R-Series Tenant - Need to change Vlan tag
I need to change all of the vlans on my LTM-tenant (15.1.10.4) - The changes are on the tag not the name - I need to keep the names the same and change the tag numbers. [ vlan Core 1978 to vlan Core 978 - about 13 vlans total ]. Put the tenant in provisioned mode. Started by deleting the vlan in the Host f5OS gui (removing the vlan from the LAG and the tenant - then deleting the vlan). Then created a new vlan with the same name and different tag. Then added the vlan to the LAG and tenant. Deployed the tenant. R-Series LAG and tenant setup looks perfect. Tenant still has the old vlan. Found instructions for this procedure which include deleting the vlan from the tenant - which results in the error -- Cannot delete Resource vlan - because Virtual Server references it -- or something like that... -Dave MehlbergSolved129Views0likes8CommentsBIG-IP : iControl : System/ConfigSync::download_configuration() : error opening file for read operations
BIG-IP 11.4.1 Build 608.0 Final VE I'm in .NET 4.5 C : using proxy classes generated from WSDL, I call into iControl API to retrieve BIG-IP system configuration : var systemConfigSync = new SystemConfigSync("bigip", "admin", "admin", 600000); long offset = 0; SystemConfigSyncFileTransferContext context = systemConfigSync.download_configuration("bigip", 131072, ref offset); throws exception : Exception caught in System::urn:iControl:System/ConfigSync::download_configuration() Exception: Common::OperationFailed primary_error_code : 16908289 (0x01020001) secondary_error_code : 0 error_string : Error opening file for read operations On v11.4.0 , this call successfully retrieved the system configuration ( bigip.conf ). However, on upgrading to 11.4.1 it began failing.334Views0likes1CommentBasic Crontab setup
I can't seem to get my bigip to run a simple cron. Below is the script run config_sync_script.py !/usr/bin/python import os failover_status = os.popen("b failover show").read().split()[1] sync_status = os.popen('tmsh show sys config-sync | grep "Status"').read().split()[1] if failover_status == 'active' and sync_status == '1': os.system('tmsh run sys config-sync') config ls -la | grep config_sync_script.py -rwxr--r-- 1 root root 274 Aug 13 09:06 config_sync_script.py crontab -l Active] config crontab -l cron tab for root 1-59/30 * * * * /usr/bin/diskmonitor 18 9 * * * /config/config_sync_script.py The time just matches a time I was working on it. In monitoring the cron log nothing happens and the script never seems to run. What am I missing?427Views0likes3CommentsLooking for Setup Advice
Hello, I am looking for some advise for setting up a F5 Big-IP that can accomplish the following things. I only have one public IP address but will be hosting muliple services. I am looking at setting up one VIP that's open to public with ports that are required then when hitting FQDN that it redirects to VIP that is hosting service. Example mysite1.domain.com goes to VIP 10.10.10.100, mysite2.domain.com goes to VIP 10.10.10.110, so on. Is this done by iRule, reverse proxy, or policy. What's the best pratice for setting something up like this. Thanks in advance for the help.Solved1.5KViews0likes8CommentsSimple balancing doesn't work
Good morning community, I have to configure, for my work, a F5 VE. So, I download F5 VE 13.1.4 in my lab @home and install it on VMWare to make practice and understand the F5 basics. What I did is configure internal and external network VPN and assign related IP. Then Pool/Nodes and a Virtual Server listening on port 5000. Everything looks good: From F5 I can reach both nodes, even with a simple telnet on port 5000. From external network I can reach external F5 interface. The problem is that F5 doesn't route connection to the pool. This is my network topology: As I wrote, external network can reach VSERVER at 10.3.0.100 on port 5000. Then from F5 I can reach nodes in the pool always on port 5000. The problem here is when from a client (external network) I try to connect to VSERVER, it seems the connection is ESTABLISHED for a while, but not forwarded to internal network. While I tried to establish a connection from a client from external network (10.3.0.128), this is what happen: 1 0.000000 10.3.0.128 → 10.3.0.100 TCP 70 61440 → 5000 [SYN] Seq=0 Win=64240 2 0.000219 10.3.0.100 → 10.3.0.128 TCP 66 5000 → 61440 [SYN, ACK] Seq=0 Ack=1 3 0.002661 10.3.0.128 → 10.3.0.100 TCP 58 61440 → 5000 [ACK] Seq=1 Ack=1 4 0.006505 10.3.0.128 → 10.2.0.129 TCP 66 61440 → 5000 [SYN] Seq=0 Win=4380 5 0.059742 10.3.0.128 → 10.3.0.100 IPA 115 unknown 0x30 6 0.059768 10.3.0.100 → 10.3.0.128 TCP 58 5000 → 61440 [ACK] Seq=1 Ack=58 7 3.003461 10.3.0.128 → 10.2.0.129 TCP 66 [TCP Retransmission] 61440 → 5000 [SYN] Seq=0 Win=4380 Len=0 MSS=1460 SACK_PERM=1 10 12.004963 10.3.0.100 → 10.3.0.128 TCP 113 5000 → 61440 [RST, ACK] Seq=1 Ack=58 11 12.004980 10.3.0.128 → 10.2.0.129 TCP 106 61440 → 5000 [RST, ACK] Seq=1 Ack=1 I'm getting crazy since configuration should be ok, could someone help me? Thank you very much, LucasSolved1.2KViews0likes2CommentsVPN BIG-IP Edge client : difference between dynamic and static configuration ?
I have a VPN connection between a Windows client and a BIGIP v15. I am using BIGIP Edge client, with network access. According to this document : https://support.f5.com/csp/article/K24416258 "Edge client connects to the APM Virtual Server and downloads the configuration". 1. What are precisely the features downloaded ? 2. Does this mean that the msi file installed on Windows client provides static configuration ? 3. May the dynamic configuration (1.) overwrite the static configuration (2.) ?406Views0likes0CommentsASM Guided Configuration not working
Hello, I want to test the AWAF with guided configuration. yesterday with version 14.1.2.1 I had always error 403 when i click on the menue, today i made a update to 14.1.2.2, now i get a 404 could someone point me where to search for the error? thanks Karl760Views0likes8CommentsHow to best Create Big-IP lab on VE from Physical production configuration to test upgrade?
I'm in the process of upgrading our physical Big-IP LTMs and would like to import as much of the configuration as possible (while maintaining VE management configuration) into a virtual edition lab to perform a mock upgrade. I exported the SCF from the source physical and the VE for comparison. I found K81271448: Merging BIG-IP configuration objects into the running configuration using tmsh https://support.f5.com/csp/article/K81271448 So it looks like I could remove portions from physical source configuration file and massage the rest, and merge. I converted the vlans to use the last interface on the VE (and disconnected from the VM). But which parts of the config should I keep, and which should I remove prior to merging? I also read that a UCS configuration might be more appropriate to export and import. What is the best recommendation to migrate production Big-IP configuration to a VE lab to test an upgrade prior to actual upgrade?421Views0likes2CommentsAAA for Big-IQ CLI/TMSH Login
Hi, I have tried to use AAA server for authentication and authorization Big-IQ web GUI login. I configured on Big-IQ web GUI and find out that it doesn't work to authenticate user who log in into TMSH/CLI. Is there separate configuration to authenticate user through AAA server for CLI/tmsh? Thank you819Views0likes1Comment