bigip
13 TopicsWhat is the best practice to deploy single Tenant in F5 rseries?
Hi, we are going to deploy new rseries 5k with single Tenant. What is the best practice to setup? I plan to setup like below, can someone please advise whether it is correct or not? And I have question on auto disk space and memory allocation. Thanks in advance! Allocate all the disk space to this large single tenant Allocate all the memory to this single tenant within the tenant, set "Large" to "Mgmt" module for the rest modules: LTM, GTM , ASM , set "Normal" under Resource Provisioning". Seems the system automatically allocate disk space and memory to each module. Based on the amount of disk space and memory allocated to these modules, seems there are still a lot spare diskspace and memory. Will these modules automatically share the rest spare diskspace and memory when necessary?18Views0likes1CommentUpgrade F5 BIGIP
Dear Team, I hope you all doing well. Kindly note that i want to upgrade my bigip tenant from 17.1.1.3 Build 0.70.5 to new 17.1.2 and when i try to download the software there are several options. 17.1.2 17.1.2_Tenant_F5OS and i want to know what are the difference between these two ? Just to let you know my setup is like this rSeries2600--->F5OS----->BIGIP. can you please clearly let me know which one shall i follow ?and what are the use cases ? is both ways valid for my setup ? Please find the attached the picture and also the URL below. appreciate your support. Regards,Solved172Views0likes11CommentsHow are memory and disk allocated to different modules on bigip appliance?
hi, when doing "Resource Provisioning", the memory and disk space are auto allocated to LTM and ASM are shown as below. The amount of Memory and disk is minimum requirement, right? When a huge number of virtual server will be created later, will appliance auto allocate more spare memory and disk to the module? And what is he management module responsible for? Is it responsible for packet forwarding? should we set "Provisioning" to "Medium" or "Large" if the throughput is larger than 1Gbps? Can someone please advise? thanks in advance!65Views0likes7Commentssome questions on device Trust Certificate?
hi, I have two questions on device trust certificates (client cert). why there are duplicate certificates on Device Trust Certificate list? I saw duplicate gtm device certificates in LTM devices. is it true that only gtm device certificate is sent to ltm device, and reverse "no" -- no ltm device certificate in gtm Device Trust Certificate list? I checked out gtm and ltm devices for our different regions, no ltm device certificate is on any gtm Device Trust Certificate list. Can someone please help advise, thanks in advance!Solved51Views0likes5CommentsFallback local account works when remote auth server is UP
I have remote authentication configured and have created a fallback local account. My goal for local fallback account is twofold: WORK when remote auth server is DOWN NOT WORK when remote auth server is UP The first case works fine but I notice that local account works even when remote auth server is UP, which is not pure fallback. How can I achieve that ? I have followed K67025432 (Configuring remote authentication fallback on BIG-IP systems) fallback is configured as follows: auth source { description none fallback true type tacacs } Local account: auth user emergency { description "remote authentication fallback account" encrypted-password $6$ogpR9DMV$ImG9kaaaaaaaaaaaaJ4POotYfu4j6B5HjmJMLD6TYpdVRaNhJICke/ partition Common partition-access { all-partitions { role admin } } session-limit -1 shell bash } My goal is use case in line 3:21Views0likes0CommentsMAC address of deleted VS IP address still responsive
Hello, We're decommissioning a very old pair of BIG-IP 3900 appliances running 12.1.2 b0.0.249, and faced with an issue that once the VS was deleted the IP is still responsive to ping, and according to arp table, the MAC is bound to the SelfIP on the standby unit. I found K11091 which mentions a workaround although it's related to the situation when the SelfIP is deleted. Any hints would be greatly appreciated. Thank you.59Views0likes2CommentsRenew BIG-IP device SSL certificate
hello Team, I am going to renew our BIG-IP device SSL certificate, but this time we have GTM so we also need to update the GTM side. This is what I am planning Renew the BIG-IP device SSL certificate via cli on config/httpd/conf/ssl.crt/server.crt Restart the httpd service I am planning to update the GTM via GUI DNS -> GSLB -> Servers -> Trusted Server certificates -> Import -> Append -> paste the new cert Restart the big3d and gtm service Question is, is this correct way? also will this also update my cert on big3d (/config/big3d/client.crt)? If not, do I need to update the cert on big3d? Thank you!99Views0likes2CommentsUpgrading BIGIP 2000S to R2600
Hi, I have a pair of BIGIP 2000 licensed with LTM and need to upgrade the hardware to R2600. I have some backend nodes pointing to F5 as their gateways. 2000 appliances run code v15.1. Will it be doable to archive CSF file of old F5s, edit some names related to 2000s like hostname and license with new names of 2600s, load the file on new F5s? I'm thinking to use different mgmt IP but keep all other configuration of VS, Vlans, IPs as they are. Also, what about license and certificate files? Thank you!68Views0likes2CommentsTelemetry Streaming: getting HTTP statistics via SNMP
Hi F5 community, I am looking to get HTTP statistics (total count, and broken by response code) metrics from Telemetry Streaming via SNMP (seems to be the most viable option). F5-BIGIP-LOCAL-MIB::ltmHttpProfileStat oid: .1.3.6.1.4.1.3375.2.2.6.7.6 However, the stats don't seem to come out correct at all: I do see deltas happening, but they don't match at all the traffic rate I expect to see. Furthermore, I have done some tests where I would start a load testing tool (vegeta) to fire concurrent HTTP requests, for which I do see the logs from the virtual server, but no matching increment in the above SNMP OID entries on none of the profiles configured. What am I doing wrong? does something need to be enabled on the HTTP profile in use to collect those stats? Best, Owayss50Views0likes0Comments