config
4032 TopicsWhat exactly does FastL4 profile do?
Customer have to load balance a webserver. Using default settings it takes more than 10 seconds to completely load the webpage. After using the FastL4 profile it takes only 3 seconds. So what does it do to speed this up? We tested also the Fasthttp profile but some objects in the webpage cannot be loaded. Is there any limitation for this profile? Thanks a lot.5KViews0likes14CommentsCan LTM be used to configure Active and Passive Servers?
For a given vip is it possible to define pool of servers that are active and also some pool of members that passive. Basically this is what I want to do: 1. Define active pool of servers for a vip 2. Define passive pool of servers for a vip 3. When all the members in pool go down then make passive pool active Is it possible to do that in LTM? If it's possible then when one of the pool members (previously active) become active again does it switch it back?4.6KViews0likes46Commentstcpdump with route domains
Hi all, i try to set up a LTM with route domains and i'm looking for a tcpdump command where i can see pakets in route domain 1. If i do a tcpdump -i i can't see any pakets i'm interested in. Also when i do an ifconfig -a i do not see ip addresses from interfaces which are located in route domain 1. I only see the name of the VLAN which i set up in route domain 1 but whithout any IPv4 address. Can anyone give me a hint? THX regards Karsten3.8KViews0likes9CommentsVery Slow Application performance behind F5
We have one application that performs very poorly behind F5. There is a 9 second delay on the initial GET request going through the VIP. If we bypass the F5 to the servers directly there is no delay. Wireshark shows a lot of reassembled PDU's. I'm no guru with captures so I'm not sure what this means. Here is our setup: SSL Offloading VIP. one http pool with 2 members. TCP lan/wan Optimized profiles on VIP, with one connect profile. We are using SNAT We tried disabling Nagle's, no effect Tried enabling proxy max segment, no effect tried going thru F5 using HTTP only, no effect If we connect to the servers directly that 9 second initial delay vanishes. No packet loss on NIC's. Switch is set to 100MB Full as are F5 Nics. 2 HA LTM 3400 vers 10.0.1. We do have a case open with support but they have not been able to identify the issue within our TCP Dumps. Has anyone seen this type of delay only on the initial GET Request? Any tips on improving performance? Our other applications behind F5 don't have this delay. Thanks, Marc3.7KViews0likes27CommentsProxy MSS
We have a need due to branch router encryption to enable Proxy MSS on our LTM's. When this is enabled my understanding is that client MSS will be passed through so the server sends using client MSS size. No fragmentation which is good. My question is could there be any negitive impact enabling this feature (small packet DOS?). We are having a debate on if we should enable this everywhere or only on the VIPs impacted. My thought is that this is disabled for a reason but I wanted to get the communities take. I think we have a valid use case but not sure about enabling it everywhere. Thanks, Jim Moore3.4KViews0likes6Commentsdisplaying ARP cache for non-default routing domain
Hi, I have multi-segment BigIP LTM deployed. Does any one have an idea how to display ARP cache for non-default routing domain ? Both "arp -an" from bash and "show /net arp" from TMSH display only entries associated with VLANs in default routing domain. thanks, Marek3.4KViews0likes5CommentsF5 Big IP File Locations
In case anyone is looking for this informaiton /config/bigip_base.conf - The base configuration file is located here: /config/bigip_sys.conf - The system configuration file is located here: /config/bigip.conf - The LTM configuration file is located here: /config/bigip_local.conf - The (bigpipe) shell configuration file is located here: /config/bigip/auth/pam.d/ - User authentication configuration files are located in the relevant directory under: /var/local/ucs/ - User Configuration Set (UCS) files are located here: /usr/libdata/configsync/cs.dat - The file that controls what is included in a User Configuration Set (UCS) file is located here: /var/local/scf/ - Single Configuration Files (SCF) are located here: /etc/logrotate.conf - The logrotate (log rotation) configuration file is located here: /var/log/ /shared/log/ - The log files are located here: /config/bigip.license - The license file is located here: - this file should never be edited. A backup of this file is usually found here: /config/bigip.license.bak /tmp/keys.out - If you run the find_keys command it creates a file listing all license keys on the device here: /config/httpd/conf/ssl.key/server.key - The device's own SSL key is located here: /config/httpd/conf/ssl.crt/server.crt - The device's own SSL certificate is located here: /config/failover/active - Commands or scripts listed in this file: will be executed when the redundancy state becomes active. /config/failover/standby - Commands or scripts listed in this file: will be executed when the redundancy state becomes standby. /etc/cron.hourly/ /etc/cron.daily/ /etc/cron.weekly/ /cron.monthly/ /shared/snapshot/ - The default location for snapshot files is: /etc/alertd/alert.conf - default SNMP traps, this file should not be edited /config/user_alert.conf - user-defined SNMP traps /usr/share/snmp/mibs/ - F5 BigIP specific and non-F5 BigIP MIBs used to monitor and manage the platform can be found here in text format: They can also be found here in compressed tar format: /usr/local/www/docs/mibs/ /usr/local/www/tmui/tmui/skins/Default/images - Graphics files used within the web based management interface can be found here: . Note replacements will probably be lost during an upgrade. /config/net-snmp/snmp.conf /var/local/ucs - configuration backups location /shared/images - where .iso imagaes are located3.2KViews0likes14CommentsSMTP Load Balancing and Routing
I have two SMTP mail servers. I need to load balance them for an internal network, so that they may both send SMTP outbound. However, due to some application restrictions, I only want inbound SMTP to be sent to one of them. I want to configure my F5 with two SMTP mail servers and a virtual server to be used for load-balancing from the internal network. Ideally, all SMTP services would be on its own VLAN. Mail coming from either of the mail servers would be NATted to an address on the external vlan. From the external vlan (public internet) incoming SMTP connections would be sent to only one of the mail servers. Has anyone implemented a similar configuration? Don2.8KViews0likes8Comments