HTTP to HTTPS Location rewrite with custom port
Problem this snippet solves: The SSL port is assigned in the following line: lreplace $loc_list 2 2 [lindex [split [lindex $loc_list 2] ":"] 0]:80 change the ':80' to any required port to remove to remove any port assigned within the Location Header. How to use this snippet: Code : # Rewrites the HTTP Location header in a HTTP Reponse from HTTP to HTTPS and a none standard port to the end of the hostname # e.g. Location Header 'http://www.test.com/path1/path2/index.html' will be changed to 'https://www.test.com:80/path1/path2/index.html' when HTTP_RESPONSE { if {[string tolower [HTTP::header Location]] starts_with "http://" }{ #Splits the Location Header string into a list # e.g. http://www.test.com/path1/path2/index.html = 'http:', '', 'www.test.com', 'path1', 'path2', 'index.html' set loc_list [split [HTTP::header Location] "/"] # Replaces list location 0 (first item) with 'https:' # e.g. list item 0 = 'http:' and is replaced with 'https:' lreplace $loc_list 0 0 "https:" # Appended the port number to list location 2 (the FQDN), if a port is already defined this will replaced # e.g. list item 2 = 'www.test.com:897' is replaced with 'www.test.com:80' # e.g. list item 2 = 'www2.test.com' is replaced with 'www2.test.com:80' lreplace $loc_list 2 2 [lindex [split [lindex $loc_list 2] ":"] 0]:80 # List items are joined back together with '/' inserted and set at the new HTTP Location Header # e.g. list = 'https:', '', 'www.test.com:80', 'path1', 'path2', 'index.html' becomes 'https://www.test.com:80/path1/path2/index.html' HTTP::header replace Location [join $loc_list "/"] } } Tested this on version: 11.5
Cisco ACE to F5 BIG-IP
Problem this snippet solves: This script will convert Cisco ACE Configuration Files to F5 BIG-IP configuration. It is not intended to do a complete migration, but should help do the heavy lifting. How to use this snippet: The script dumps to stdout, to capture in a file, use: perl ace2f5.pl aceconfigfile > /var/tmp/bigipconf.txtCisco ACE to F5 BIG-IP via tmsh
Problem this snippet solves: This script will convert Cisco ACE Configuration Files to F5 BIG-IP configuration. It is not intended to do a complete migration, but should help do the heavy lifting How to use this snippet: The script dumps to stdout, to capture in a file, use: perl ace2tmsh_v1.2.pl aceconfigfile > /var/tmp/bigip-tmsh.conf
TCP payload persistence (convert Cisco ACE l4-payload stickiness)
Hi all, I'm currently transforming lots of Cisco ACE configurations to Big IPs running 11.6.0. On the ACE, there is a sticky method called "l4-payload" which can use a fixed offset and length setting in order to grab a specific portion of the TCP payload and generate a sticky entry based on that string (see http://www.cisco.com/c/en/us/td/docs/interfaces_modules/services_modules/ace/vA5_1_0/command/reference/ACE_cr/sticky.htmlwp1040212) For example, I have the following sticky setting on the ACE that I need to convert to bigIP: sticky layer4-payload my_l4_stickiness layer4-payload offset 30 length 20 serverfarm my_serverfarm timeout 1 replicate sticky Which approach would you suggest? I think, I will need a combined iRule and universal persistence in order to achieve the same on the BigIP. Has anybody built something like that already? Any help is appreciated. Thanks in advance! Regards Martin
CiscoACE to F5 Big IP LTM migration
Hi, I'm upgrading from Cisco ACE to BigIP LTM. My Cisco devices are in bridge mode, so I have to keep that config for LTM. With the BigIP LTM I have done all my tests using a separate partition (other than Common). In this partition I have a VLAN group with two members (external and internal) and bridging enabled. External and Internal interfaces are not tagged. Everything works as expected. Since I have few contexts in the Cisco ACE I have to create Partitions and RDs to match with the number of contexts. I have tagged the interfaces based on the tagging I already have on the network, and create a VLAN group for each Partition. The switch ports where LTM interfaces are connected are set for trunk mode (Cisco) with dot1q encapsulation since they have to support multiple VLAN. When I do this it creates a loop and STP blocks one the ports (either the one corresponding to the external or internal interface of the LTM). I've been looking through the manuals, and as well on questions on dev central but I did not find anything similar. Did anybody encountered this issue or if you know of any document, white-paper, Q and A that cover this scenario? Any input is greatly appreciated. ThanksVirtual Servers on Loopback Network
All, I am doing a conversion from Cisco ACE to F5, and the ACE is configured in such a way that the VIP network is defined as a loopback interface, so it doesn't exist as a real VLAN on the wire. The upstream router has a point-to-point routed link to the ACE and has a static route for the VIP network to go to the ACE's routed interface. I am trying to duplicate this configuration on F5, and I have successfully created a loopback interface and created virtual servers that are IP addresses on the loopback network. Are there any downsides or problems with doing it this way that I should be aware of? Thanks, Clay