, and the full requirements, but of all the configurations required this is the one that's throwing me for a loop. The scenario is as follows; When an external client initiates a connection to the VS, they are required to authenticate to two servers located in two differing subnets. The LTMs must traverse other gateways to reach these subnets. The requirements are to allow the connecting client to authenticate to both servers and any subsequent messages are load balanced to either of the servers, and if possible persist to only one based on the client/source. If the server fails, the pool will reselect and direct the connection to the available member. If the authenticated session fails, or the client closes the connection, they will re-authenticate to both servers and then load balancing can take place as before. I have looked at an iRule example by Dev member NAT, and trying to understand it at the moment. Some of it I get but the majority still escapes me, and I'm currently watching a TCL crash course to try and understand further. Referencing this post, from Dev user Sam, showing the SMPP message flow, which seems similar to Diameter, and from this I have been looking at MRF to possibly circumvent the iRules, limiting the complexity for future modifications. I have not begun configuring the SMPP services as yet, focusing on other configurations required prior to undertaking this one which seems mentally as a challenge. The HA pair LTMs are currently running version 12.0.0 1.0.0.628. My questions are; Is it possible to undertake this task without using iRules? and if so, any suggestions/tips for the configuration? Based on the message flow, is MRF viable for this solution? If iRules are required for the requirements, can the iRule example (from above) be used to satisfy this requirement? I would appreciate any assistance regarding the above, and also, feel free to ask for any information which can hopefully aid in a resolution. Best regards, T331KViews0likes6Comments