GTM iRule to return CNAMEs based on LB_SELECTED
Hello, Just want to make sure my iRule beneath my signature is correct. My intent: If the GTM chooses server 1.1.1.1, return cname "foo1.bar.com". If the GTM chooses server 2.2.2.2, return cname "foo2.bar.com" If the GTM chooses another server not equal to 1.1.1.1 or 2.2.2.2, return that server's IP address directly to the LDNS client. Will this work? Thanks, Jim when LB_SELECTED { if {[LB::server addr] equals "1.1.1.1"} { persist enable cname "foo1.bar.com" } elseif {[LB::server addr] equals "2.2.2.2"} { persist enable cname "foo2.bar.com" } }
F5 VE latency and sync issues
We recently moved our two F5 VE Lab appliances from an older VMware 5.1 environment to new host with 5.5. Since that move we have not been able to get the devices to sync and are also seeing higher than normal latency when pinging Self-IP's on the F5's. Both VM's are running 11.6. Whenever you try to sync the two you always receive " did not receive the last sync successfully". While monitoring /var/log/ltm you can see the peer connection drop then re-establish and also a message constantly coming up with "Bandwidth utilization is 8 Mbps, exceeded 75% of Licensed 8 Mbps". Another thing that is noticed is with latency while pinging Self-IP's from the F5 and to it. Even when both VE's are on the same host and ping each other's peer IP address we see 1-2ms, if you raise the MTU size up that starts going up. When using a 1500 MTU it goes up to 5-6ms, when using 9000 (9000mtu is enabled) it goes up to 70-80ms. I have built new VM's from F5 OVA image and re-licensed but the two new ones still see the exact same issue. I built an Ubuntu VM and put it on the same host and peer IP VLAN it has NO problems. If I use the Ubuntu host to ping the peer IP on each F5, all on the same VLAN, I see the latency with the F5. Any thoughts are suggestions would be much appreciated. Thanks. UPDATE: Noticed this from both VM's as well, one is receiving the sync other is sending [root@LAB-F5-1:Standby:Awaiting Initial Sync] config tmctl -d blade tmm/if_shaper shaper_tid ingress_max ingress_avg ingress_red ingress_drops egress_drops ---------- ----------- ----------- ----------- ------------- ------------ 5 2687 100 0 0 0 4 2771 100 0 0 222 6 2687 100 0 0 0 2 2936 100 0 0 0 3 2687 100 0 0 0 7 2771 100 0 0 389 1 2771 100 0 0 193 0 2771 100 0 0 70 [root@LAB-F5-2:Active:Awaiting Initial Sync] config tmctl -d blade tmm/if_shaper shaper_tid ingress_max ingress_avg ingress_red ingress_drops egress_drops ---------- ----------- ----------- ----------- ------------- ------------ 5 2808 100 0 0 0 3 2559 100 0 0 0 4 45751 99 207 142 0 7 44484 99 135 87 0 1 42022 99 160 116 0 2 2559 100 0 0 0 6 45027 99 73 49 0 0 39703 99 62 51 0HTTP to HTTPS with sharepoint 2013
Recently built up a sharepoint 2013 server and put it behind F5 using SSL offloading. Certain content is show up as "mixed" content and that wont be good for our end users. So I am looking to do a Irule to change any outbound link from HTTP to HTTPS can someone write that up for me? Or should I try to use Stream? would that be more efficient?
URL Forwarding and Masking
Our current requirement is that if a user clicks on external link from our website - the URL should not be changed and the content should be loaded from an external link. Following are the use cases to understand more about this [1] User is logged in to our website https://example-test.com [2] User clicked on external link https://external-link-website.com [3] User should not see that URL is changed to but instead it should show as https://example-test.com and content should be loaded from https://external-link-website.com Can you please provide us an iRule or suggestions to achieve this requirement for us? Thanks SrikanthAdd Hedder data to MSIE9 and devices with specific uri
I am trying to help out application team role out new application to user base that still runs IE9. User desktops are not going to be upgrade in time to application role out. Application works with IE9 Chrome plugin and if Header has is added to header. Example 1 makes change to header but addes ti to everyone everywhere. example 2 is an attempt to add the added logic and it doesn't work. Example 1 makes change but requires logic to just apply to IE9 and specfic URI not all browsers and pages when HTTP_REQUEST { STREAM::disable HTTP::header remove "Accept-Encoding" } when HTTP_RESPONSE { if {[HTTP::header value Content-Type] contains "text"}{ STREAM::expression {@@ @} STREAM::enable } } Example 2 when HTTP_REQUEST { set replace_content 0 if { [class match [string tolower [HTTP::uri]] contains DATAGROOUP_GLB] } { set replace_content 1 } } when HTTP_RESPONSE { if {([string tolower [HTTP::header User-Agent]] contains "msie9") and ($replace_content equals "1")} { Disable the stream filter by default STREAM::disable HTTP::header remove "Accept-Encoding" Check if response type is text if {[HTTP::header value Content-Type] contains "text"}{ Replace STREAM::expression {@@ @} Enable the stream filter for this response only STREAM::enable } } }
No iConnnectPlus Client can be found
I install the Client, but the browser can't find it. log: OS Name: Windows 7 Enterprise Version: 6.1 Build: 7601 Type: Multiprocessor Free Primary UI language: 0x9 Short Name: Win764 Service Pack: Service Pack 1 WOW64 HOTFIXES: SP1; InternetExplorer version: 9.0.8112.16421 InternetExplorer build: 98112 HOTFIXES: 0 2015-03-13, 8:00:45:226, 4164,5468,DIALER, 2, \URDialer.cpp, 1149, CURDialer::InternalDisconnect, Invalid RAS connection handle 2015-03-13, 8:00:45:226, 4164,5468,DIALER, 2,,,, CURDialer::OnDisconnected: Enter 2015-03-13, 8:00:45:226, 4164,5468,DIALER, 2,,,, UIpForwardTable::SaveIpForwardTable: Table - NULL 2015-03-13, 8:00:45:226, 4164,5468,DIALER, 1, \UIpForwardTable.cpp, 717, UIpForwardTable::RestoreRouteTable, Failed to properly restore routing table. Possibly rotuing table is corrupted. Restart the system 2015-03-13, 8:00:45:226, 4164,6028,DIALER, 2,,,, CURDialer::ThreadProc:RegOpenKey(Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections) 0 2015-03-13, 8:00:45:226, 4164,5468,DIALER, 2,,,, CURDialer::OnDisconnected: Leave 2015-03-13, 8:00:45:241, 4164,5468,DIALER, 2, \URDialer.cpp, 1149, CURDialer::InternalDisconnect, Invalid RAS connection handle 2015-03-13, 8:00:45:241, 4164,5468,DIALER, 2,,,, CURDialer::OnDisconnected: Enter 2015-03-13, 8:00:45:241, 4164,5468,DIALER, 2,,,, UIpForwardTable::SaveIpForwardTable: Table - NULL 2015-03-13, 8:00:45:241, 4164,5468,DIALER, 1, \UIpForwardTable.cpp, 717, UIpForwardTable::RestoreRouteTable, Failed to properly restore routing table. Possibly rotuing table is corrupted. Restart the system 2015-03-13, 8:00:45:241, 4164,5300,DIALER, 2,,,, CURDialer::ThreadProc:RegOpenKey(Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections) 0 2015-03-13, 8:00:45:241, 4164,5468,DIALER, 2,,,, CURDialer::OnDisconnected: Leave 2015-03-13, 8:00:45:241, 4164,5468,DIALER, 2, \URDialer.cpp, 1149, CURDialer::InternalDisconnect, Invalid RAS connection handle 2015-03-13, 8:00:45:241, 4164,5468,DIALER, 2,,,, CURDialer::OnDisconnected: Enter 2015-03-13, 8:00:45:241, 4164,5468,DIALER, 2,,,, UIpForwardTable::SaveIpForwardTable: Table - NULL 2015-03-13, 8:00:45:257, 4164,5468,DIALER, 1, \UIpForwardTable.cpp, 717, UIpForwardTable::RestoreRouteTable, Failed to properly restore routing table. Possibly rotuing table is corrupted. Restart the system 2015-03-13, 8:00:45:257, 4164,404,DIALER, 2,,,, CURDialer::ThreadProc:RegOpenKey(Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections) 0 2015-03-13, 8:00:45:257, 4164,5468,DIALER, 2,,,, CURDialer::OnDisconnected: Leave 2015-03-13, 8:00:45:257, 4164,5468,DIALER, 2,,,, UIpForwardTable::SaveIpForwardTable: Table - NULL 2015-03-13, 8:00:45:257, 4164,5468,DIALER, 1, \UIpForwardTable.cpp, 717, UIpForwardTable::RestoreRouteTable, Failed to properly restore routing table. Possibly rotuing table is corrupted. Restart the system 2015-03-13, 8:00:45:257, 4164,3304,DIALER, 2,,,, CURDialer::ThreadProc:RegOpenKey(Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections) 0 2015-03-13, 8:07:55:026, 4352,5940,SUPERHOST, 1, \SuperHostIfs.cpp, 43, CURSuperHost::CheckInstance, CreateClientRpcHandle returned NULL 2015-03-13, 8:07:55:892, 4352,5940,SUPERHOST, 0,,,, Request to install/update Host Control 2015-03-13, 8:07:55:898, 4352,4748,SUPERHOST, 2, \urSmartUpdateEx.cpp, 519, USmartUpdateEx::RunObjectProc(), need not install/update control, {E0FF21FA-B857-45C5-8621-F120A0C17FF2}, https://iconnectbp.cathaypacific.com/vdesk/terminal/urxhost.cabversion=7000,2013,426,1913 2015-03-13, 8:07:55:987, 4352,5940,HOST, 0,,,, Request to install/update SSL Tunnel 2015-03-13, 8:07:55:991, 4352,1980,HOST, 2, \urSmartUpdateEx.cpp, 519, USmartUpdateEx::RunObjectProc(), need not install/update control, {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10}, https://iconnectbp.cathaypacific.com/vdesk/terminal/f5tunsrv.cabversion=7000,2013,426,1901 2015-03-13, 8:07:55:997, 4352,1980,HOST, 0,,,, Request to install/update VPN Manager 2015-03-13, 8:07:56:001, 4352,5184,HOST, 2, \urSmartUpdateEx.cpp, 519, USmartUpdateEx::RunObjectProc(), need not install/update control, {2BCDB465-81F9-41CB-832C-8037A4064446}, https://iconnectbp.cathaypacific.com/vdesk/terminal/urxvpn.cabversion=7000,2013,426,1906 2015-03-13, 8:07:56:016, 4352,5656,HOST, 1,,,, UFilterService::Init:Run-time exception.Exception code=0x6ba 2015-03-13, 8:07:56:018, 4352,5656,HOST, 1,,,, UFilterService::Init:Failure connecting to service. Status=0x6ba 2015-03-13, 8:07:56:019, 4352,5656,HOST, 2, \patchhost.cpp, 145, CHostCtrl::PatchHosts, Patching host file failed 2015-03-13, 8:07:59:738, 4352,2632,DIALER, 2,,,, CDialer::OnConnect:Processes policy processed 2015-03-13, 8:07:59:739, 4352,2632,DIALER, 1, \URDialer.cpp, 6290, CURDialer::VerifySinglePolicy, Security policy prevents running SSL VPN on this PC 2015-03-13, 8:07:59:943, 4352,2632,DIALER, 2,,,, CDialer:LogVPNPolicyResult:logged 2015-03-13, 8:07:59:946, 4352,2632,DIALER, 2,,,, CDialer::OnConnect:Registry policy processed 2015-03-13, 8:07:59:947, 4352,2632,DIALER, 2,,,, CDialer::VerifyPolicy:policy result = 0 2015-03-13, 8:07:59:948, 4352,2632,DIALER, 1, \URDialer.cpp, 1292, CURDialer::VerifyPolicyThreadProc, Failed to verify policy (No iConnnectPlus Client can be found in your computer, please download the client at office. )
iRule Error related with Data Group
We need to block some User-Agent, so I created a Data Group that called UnwantedAgents, and an iRules called ir_BlockAgents when HTTP_REQUEST { if { [class match [string tolower [HTTP::header "User-Agent"]] contains UnwantedAgents ] } { log local0. "Blocked src=[IP::client_addr] src_port=[TCP::client_port],agent= HTTP::header value User-Agent]" reject } } After I applied this iRule ir_BlockAgents. I saw this error in the log (/var/log/ltm) Feb 21 12:26:51 jcbigip1 err mcpd[5407]: 01020066:3: The requested rule (/Common/ir_BlockAgents) already exists in partition Common. How can I fix it? Thanks, Xin
Invalid Token Response Changed from v11.4 to v11.6
We use Dell Defender Quest Tokens for secondary authentication to VPN. To do this we use the RSA model of sending data to a Radius Server and validating the response. Under 11.4 if the tokens didn't match the user received the following message: Invalid Synchronous Response. Enter Sychronous Response: With a blank text box and logon button Under 11.6 its just a text box with a logon button no text. There are sections under customization but that text isn't displaying that is set there either. Any ideas?
