What exactly does FastL4 profile do?
Customer have to load balance a webserver. Using default settings it takes more than 10 seconds to completely load the webpage. After using the FastL4 profile it takes only 3 seconds. So what does it do to speed this up? We tested also the Fasthttp profile but some objects in the webpage cannot be loaded. Is there any limitation for this profile? Thanks a lot.
Can LTM be used to configure Active and Passive Servers?
For a given vip is it possible to define pool of servers that are active and also some pool of members that passive. Basically this is what I want to do: 1. Define active pool of servers for a vip 2. Define passive pool of servers for a vip 3. When all the members in pool go down then make passive pool active Is it possible to do that in LTM? If it's possible then when one of the pool members (previously active) become active again does it switch it back?
Very Slow Application performance behind F5
We have one application that performs very poorly behind F5. There is a 9 second delay on the initial GET request going through the VIP. If we bypass the F5 to the servers directly there is no delay. Wireshark shows a lot of reassembled PDU's. I'm no guru with captures so I'm not sure what this means. Here is our setup: SSL Offloading VIP. one http pool with 2 members. TCP lan/wan Optimized profiles on VIP, with one connect profile. We are using SNAT We tried disabling Nagle's, no effect Tried enabling proxy max segment, no effect tried going thru F5 using HTTP only, no effect If we connect to the servers directly that 9 second initial delay vanishes. No packet loss on NIC's. Switch is set to 100MB Full as are F5 Nics. 2 HA LTM 3400 vers 10.0.1. We do have a case open with support but they have not been able to identify the issue within our TCP Dumps. Has anyone seen this type of delay only on the initial GET Request? Any tips on improving performance? Our other applications behind F5 don't have this delay. Thanks, Marctcpdump with route domains
Hi all, i try to set up a LTM with route domains and i'm looking for a tcpdump command where i can see pakets in route domain 1. If i do a tcpdump -i i can't see any pakets i'm interested in. Also when i do an ifconfig -a i do not see ip addresses from interfaces which are located in route domain 1. I only see the name of the VLAN which i set up in route domain 1 but whithout any IPv4 address. Can anyone give me a hint? THX regards KarstenExport GTM/DNS Configuration in CSV - tmsh cli script
Problem this snippet solves: This is a simple cli script used to collect all the WideIP, LB Method, Status, State, Pool Name, Pool LB, Pool Members, Pool Fall back, Last Resort pool info in CSV format. A sample output would be like below, One can customize the code to extract other fields available too. Check out my other codeshare of LTM report. Note: The codeshare may get multiple version, use the latest version alone. The reason to keep the other versions is for end users to understand & compare, thus helping them to modify to their own requirements. Hope it helps. How to use this snippet: Login to the GTM/DNS, create your script by running the below commands and paste the code provided in snippet, tmsh create cli script gtm-config-parser Delete the proc blocks, so it looks something like below, create script gtm-config-parser { ## PASTE THE CODE HERE ## } and paste the code provided in the snippet. Note: When you paste it, the indentation may be realigned, it shouldn't cause any errors, but the list output would show improperly aligned. Feel free to delete the tab spaces in the code snippet & paste it while creating, so indentation is aligned properly. And you can run the script like below, tmsh run cli script gtm-config-parser > /var/tmp/gtm-config-parser-output.csv And get the output from the saved file, open it on excel. Format it & use it for audit & reporting. cat /var/tmp/gtm-config-parser-output.csv Feel free to add more elements as per your requirements. For version 13.x & higher, there requires a small change in the code. Refer the comments section. Thanks to @azblaster Code : proc script::run {} { puts "WIP,LB-MODE,WIP-STATUS,WIP-STATE,POOL-NAME,POOL-LB,POOL-MEMBERS,POOL-FB,LASTRESORT-POOL" foreach { obj } [tmsh::get_config gtm wideip all-properties] { set wipname [tmsh::get_name $obj] set wippools [tmsh::get_field_value $obj pools] set lbmode [tmsh::get_field_value $obj "pool-lb-mode"] set lastresort [tmsh::get_field_value $obj "last-resort-pool"] foreach { status } [tmsh::get_status gtm wideip $wipname] { set wipstatus [tmsh::get_field_value $status "status.availability-state"] set wipstate [tmsh::get_field_value $status "status.enabled-state"] } foreach wippool $wippools { set pool_name [tmsh::get_name $wippool] set pool_configs [tmsh::get_config /gtm pool $pool_name all-properties] foreach pool_config $pool_configs { set pool_lb [tmsh::get_field_value $pool_config "load-balancing-mode"] set pool_fb [tmsh::get_field_value $pool_config "fallback-mode"] if { [catch { set member_name [tmsh::get_field_value $pool_config "members" ]} err] } { set pool_member $err } else { set pool_member "" set member_name [tmsh::get_field_value $pool_config "members"] foreach member $member_name { append pool_member "[lindex $member 1] " } } puts "$wipname,$lbmode,$wipstatus,$wipstate,$pool_name,$pool_lb,$pool_member,$pool_fb,$lastresort" } } } } Tested this on version: 11.6
Proxy MSS
We have a need due to branch router encryption to enable Proxy MSS on our LTM's. When this is enabled my understanding is that client MSS will be passed through so the server sends using client MSS size. No fragmentation which is good. My question is could there be any negitive impact enabling this feature (small packet DOS?). We are having a debate on if we should enable this everywhere or only on the VIPs impacted. My thought is that this is disabled for a reason but I wanted to get the communities take. I think we have a valid use case but not sure about enabling it everywhere. Thanks, Jim Moore
displaying ARP cache for non-default routing domain
Hi, I have multi-segment BigIP LTM deployed. Does any one have an idea how to display ARP cache for non-default routing domain ? Both "arp -an" from bash and "show /net arp" from TMSH display only entries associated with VLANs in default routing domain. thanks, Marek
F5 Big IP File Locations
In case anyone is looking for this informaiton /config/bigip_base.conf - The base configuration file is located here: /config/bigip_sys.conf - The system configuration file is located here: /config/bigip.conf - The LTM configuration file is located here: /config/bigip_local.conf - The (bigpipe) shell configuration file is located here: /config/bigip/auth/pam.d/ - User authentication configuration files are located in the relevant directory under: /var/local/ucs/ - User Configuration Set (UCS) files are located here: /usr/libdata/configsync/cs.dat - The file that controls what is included in a User Configuration Set (UCS) file is located here: /var/local/scf/ - Single Configuration Files (SCF) are located here: /etc/logrotate.conf - The logrotate (log rotation) configuration file is located here: /var/log/ /shared/log/ - The log files are located here: /config/bigip.license - The license file is located here: - this file should never be edited. A backup of this file is usually found here: /config/bigip.license.bak /tmp/keys.out - If you run the find_keys command it creates a file listing all license keys on the device here: /config/httpd/conf/ssl.key/server.key - The device's own SSL key is located here: /config/httpd/conf/ssl.crt/server.crt - The device's own SSL certificate is located here: /config/failover/active - Commands or scripts listed in this file: will be executed when the redundancy state becomes active. /config/failover/standby - Commands or scripts listed in this file: will be executed when the redundancy state becomes standby. /etc/cron.hourly/ /etc/cron.daily/ /etc/cron.weekly/ /cron.monthly/ /shared/snapshot/ - The default location for snapshot files is: /etc/alertd/alert.conf - default SNMP traps, this file should not be edited /config/user_alert.conf - user-defined SNMP traps /usr/share/snmp/mibs/ - F5 BigIP specific and non-F5 BigIP MIBs used to monitor and manage the platform can be found here in text format: They can also be found here in compressed tar format: /usr/local/www/docs/mibs/ /usr/local/www/tmui/tmui/skins/Default/images - Graphics files used within the web based management interface can be found here: . Note replacements will probably be lost during an upgrade. /config/net-snmp/snmp.conf /var/local/ucs - configuration backups location /shared/images - where .iso imagaes are located
