F5 r2800 HA standby box shows offline even the the network reachability fine
we have two r2800 serious F5 LTM/ASM in HA(Active standby) after power distrabution secondary box shows offline even the network rechablibity fine and it shows waiting for intial sync on device overiew sync option. Moreover none of the securtiy modules shows on GUI and all the security module service stopped while check in cli. tried to reboot again the secodary box and try to start the service in cli but no luck, could any one konw the soluction to fix the issue. please help to us to recover secondary box thanks..440Views0likes1CommentSNAT Error While Using Ansible to Create a VS in BigIP
I am trying to create a VS using Ansible playbook. It is able to create the virtual server but not able to set SNAT setting that i wanted (Automap), getting the following error fatal: [xxx.com]: FAILED! => {"changed": false, "failed": true, "msg": "received exception: Error on setting snat : Method not found: 'LocalLB.VirtualServer.LocalLB.VirtualServerPort.get_source_address_translation_type'"} Version details: Ansible: 2.3.0.0 python: 2.7.5 BigIP: 11.12.1 this is how my playbook looks name: Create virtual server bigip_virtual_server: server: xxx.com user: admin password: MYPASS state: present name: VS_NAME destination: DEST_IP port: 80 pool: POOL_NAME all_profiles: - tcp - http snat: Automap validate_certs: no Any support on this would be really appreciated. Thanks!599Views0likes5CommentsBad gateway error 502 on statistic pages
Hey Guys, We are getting this on one of our boxes. It only shows up in the statistics tabs in virtual servers and pools for now. I tried restarting the httpd and tomcat but nothing. This is the ltm log: tail -f /var/log/ltm Jul 18 11:52:51 hostname err tmm1[26088]: 01010221:3: Per-invocation log rate exceeded; throttling. Jul 18 11:52:51 hostname err tmm2[26088]: 01010221:3: Per-invocation log rate exceeded; throttling. Jul 18 11:52:51 hostname err tmm5[26088]: 01010221:3: Per-invocation log rate exceeded; throttling. Jul 18 11:52:51 hostname err tmm4[26088]: 01010221:3: Per-invocation log rate exceeded; throttling. Jul 18 11:52:51 hostname err tmm3[26088]: 01010221:3: Per-invocation log rate exceeded; throttling. Jul 18 11:52:52 hostname notice mcpd[7982]: 01070727:5: Pool /Common/tibco-preproduction_9257_pool member /Common/dx930:9257 monitor status up. [ /Common/tcp: up ] [ was down for 0hr:0min:28sec ] Jul 18 11:52:53 hostname notice mcpd[7982]: 01070727:5: Pool /Common/tibco-preproduction_9362_pool member /Common/dx930:9362 monitor status up. [ /Common/tcp: up ] [ was down for 0hr:0min:29sec ] Jul 18 11:52:57 hostname notice mcpd[7982]: 01070727:5: Pool /Common/tibco-preproduction_9059_pool member /Common/dx930:9059 monitor status up. [ /Common/tcp: up ] [ was down for 0hr:0min:28sec ] Jul 18 11:52:57 hostname notice logger: /usr/bin/syscalld ==> /usr/bin/bigstart restart tomcat Jul 18 11:53:08 hostname warning tmm5[26088]: 01260009:4: Connection error: hud_ssl_handler:1199: codec alert (20) Jul 18 11:53:24 hostname notice mcpd[7982]: 01070638:5: Pool /Common/arcsight-f5_tcp_514_pool member /Common/AS1285AUFAL02-Sec:515 monitor status down. [ /Common/tcp: down; last error: /Common/tcp: No successful responses received before deadline.; Could not connect. @2018/07/18 11:53:24. ] [ was up for 26hrs:43mins:27sec ] Jul 18 11:53:56 hostname notice mcpd[7982]: 01070727:5: Pool /Common/arcsight-f5_tcp_514_pool member /Common/AS1285AUFAL02-Sec:515 monitor status up. [ /Common/tcp: up ] [ was down for 0hr:0min:32sec ] Jul 18 11:54:56 hostname warning tmm5[26088]: 01260009:4: Connection error: ssl_passthru:4003: not SSL (40) Jul 18 11:55:28 hostname notice logger: /usr/bin/syscalld ==> /usr/bin/bigstart restart tomcat Also did the pcap on the mgmt and it was all clean. The version is 12.1.2 on the box and we see this both on active and standby boxes. So, what you think??. .Thanks.754Views0likes3CommentsVLAB LAMPv4 Just displays only 1 web page in esxi
Hi devs, I used these settings in the lamp network settings, the 10.1.62.241,42,43 so on become my pool members and show up, but the vs just shows the basic page in the browser. The only page showing up from the VS is this But all pool members show traffic when I see the stats on the bigip, but the mac address from all the nodes on the server side is just a single one. 10.1.62.240 10.1.62.240 00:0c:29:14:d5:1f /Common/internal 157 resolved 10.1.62.241 10.1.62.241 00:0c:29:14:d5:1f /Common/internal 158 resolved 10.1.62.242 10.1.62.242 00:0c:29:e6:a5:71 /Common/internal 18 resolved 10.1.62.243 10.1.62.243 00:0c:29:14:d5:1f /Common/internal 159 resolved 10.1.62.244 10.1.62.244 00:0c:29:14:d5:1f /Common/internal 168 resolved 10.1.62.246 10.1.62.246 00:0c:29:14:d5:1f /Common/internal 159 resolved 10.1.62.247 10.1.62.247 00:0c:29:14:d5:1f /Common/internal 162 resolved 10.1.62.248 10.1.62.248 00:0c:29:14:d5:1f /Common/internal 153 resolved I am thinking they all should show a different mac so that the content can show up properly, but where doI make that change?372Views0likes1CommentActive/Standby load balancing dynamically with LTM
I'm not sure if I'm using the right terminology, but some application folks want to set up identical web servers where they can test upgrades and changes to server A while maintaining production traffic to server B. LTM is currently directing traffic for the application using an iRule and matching URIs so it looks like: www.company.com/app1 -> App1_Pool -> Node1 & Node2 Is there something I can do to intelligently determine which node (or a different pool) this lands on without administrator intervention? Ideally something that they can trigger themselves when they are ready to upgrade their apps. www.company.com/app1 -> App1_Pool -> Node 1 (if active) or Node 2 (if active) I thought of them possibly disabling the site in IIS which would make the port monitor go down and stop traffic flow but they want to still access the app in a testing capacity so that likely won't work. Any help is appreciated, thanks!Solved614Views0likes8CommentsF5 jumbo MTU
We are building new datacenter and making all network switch run on MTU 9216 in short all my switches running on 10G with jumbo frames. Question: I am installing F5 Big-IP-LTM 10000 and created vPC trunk and i set max MTU size supported 9198 but does this means all Virtual server i am going to create will run on MTU 9198, is this going to create issue for any public users who is going to access my VIP or any internal datacenter web server who is running on MTU 1500 default?724Views0likes2CommentsHealth check on multiple ports
We have Galera mysql cluster which is running behind HAProxy load-balancer, we have migrating to haproxy to F5. Currently this is what i have in HAProxy Codebackend galera-back mode tcp balance leastconn timeout server 5000s stick store-request src stick-table type ip size 256k expire 30m option tcplog option httpchk HEAD / HTTP/1.0\r\nUser-agent:\ osa-haproxy-healthcheck server ostack-infra-02_galera_container-fa5d9e98 172.28.1.216:3306 check port 9200 inter 12000 rise 1 fall 1 server ostack-infra-03_galera_container-eaacd880 172.28.1.236:3306 check port 9200 inter 12000 rise 2 fall 2 backup server ostack-infra-01_galera_container-6c126d29 172.28.1.183:3306 check port 9200 inter 12000 rise 2 fall 2 backup 01, 02 & 03 node running in cluster and haproxy doing 3306 monitor along with 9200 monitor (9200 check if node is in SYNC or not) My requirement is how do i tell F5 monitor two port 3306 & 9200 and either one if fail take that node out from pool?537Views0likes1CommentCan't find SNMP email id configured on the bigip
Hey Guys, One of our email ids was added to f5 for snmp alerts, and the emails have a from id of root@hostname.local . We now need to remove this id and it should be easy, as the only file where we configure snmp alerts in /config/user_alerts.conf . In the file I can see other email ids but not this particular one, is there some other place where this can be configured. In the qkview I can see this particular email id in mcp_module.xml . Totally lost on where this id is the box, also there is not such thing as a group id or alias id. UPDATE-19 aug 2018 Is there some log I can check to see all the email id which were sent an email?298Views0likes7CommentsPersistence options for UDP Application
Hey Fellas, I scoured the forums to find some info on achieving persistence for udp applications. The VS I am using is standard, but the protocol profile is UDP with least conn - member as the load balancing algorithm. I applied the default universal persistence profile and this irule but could not see any persistence records using show ltm persistence persist-records virtual when CLIENT_ACCEPTED { set src_IP [IP::client_addr] if { [session lookup uie $src_IP] equals "" } { session add uie $src_IP [UDP::remote_port] 1800 log local0. "added client port [session lookup uie $src_IP] for client ip $src_IP " } else { log local0. "existing client port [session lookup uie $src_IP] for client ip $src_IP" } } Do I have to apply this irule to the VS or to the universal persistence profile itself? The profile also has an option to include an irule!581Views0likes2Commentsautomated Backup Scirpt
iam trying to taking automated backup and transfer it to a remote ftp server using running the script using the sh script.sh its runs perfectly fine and when trying to added the script in the crontab the ucs file is not transfered to the the remote server . here is the script iam using !/bin/bash today_ucs=" date "+%m_%d_%y" .ucs" today_config=" date "+%m_%d_%y" .txt" log_file=" date "+%m_%d_%y" .log" tmsh save /sys ucs /root/daily_backup/$today_ucs tmsh /show running-config one-line >$today_config HOST='x.x.x.x' USER=user PASSWORD=password ftp -inv $HOST << EOF 1>&2 >$log_file ascii quote USER $USER quote PASS $PASSWORD cd DIR put $today_ucs put $today_config bye EOF rm -rf $today_ucs rm -rf $today_config268Views0likes1Comment