GTM iRule to return CNAMEs based on LB_SELECTED
Hello, Just want to make sure my iRule beneath my signature is correct. My intent: If the GTM chooses server 1.1.1.1, return cname "foo1.bar.com". If the GTM chooses server 2.2.2.2, return cname "foo2.bar.com" If the GTM chooses another server not equal to 1.1.1.1 or 2.2.2.2, return that server's IP address directly to the LDNS client. Will this work? Thanks, Jim when LB_SELECTED { if {[LB::server addr] equals "1.1.1.1"} { persist enable cname "foo1.bar.com" } elseif {[LB::server addr] equals "2.2.2.2"} { persist enable cname "foo2.bar.com" } }
F5 VE latency and sync issues
We recently moved our two F5 VE Lab appliances from an older VMware 5.1 environment to new host with 5.5. Since that move we have not been able to get the devices to sync and are also seeing higher than normal latency when pinging Self-IP's on the F5's. Both VM's are running 11.6. Whenever you try to sync the two you always receive " did not receive the last sync successfully". While monitoring /var/log/ltm you can see the peer connection drop then re-establish and also a message constantly coming up with "Bandwidth utilization is 8 Mbps, exceeded 75% of Licensed 8 Mbps". Another thing that is noticed is with latency while pinging Self-IP's from the F5 and to it. Even when both VE's are on the same host and ping each other's peer IP address we see 1-2ms, if you raise the MTU size up that starts going up. When using a 1500 MTU it goes up to 5-6ms, when using 9000 (9000mtu is enabled) it goes up to 70-80ms. I have built new VM's from F5 OVA image and re-licensed but the two new ones still see the exact same issue. I built an Ubuntu VM and put it on the same host and peer IP VLAN it has NO problems. If I use the Ubuntu host to ping the peer IP on each F5, all on the same VLAN, I see the latency with the F5. Any thoughts are suggestions would be much appreciated. Thanks. UPDATE: Noticed this from both VM's as well, one is receiving the sync other is sending [root@LAB-F5-1:Standby:Awaiting Initial Sync] config tmctl -d blade tmm/if_shaper shaper_tid ingress_max ingress_avg ingress_red ingress_drops egress_drops ---------- ----------- ----------- ----------- ------------- ------------ 5 2687 100 0 0 0 4 2771 100 0 0 222 6 2687 100 0 0 0 2 2936 100 0 0 0 3 2687 100 0 0 0 7 2771 100 0 0 389 1 2771 100 0 0 193 0 2771 100 0 0 70 [root@LAB-F5-2:Active:Awaiting Initial Sync] config tmctl -d blade tmm/if_shaper shaper_tid ingress_max ingress_avg ingress_red ingress_drops egress_drops ---------- ----------- ----------- ----------- ------------- ------------ 5 2808 100 0 0 0 3 2559 100 0 0 0 4 45751 99 207 142 0 7 44484 99 135 87 0 1 42022 99 160 116 0 2 2559 100 0 0 0 6 45027 99 73 49 0 0 39703 99 62 51 0HTTP to HTTPS with sharepoint 2013
Recently built up a sharepoint 2013 server and put it behind F5 using SSL offloading. Certain content is show up as "mixed" content and that wont be good for our end users. So I am looking to do a Irule to change any outbound link from HTTP to HTTPS can someone write that up for me? Or should I try to use Stream? would that be more efficient?
Deliver Resiliency and Scalability with Dell vWorkspace and F5's Local Traffic Manager
Recently, there's been some "buzz" around how to configure Dell vWorkspace components behind BIG-IP's Local Traffic Manager. A few months back, I had the opportunity to work with Stephen Yorke from the Dell vWorkspace team to put together a configuration that helps provide availabilty and resiliency for vWorkspace, including the Secure Access components. Kelly Craig has graciously taken the good work between Dell and F5 and posted the configuration steps to get this up and running. You can check out his blog post here: http://en.community.dell.com/techcenter/virtualization/vworkspace/b/vworkspace-blog/archive/2015/05/21/vworkspace-and-f5-bigip-ltm
URL Forwarding and Masking
Our current requirement is that if a user clicks on external link from our website - the URL should not be changed and the content should be loaded from an external link. Following are the use cases to understand more about this [1] User is logged in to our website https://example-test.com [2] User clicked on external link https://external-link-website.com [3] User should not see that URL is changed to but instead it should show as https://example-test.com and content should be loaded from https://external-link-website.com Can you please provide us an iRule or suggestions to achieve this requirement for us? Thanks Srikanth
F5 Synthesis: F5 brings Scale and Security to EVO:RAIL Horizon Edition
The goal of F5 Synthesis is to deliver the app services that deliver the apps business relies on today for productivity and for profit. That means not just delivering SDAS (Software Defined Application Services) themselves, but delivering them in all the ways IT needs to meet and exceed business expectations. Sometimes that's in the cloud marketplace and other times it's as a cloud service. Sometimes it's as an integratable on-premise architecture and other times, like now, it's as part of a hyper-converged system. As part of a full stack in a rack, if you will. EVO:RAIL is a partnership between VMware and Dell that offers a simplified, hyper-converged infrastructure. In a nutshell, it's a single, integrated rack designed to address the headaches often caused by virtual machine sprawl and heterogeneous hypervisor support as well as providing the means by which expanding deployments can be accelerated. Converged infrastructure is increasingly popular as a means to accelerate the deployment and growth of virtualized solutions such as virtual desktop delivery. Converged infrastructure solutions like EVO:RAIL abstract compute, network and storage resources from the CPUs, cables controllers and switches that make them all usable as a foundation for private cloud or, as is more often the case, highly virtualized environments. By validating F5 VE (Virtual Edition) to deliver app services in an EVO:RAIL Horizon Edition the infrastructure gains key capabilities to assure availability, security and performance of the applications that will ultimately be deployed and delivered by the infrastructure. Including F5 brings capabilities critical to seamlessly scaling VMware View by providing Global Namespace and User Name Persistence support. Additionally, F5 iApps accelerates implementation by operationalizing the deployment of SDAS with simple, menu-driven provisioning. You can learn more about Dell's VMware EVO:RAIL solution here and more on how F5 and VMware are delivering the Software Defined Data Center here.Add Hedder data to MSIE9 and devices with specific uri
I am trying to help out application team role out new application to user base that still runs IE9. User desktops are not going to be upgrade in time to application role out. Application works with IE9 Chrome plugin and if Header has is added to header. Example 1 makes change to header but addes ti to everyone everywhere. example 2 is an attempt to add the added logic and it doesn't work. Example 1 makes change but requires logic to just apply to IE9 and specfic URI not all browsers and pages when HTTP_REQUEST { STREAM::disable HTTP::header remove "Accept-Encoding" } when HTTP_RESPONSE { if {[HTTP::header value Content-Type] contains "text"}{ STREAM::expression {@@ @} STREAM::enable } } Example 2 when HTTP_REQUEST { set replace_content 0 if { [class match [string tolower [HTTP::uri]] contains DATAGROOUP_GLB] } { set replace_content 1 } } when HTTP_RESPONSE { if {([string tolower [HTTP::header User-Agent]] contains "msie9") and ($replace_content equals "1")} { Disable the stream filter by default STREAM::disable HTTP::header remove "Accept-Encoding" Check if response type is text if {[HTTP::header value Content-Type] contains "text"}{ Replace STREAM::expression {@@ @} Enable the stream filter for this response only STREAM::enable } } }
No iConnnectPlus Client can be found
I install the Client, but the browser can't find it. log: OS Name: Windows 7 Enterprise Version: 6.1 Build: 7601 Type: Multiprocessor Free Primary UI language: 0x9 Short Name: Win764 Service Pack: Service Pack 1 WOW64 HOTFIXES: SP1; InternetExplorer version: 9.0.8112.16421 InternetExplorer build: 98112 HOTFIXES: 0 2015-03-13, 8:00:45:226, 4164,5468,DIALER, 2, \URDialer.cpp, 1149, CURDialer::InternalDisconnect, Invalid RAS connection handle 2015-03-13, 8:00:45:226, 4164,5468,DIALER, 2,,,, CURDialer::OnDisconnected: Enter 2015-03-13, 8:00:45:226, 4164,5468,DIALER, 2,,,, UIpForwardTable::SaveIpForwardTable: Table - NULL 2015-03-13, 8:00:45:226, 4164,5468,DIALER, 1, \UIpForwardTable.cpp, 717, UIpForwardTable::RestoreRouteTable, Failed to properly restore routing table. Possibly rotuing table is corrupted. Restart the system 2015-03-13, 8:00:45:226, 4164,6028,DIALER, 2,,,, CURDialer::ThreadProc:RegOpenKey(Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections) 0 2015-03-13, 8:00:45:226, 4164,5468,DIALER, 2,,,, CURDialer::OnDisconnected: Leave 2015-03-13, 8:00:45:241, 4164,5468,DIALER, 2, \URDialer.cpp, 1149, CURDialer::InternalDisconnect, Invalid RAS connection handle 2015-03-13, 8:00:45:241, 4164,5468,DIALER, 2,,,, CURDialer::OnDisconnected: Enter 2015-03-13, 8:00:45:241, 4164,5468,DIALER, 2,,,, UIpForwardTable::SaveIpForwardTable: Table - NULL 2015-03-13, 8:00:45:241, 4164,5468,DIALER, 1, \UIpForwardTable.cpp, 717, UIpForwardTable::RestoreRouteTable, Failed to properly restore routing table. Possibly rotuing table is corrupted. Restart the system 2015-03-13, 8:00:45:241, 4164,5300,DIALER, 2,,,, CURDialer::ThreadProc:RegOpenKey(Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections) 0 2015-03-13, 8:00:45:241, 4164,5468,DIALER, 2,,,, CURDialer::OnDisconnected: Leave 2015-03-13, 8:00:45:241, 4164,5468,DIALER, 2, \URDialer.cpp, 1149, CURDialer::InternalDisconnect, Invalid RAS connection handle 2015-03-13, 8:00:45:241, 4164,5468,DIALER, 2,,,, CURDialer::OnDisconnected: Enter 2015-03-13, 8:00:45:241, 4164,5468,DIALER, 2,,,, UIpForwardTable::SaveIpForwardTable: Table - NULL 2015-03-13, 8:00:45:257, 4164,5468,DIALER, 1, \UIpForwardTable.cpp, 717, UIpForwardTable::RestoreRouteTable, Failed to properly restore routing table. Possibly rotuing table is corrupted. Restart the system 2015-03-13, 8:00:45:257, 4164,404,DIALER, 2,,,, CURDialer::ThreadProc:RegOpenKey(Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections) 0 2015-03-13, 8:00:45:257, 4164,5468,DIALER, 2,,,, CURDialer::OnDisconnected: Leave 2015-03-13, 8:00:45:257, 4164,5468,DIALER, 2,,,, UIpForwardTable::SaveIpForwardTable: Table - NULL 2015-03-13, 8:00:45:257, 4164,5468,DIALER, 1, \UIpForwardTable.cpp, 717, UIpForwardTable::RestoreRouteTable, Failed to properly restore routing table. Possibly rotuing table is corrupted. Restart the system 2015-03-13, 8:00:45:257, 4164,3304,DIALER, 2,,,, CURDialer::ThreadProc:RegOpenKey(Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections) 0 2015-03-13, 8:07:55:026, 4352,5940,SUPERHOST, 1, \SuperHostIfs.cpp, 43, CURSuperHost::CheckInstance, CreateClientRpcHandle returned NULL 2015-03-13, 8:07:55:892, 4352,5940,SUPERHOST, 0,,,, Request to install/update Host Control 2015-03-13, 8:07:55:898, 4352,4748,SUPERHOST, 2, \urSmartUpdateEx.cpp, 519, USmartUpdateEx::RunObjectProc(), need not install/update control, {E0FF21FA-B857-45C5-8621-F120A0C17FF2}, https://iconnectbp.cathaypacific.com/vdesk/terminal/urxhost.cabversion=7000,2013,426,1913 2015-03-13, 8:07:55:987, 4352,5940,HOST, 0,,,, Request to install/update SSL Tunnel 2015-03-13, 8:07:55:991, 4352,1980,HOST, 2, \urSmartUpdateEx.cpp, 519, USmartUpdateEx::RunObjectProc(), need not install/update control, {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10}, https://iconnectbp.cathaypacific.com/vdesk/terminal/f5tunsrv.cabversion=7000,2013,426,1901 2015-03-13, 8:07:55:997, 4352,1980,HOST, 0,,,, Request to install/update VPN Manager 2015-03-13, 8:07:56:001, 4352,5184,HOST, 2, \urSmartUpdateEx.cpp, 519, USmartUpdateEx::RunObjectProc(), need not install/update control, {2BCDB465-81F9-41CB-832C-8037A4064446}, https://iconnectbp.cathaypacific.com/vdesk/terminal/urxvpn.cabversion=7000,2013,426,1906 2015-03-13, 8:07:56:016, 4352,5656,HOST, 1,,,, UFilterService::Init:Run-time exception.Exception code=0x6ba 2015-03-13, 8:07:56:018, 4352,5656,HOST, 1,,,, UFilterService::Init:Failure connecting to service. Status=0x6ba 2015-03-13, 8:07:56:019, 4352,5656,HOST, 2, \patchhost.cpp, 145, CHostCtrl::PatchHosts, Patching host file failed 2015-03-13, 8:07:59:738, 4352,2632,DIALER, 2,,,, CDialer::OnConnect:Processes policy processed 2015-03-13, 8:07:59:739, 4352,2632,DIALER, 1, \URDialer.cpp, 6290, CURDialer::VerifySinglePolicy, Security policy prevents running SSL VPN on this PC 2015-03-13, 8:07:59:943, 4352,2632,DIALER, 2,,,, CDialer:LogVPNPolicyResult:logged 2015-03-13, 8:07:59:946, 4352,2632,DIALER, 2,,,, CDialer::OnConnect:Registry policy processed 2015-03-13, 8:07:59:947, 4352,2632,DIALER, 2,,,, CDialer::VerifyPolicy:policy result = 0 2015-03-13, 8:07:59:948, 4352,2632,DIALER, 1, \URDialer.cpp, 1292, CURDialer::VerifyPolicyThreadProc, Failed to verify policy (No iConnnectPlus Client can be found in your computer, please download the client at office. )
