AAM: how to cache home page? (when path = /)
I'm trying to figure out how to cache pages if the request doesn't contain a file name (e.g. http://www.domain.com/)..) I assumed that the MIME-type of the Object Type (under Policies) would classify HTML-pages as such, but it looks like this doesn't cover requests without a matching file extension. What am I missing?
Squid forward caching proxy server conflicting with Load Balancer; images, JS, CSS not rendering in application
Have an interesting one here that I hope others can help unravel. A user tells me that the website application, which sits behind an F5 LB, is not rendering properly: E.g.: is missing images, stylesheets, javascript files, and the like. And it's not just this user but a colleague at his workplace has the same issue and seemingly others in the company also can reproduce this issue. I will say that this client (as in the company) is the only one who has reported such an issue. No other companies who use the application are reporting pages not rendering content properly. He had tried testing with a work laptop, work phone, personal phone, over the company network, cellular network, and home network and using multiple browsers. It was consistent across multiple browsers. I asked him to clear cache and cookies and that did not help. Here are the results of his testing: Work laptop on home network: Pass. Work laptop on company network : Fail. Work laptop at their customer's location (possibly connected to customer's network): Fail Work phone on company network: Fail. Work phone on cellular network (Verizon)*: Fail. Personal phone on cellular network (AT&T)*: Pass. Work colleague of user laptop connected to said colleague's phone configured as hotspot (Sprint) (not sure if devices are work or personal)**: **This was conducted while on company premises. It didn't seem to matter what browser was employed. I didn't get a report that it worked in one browser but not another, for instance. To make a long story short, I asked him to send me a fiddler log and the logs showed something that I cannot reproduce on my end. The Fiddler log shows the page loaded with HTTP 200 but the content on the page (i.e. JavaScript files, stylesheets, images) show HTTP 304. In the response headers, under Transport, for all requests, I see Connection: close and Via: 1.1 {unique ID} (squid/3.5.23) (The unique ID is some kind of specific value. It might be sensitive information so I decided to not include it in this post). For , the response header Cache shows: X-Cache: MISS from {unique ID} X-Cache-Lookup: HIT from {unique ID}:{Port number} For , the response header Cache shows: X-Cache: HIT from {unique ID} X-Cache-Lookup: HIT from {unique ID}:{Port number} I don't recall seeing anything like this before. It looks to be Squid, a caching and forward proxy server, that is sitting in front of the client and making requests to the LB. Since this company is the only one who has reported this issue and I cannot reproduce it on my end, it's probably safe to say that either this company is running Squid, their ISP is running Squid, or even both. I pressed the user to inquire with the company's IT if they are running any proxies and the answer was no. It's certainly possible the company's IT could be mistaken. Today, the user says that he came into his office and everything is working now. He tried Firefox, IE, wireless network, cellular network and does not understand why it's working. The likely possibilities I can think of as to what and why is: Squid cache was flushed, which means this problem may return in the future. Squid was not configured properly by company's IT/ISP and now it is, thus resolving the issue. Squid was taken offline and the client is connecting directly to the LB now. What I am very concerned about is what happens if the company reports the same issue or maybe another company who is running Squid or some other forward caching/proxy server reports the same issue? I really don't know if this is something where I have to tell the user that this is not our problem, this is your IT infrastructure and/or your local ISP's problem. In other words, whether the Squid server is configured properly or not, is this something where the LB needs to be configured such that it works around the problem? Does that make sense? If there is a configuration change that I need to enact on the LB, what are these changes and what are step-by-step instructions? I'm sorry for the long-winded explanation but I'm trying to be detailed and thorough with this. Thank you very much.dns transparent cache as authoritative?
Hello, I have inherited an f5 pair that is (in theory) an authoritative-only name server. it has a pool of three dns servers it passes queries to. The first lookup using the f5 as the dns server has the authoritative bit set. However, subsequent queries (cache hit) do not, until the ttl time has elapsed. In other words, it acts as a standard dns caching server that sets authoritative when it has to query an authoritative server for an answer. Is there a way to set up the F5 with this configuration to always answer authoritative? bigip version 15.1.0.5 udp listener with dns profile name: "authoritative_dns" authoritative_dns profile set: parent == dns dns express enabled dns cache enabled: set to "authoritative_cache" authoritative_cache set: resolver type: transparent (NONE)
TLS Session resumption (caching) - NO
Hi, My SSL profile keeps giving me this orange warning on SSLLABS: TLS Session resumption (caching) No (IDs assigned but not accepted) I've did my research, and it was known to give this when more SSL profiles are used under on VS - this is not the case with me. I have Cache size set to default 262144 sessions with 7200 seconds timeout (lowering the numbers did not do the trick). My ciphers are: !LOW:!SSLv2:!SSLv3:!MD5:!RC4+SHA:!EXPORT:!DHE:ECDHE+AES:AES+SHA+RSA:@STRENGTH but I don't really believe it's the ciphers fault (though I have read similar problem was with TLS1.2 on windows server, and a rollback to TLS1.1 fixed the issue). Any ideas or experience with this? Or should I now worry (though my client is a bit picky, and anything less than green on SSLLABS is a problem...)
Big IP LTM 11.6 caching support
Dear All, I am wondering what kind to caching functionality LTM provides without additional licenses like WA. Within the virtual server configuration I can select a certain Web Acceleration Profile like optimized-caching. Is this function supported within the LTM? What kind of caching functionality does the LTM provide? Best regards, Marvin
F5 Friday: In the NOC at Interop
#interop #fasterapp #adcfw #ipv6 Behind the scenes in the Interop network Interop Las Vegas expects somewhere in the realm of 10,000+ attendees this year. Most of them will no doubt be carrying smart phones, many tablets, and of course the old standby, the laptop. Nearly every one will want access to some service – inside or out. The Interop network provides that access – and more. F5 solutions will provide IT services, including IPv4–IPv6 translation, firewall, SSL VPN, and web optimization technologies, for the Network Operations Center (NOC) at Interop. The Interop 2012 network is comprised of the show floor Network Operations Center (NOC), and three co-location sites: Colorado (DEN), California (SFO), and New Jersey(EWR). The NOC moves with the show to its 4 venues: Las Vegas, Tokyo, Mumbai, and New York. F5 has taken a hybrid application delivery network architectural approach – leveraging both physical devices (in the NOC) and virtual equivalents (in the Denver DC). Both physical and virtual instances of F5 solutions are managed via a BIG-IP Enterprise Manager 4000, providing operational consistency across the various application delivery services provided: DNS, SMTP, NTP, global traffic management (GSLB), remote access via SSL VPNs, local caching of conference materials, and data center firewall services in the NOC DMZ. Because the Interop network is supporting both IPv6 and IPv4, F5 is also providing NAT64 and DNS64 services. NAT64: Network address translation is performed between IPv6 and IPv4 on the Interop network, to allow IPv6-only clients and servers to communicate with hosts on IPv4-only networks DNS64: IPv6-to-IPv4 DNS translations are also performed by these BIG-IPs, allowing A records originating from IPv4-only DNS servers to be converted into AAAA records for IPv6 clients. F5 is also providing SNMP, SYSLOG, and NETFLOW services to vendors at the show for live demonstrations. This is accomplished by cloning the incoming traffic and replicating it out through the network. At the network layer, such functionality is often implemented by simply mirroring ports. While this is sometimes necessary, it does not necessarily provide the level of granularity (and thus control) required. Mirrored traffic does not distinguish between SNMP and SMTP, for example, unless specifically configured to do so. While cloning via an F5 solution can be configured to act in a manner consistent with port mirroring, cloning via F5 also allows intermediary devices to intelligently replicate traffic based on information gleaned from deep content inspection (DCI). For example, traffic can be cloned to a specific pool of devices based on the URI, or client IP address or client device type or destination IP. Virtually any contextual data can be used to determine whether or not to clone traffic. You can poke around with more detail and photos and network diagrams at F5’s microsite supporting its Interop network services. Dashboards are available, documentation, pictures, and more information in general on the network and F5 services supporting the show. And of course if you’re going to be at Interop, stop by the booth and say “hi”! I’ll keep the light on for ya… F5 Interopportunities at Interop 2012 F5 Secures and Optimizes Application and Network Services for the Interop 2012 Las Vegas Network Operations Center When Big Data Meets Cloud Meets Infrastructure Mobile versus Mobile: 867-5309 Why Layer 7 Load Balancing Doesn’t Suck BYOD–The Hottest Trend or Just the Hottest Term What Does Mobile Mean, Anyway? Mobile versus Mobile: An Identity Crisis The Three Axioms of Application Delivery Don’t Let Automation Water Down Your Data Center The Four V’s of Big DataWriting URI for caching in regex
Hello everyone. Happy new year. In the web acceleration profile we want to use caching wit a URI list. We want to match these URIs: /appsuite/api/apps/load/* /appsuite/v=* So i've put this in the Include List: \/appsuite\/api\/apps\/load\/.+ \/appsuite\/v=.+ It does not work. I'm not an expert with regex and I don't have an equipment for testing. Could you help me to write it right or give me a link to a regex writing book for Big-IP ? Thanks
LTM Web Acceleration Profile Configuration
My organization and I are new to BIG-IP. Everything has been working quite well, but I do have a question about Web Acceleration profiles. For LTM, the iApps I have used so far create one by default. This seemed to be working satisfactorily, until the programmers began complaining about it. The previous load balancer my company used apparently did not do anything like F5's Web Acceleration profiles do, so the old ADC wasn't caching any items in that regard. I got with the programmers and told them we can clear the cache when we make changes, we can reduce the maximum age, and we can limit what items are cached, but they don't like that either. They want the LTM to recognize a document has changed without any cache clearing or anything like that. They want to be able to make changes to web pages (including to items the Web Acceleration profiles caches) and have all machines see those changes instantly and automatically. Of course, this obviously needs to happen, and the web pages we serve up change often, but the only way I see of doing that is clearing the cache on the Web Acceleration profile. Is there a provision for the LTM to check the web server for items to get their last modified dates so that if an item is changed the new version will be served up automagically instead of the old version? Do Web Acceleration profiles provide enough improvement to justify their use in a medium sized environment? What do other companies regularly do?When using APM with an LDAP AAA server, are results cached?
I'm making extensive use of this sort of test: [mcget {session.ldap.last.attr.memberOf}] contains "My_Groupname" I was previously using Active Directory authentication and queries rather than LDAP, but changing to LDAP has cut down the login wait from up to 15 seconds down to several seconds. I'm almost certain that the APM is caching the membership results, however, because I make changes on the domain controller and the changes are not reflected on the BigIP - it seems to be using stale results. Any suggestions on the expected behavior, and how to change it? I know I can mix and and match AD and LDAP authentication and queries if necessary, and AD was also caching but didn't seem to be as long when I set it to 0 days, and I could manually clear that cache for testing purposes.
Caching on F5
All, I'm trying to enable caching on the F5. My F5's are running v12.1.2(HA) and load balancing apache servers. Caching is enabled on these servers . But F5 seems to be forcing it off. When i go to the Application directly from the server, i'm seeing all static content like images, css files are showing as 'from servercache'. when i go to application through F5, i can see content is downloaded taking some time. How can i enable caching to avoid this. I applied a webacceleration profile to the VIP but ramcache list showing 0 records. Any help is appreciated. Thanks
