content
5 TopicsContent Switching Load Balancing issue
Hi all, I have an issue with our test setup from where we will build the production configuration. I hope someone can help. The setup is as following: Client >> Virtual (SSL offload) iRule with Datagroup that maps request host to Virtual Virtual >> Round Robin Pool with 2 members on port 80 I created the first virtual to offload all SSL for the sake of managebility because i need to host 300+ sites on their own virtuals to be able to serve different maintenance pages and profiles. Using an iRule and a datagroup i'm able to direct requests to a virtual matching the host header in the client request: Code when HTTP_REQUEST { if { [class match [string tolower [HTTP::host]] equals domain_map_ot] } { virtual [class match -value [string tolower [HTTP::host]] equals domain_map_ot] } That works fine and traffic arrives at the second virtual server. BUT...... The pool attached to the second virtual is setup with Round Robin. But balancing goes wrong and maybe 20 request go to the first, 1 to the second, 30 request to the first, 3 to the second... and so on (estimated numbers). The only way to get is to work as expected (Round Robin), is attaching a OneConnect profile to the second virtual. But there's where i don't get it anymore. Why would i need this and why doen't it work without the OneConnect profile ?268Views0likes1CommentContent Switching Load Balancing issue
Hi all, I have an issue with our test setup from where we will build the production configuration. I hope someone can help. The setup is as following: Client >> Virtual (SSL offload) iRule with Datagroup that maps request host to Virtual Virtual >> Round Robin Pool with 2 members on port 80 I created the first virtual to offload all SSL for the sake of managebility because i need to host 300+ sites on their own virtuals to be able to serve different maintenance pages and profiles. Using an iRule and a datagroup i'm able to direct requests to a virtual matching the host header in the client request: Code when HTTP_REQUEST { if { [class match [string tolower [HTTP::host]] equals domain_map_ot] } { virtual [class match -value [string tolower [HTTP::host]] equals domain_map_ot] } That works fine and traffic arrives at the second virtual server. BUT...... The pool attached to the second virtual is setup with Round Robin. But balancing goes wrong and maybe 20 request go to the first, 1 to the second, 30 request to the first, 3 to the second... and so on (estimated numbers). The only way to get is to work as expected (Round Robin), is attaching a OneConnect profile to the second virtual. But there's where i don't get it anymore. Why would i need this and why doen't it work without the OneConnect profile ?221Views0likes0CommentsHow to validate receive string and set multiple send string
For one of the VIP below is the HTTP Send String I configured. GET /portal/portaladmin/healthCheck HTTP/1.1\r\nHost: TEST.TEST.Ca\r\nConnection: Close\r\n\r\n How to confirm what I am receiving in as receive string? I need to set Receive String as 401. ? I used Curl and I see 401 is showed up ( marked Black ). So is it that I only need to write 401 in the Receive String of Monitor ? 2nd question I need to set multiple monitor for different services configured on same server. How to set multiple send string from a single Monitor Configuration. ? Let say if I am configuring 2 send string and 2 corresponding receive string how to set that when both of the String Condition need to be True as a condition to mark the VIP live. ? [admin@F5:Active:In Sync] ~ # curl -vk https://test.test.ca/portal/portaladmin/healthCheck * About to connect() to test.test.ca port 443 (#0) *Trying 10.8.16.62... connected * Connected to test.test.ca (10.8.16.62) port 443 (#0) * successfully set certificate verify locations: *CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server key exchange (12): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using DHE-RSA-AES256-GCM-SHA384 * Server certificate: *subject: C=CA; ST=ns; L=Halifax; O=Nova Scotia Power Inc; OU=IT; CN=test.test.ca *start date: 2019-04-17 00:00:00 GMT *expire date: 2021-04-21 12:00:00 GMT *subjectAltName: test.test.ca matched *issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA *SSL certificate verify ok. > GET /portal/portaladmin/healthCheck HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 OpenSSL/1.0.1l zlib/1.2.3 libidn/1.18 > Host: test.test.ca > Accept: */* > < HTTP/1.1 401 Unauthorized < Content-Type: text/html < Server: Microsoft-IIS/10.0 < WWW-Authenticate: Negotiate < WWW-Authenticate: NTLM < X-Powered-By: ASP.NET < Date: Mon, 05 Aug 2019 18:41:27 GMT < Connection: close < Content-Length: 1293 < Vary: Accept-Encoding < <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>401 - Unauthorized: Access is denied due to invalid credentials.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> * Closing connection #0 * SSLv3, TLS alert, Client hello (1):1.2KViews1like4CommentsWebpage errors after using offloading
Hello! I have a virtual server listening on 80 and serving nodes at 80. no we added offloading on a new https virtual server and iRule on the old one to redirect (am using the default iRule for redirection) and we have an error when we try to access the page: Mixed Content: The page at '' was loaded over HTTPS, but requested an insecure stylesheet ''. This request has been blocked; the content must be served over HTTPS. Mixed Content: The page at '' was loaded over HTTPS, but requested an insecure script ''. This request has been blocked; the content must be served over HTTPS. So the page is not viewed correctly on HTTPS and not functional. How can i fix this problem from F5 ?506Views0likes1Comment