R-Series Tenant - Need to change Vlan tag
I need to change all of the vlans on my LTM-tenant (15.1.10.4) - The changes are on the tag not the name - I need to keep the names the same and change the tag numbers. [ vlan Core 1978 to vlan Core 978 - about 13 vlans total ]. Put the tenant in provisioned mode. Started by deleting the vlan in the Host f5OS gui (removing the vlan from the LAG and the tenant - then deleting the vlan). Then created a new vlan with the same name and different tag. Then added the vlan to the LAG and tenant. Deployed the tenant. R-Series LAG and tenant setup looks perfect. Tenant still has the old vlan. Found instructions for this procedure which include deleting the vlan from the tenant - which results in the error -- Cannot delete Resource vlan - because Virtual Server references it -- or something like that... -Dave Mehlberg
BIG-IP : iControl : System/ConfigSync::download_configuration() : error opening file for read operations
BIG-IP 11.4.1 Build 608.0 Final VE I'm in .NET 4.5 C : using proxy classes generated from WSDL, I call into iControl API to retrieve BIG-IP system configuration : var systemConfigSync = new SystemConfigSync("bigip", "admin", "admin", 600000); long offset = 0; SystemConfigSyncFileTransferContext context = systemConfigSync.download_configuration("bigip", 131072, ref offset); throws exception : Exception caught in System::urn:iControl:System/ConfigSync::download_configuration() Exception: Common::OperationFailed primary_error_code : 16908289 (0x01020001) secondary_error_code : 0 error_string : Error opening file for read operations On v11.4.0 , this call successfully retrieved the system configuration ( bigip.conf ). However, on upgrading to 11.4.1 it began failing.
Basic Crontab setup
I can't seem to get my bigip to run a simple cron. Below is the script run config_sync_script.py !/usr/bin/python import os failover_status = os.popen("b failover show").read().split()[1] sync_status = os.popen('tmsh show sys config-sync | grep "Status"').read().split()[1] if failover_status == 'active' and sync_status == '1': os.system('tmsh run sys config-sync') config ls -la | grep config_sync_script.py -rwxr--r-- 1 root root 274 Aug 13 09:06 config_sync_script.py crontab -l Active] config crontab -l cron tab for root 1-59/30 * * * * /usr/bin/diskmonitor 18 9 * * * /config/config_sync_script.py The time just matches a time I was working on it. In monitoring the cron log nothing happens and the script never seems to run. What am I missing?
Simple balancing doesn't work
Good morning community, I have to configure, for my work, a F5 VE. So, I download F5 VE 13.1.4 in my lab @home and install it on VMWare to make practice and understand the F5 basics. What I did is configure internal and external network VPN and assign related IP. Then Pool/Nodes and a Virtual Server listening on port 5000. Everything looks good: From F5 I can reach both nodes, even with a simple telnet on port 5000. From external network I can reach external F5 interface. The problem is that F5 doesn't route connection to the pool. This is my network topology: As I wrote, external network can reach VSERVER at 10.3.0.100 on port 5000. Then from F5 I can reach nodes in the pool always on port 5000. The problem here is when from a client (external network) I try to connect to VSERVER, it seems the connection is ESTABLISHED for a while, but not forwarded to internal network. While I tried to establish a connection from a client from external network (10.3.0.128), this is what happen: 1 0.000000 10.3.0.128 → 10.3.0.100 TCP 70 61440 → 5000 [SYN] Seq=0 Win=64240 2 0.000219 10.3.0.100 → 10.3.0.128 TCP 66 5000 → 61440 [SYN, ACK] Seq=0 Ack=1 3 0.002661 10.3.0.128 → 10.3.0.100 TCP 58 61440 → 5000 [ACK] Seq=1 Ack=1 4 0.006505 10.3.0.128 → 10.2.0.129 TCP 66 61440 → 5000 [SYN] Seq=0 Win=4380 5 0.059742 10.3.0.128 → 10.3.0.100 IPA 115 unknown 0x30 6 0.059768 10.3.0.100 → 10.3.0.128 TCP 58 5000 → 61440 [ACK] Seq=1 Ack=58 7 3.003461 10.3.0.128 → 10.2.0.129 TCP 66 [TCP Retransmission] 61440 → 5000 [SYN] Seq=0 Win=4380 Len=0 MSS=1460 SACK_PERM=1 10 12.004963 10.3.0.100 → 10.3.0.128 TCP 113 5000 → 61440 [RST, ACK] Seq=1 Ack=58 11 12.004980 10.3.0.128 → 10.2.0.129 TCP 106 61440 → 5000 [RST, ACK] Seq=1 Ack=1 I'm getting crazy since configuration should be ok, could someone help me? Thank you very much, Lucas
VPN BIG-IP Edge client : difference between dynamic and static configuration ?
I have a VPN connection between a Windows client and a BIGIP v15. I am using BIGIP Edge client, with network access. According to this document : https://support.f5.com/csp/article/K24416258 "Edge client connects to the APM Virtual Server and downloads the configuration". 1. What are precisely the features downloaded ? 2. Does this mean that the msi file installed on Windows client provides static configuration ? 3. May the dynamic configuration (1.) overwrite the static configuration (2.) ?
How to best Create Big-IP lab on VE from Physical production configuration to test upgrade?
I'm in the process of upgrading our physical Big-IP LTMs and would like to import as much of the configuration as possible (while maintaining VE management configuration) into a virtual edition lab to perform a mock upgrade. I exported the SCF from the source physical and the VE for comparison. I found K81271448: Merging BIG-IP configuration objects into the running configuration using tmsh https://support.f5.com/csp/article/K81271448 So it looks like I could remove portions from physical source configuration file and massage the rest, and merge. I converted the vlans to use the last interface on the VE (and disconnected from the VM). But which parts of the config should I keep, and which should I remove prior to merging? I also read that a UCS configuration might be more appropriate to export and import. What is the best recommendation to migrate production Big-IP configuration to a VE lab to test an upgrade prior to actual upgrade?AAA for Big-IQ CLI/TMSH Login
Hi, I have tried to use AAA server for authentication and authorization Big-IQ web GUI login. I configured on Big-IQ web GUI and find out that it doesn't work to authenticate user who log in into TMSH/CLI. Is there separate configuration to authenticate user through AAA server for CLI/tmsh? Thank youHA reports tmm NOT ready
Can anyone shed some light on the following logs: I have a viprion with 2 blades. I can't configure the blades in HA Active Standby setup. Would setting up an HA with the 2 blades help eliminate this problem? I don't fully understand the deployment of our Viprion chasis having 2 blades. It has 2 F5 Big IP and all virtual servers created on the other doesn't reflect onto the other. I believe they are 2 complete different units? Not sure. Any replies would be appreciated. Thank you in advance.
