F5 icons || HLD || Libreoffice || stencils alike
Hi All, I'm working on a HLD and I'm working with Libreoffice draw. I managed to get all cisco icons but I can't do the same for BIG-IP . I know there is visio stencils but that's not my case as I'm using open source libreoffice draw. anyone to help please ? ThanksDuplicate traffic to two pool members in LTM
To be specific I've got a bunch of routers in our WAN sending netflow records (unidirectional UDP packets on port 2055) to a destination IP which is a netflow collector. I've recently stood up a new (2nd) netflow collector on a different server and I'd like to have those flow records sent to both collectors but can't add a second netflow destination in all 60 of our WAN routers (limitation by the managing provider). So, I'm wondering if I create a pool with the IPs of both netflow collectors in it, change the current collector to a different IP and then make the IP of the virtual server the current destination IP for those flow records, can I use the Virtual Server as a sort of duplicator to accept all incoming UDP packets and send them to BOTH pool members?
LTM - IP Fowarder Performance issues (Stateless Router config)
Hi All, Wondering if anyone else has issues with using an IP Forwarder in the manner described in this article (Specifically - Emulating stateless IP routing with BIG-IP LTM forwarding virtual servers): https://support.f5.com/kb/en-us/solutions/public/7000/500/sol7595.html. Here's the scenario.... VLAN attached behind the BIG-IP, which has the web servers on. MSSQL servers sat on a VLAN reachable through the BIG-IP. The connections all work, just if SQL traffic isn't routed through the BIG-IP, it works fine. Otherwise, behind the BIG-IP, there is severe delays. I'd suggest it be a good idea not to route this through the BIG-IP, but I wondered what the F5 communities' take on this would be. In short....Simple IP Forwarder (Stateless) for mssql traffic... Good or bad idea? Thanks, JD
Network Access - SSLVPN - client system proxy settings
Hi all, I was wondering if someone could tell me whether the Network Access module (with the BigIP Edge Client) has support for changing the client's proxy settings. The setup is as follows: - standard Access Policy with logon page > radius auth > resource assign (network access) If the client cannot find its proxy server (defined by a PAC file that is indicated by a URL preset in the browser), it will not open the logon page when he clicks connect in the bigip edge client as this page is loaded from the virtual server's IP. So if the edge client could be configured to override the proxy settings, it will be able to load this page. The problem arises from the fact that the computers normally never leave the internal network and thus can always find the proxy file. If they leave the network and try to dialin, the not-finding-the-proxy-file will prevent them from opening any page whatsoever - including when the edge client wants to open the logon page - meaning they will never be able to connect to the VPN. I know that for example Juniper SA can do this perfectly fine, and it seems like a basic feature to me, but I cannot find it anywhere. Is it missing or should I buy new glasses? Kind regards, Thomas
Self IP config-sync problem
Hello everyone, I'm new to this device and have a problem. The administrator before me make Self IP address to point to some adress that is now Gateway on this new network. When I try to delete it I get this error: 01071412:3: Cannot delete IP (192.168.XXX.XXX) because it is used by the system config-sync setting. I have MGMT access only to Web interface. Do you have some advice for me? How to change this settings? I can not change Gateway address ... Thanks! Ivan
Deploying LTM and GTM on the same bigip box
Hello all, We will be deploying the LTM and GTM modules on the same hardware and I'm looking for any deployment guides that would outline networking or communication requirements / recommended practices. We're not going to be using route domains, so does this mean all queries from gtm to ltm resources will be kept "in house" so to speak, or will it still require going out on the wire? We are planning at this point to have a dedicate physical (or logical) interface to the gtm listener. Thanks in advance for any insight. Regards.iRule Event Order - HTTP
All, I'm in the process of creating a number of diagrams visually describing iRule event order for a number of reasons. Before I get busy making this all sexy and colourful, would anyone care to take a look and confirm I've got things right. I'll post the final version once it's done. I'm also hoping to add in some notes on any iRule commands which might affect the flow. Thanks. Updated to v0.2 below as DC won't let me insert a picture in an existing comment it seems. Updated to v0.3 below, now including server side events. Updated to v0.4 below 11/Nov/2013 Updated to v0.5 below 11/Nov/2013 Updated to v0.6 below 12/Nov/2013 Updated to v0.7 below 12/Nov/2013 - events added Update to v0.9 below 29/04/2014 - Updated to v9: added HTTP::disable and HTTP::enable commands and details on persistence. Updated to v1.1 - June 2014. Added XML profile and event, other minor corrections. Updated to v1.2 September 2014. Reordered some server side events, added further notes. FYI here's the link for the HTTPS/SSL/TLS diagram Note: The file listed below is the HTTP Event Flow order diagram...you can view/download this file as needed.
