snat vs automap, whats the difference?
I'm trying to see the difference between the snat and automap for the Source Address Translation option. Currently I have traffic coming in to the F5 using automap. What though specifically does that mean? And why wouldn't I use SNAT? All the nodes, (servers in our lan), are not configured to have the F5 as its default gateway. I have a lot of virtual servers configured and I'm not sure how the self-ip plays a role in the nating or snating if at all. From what I understand (but could be wrong) an external client request is directed to the vip ip (since our firewall nats it there) and the destination IP is that of the vip. The F5 then translates the destination IP to that of the IP of the pool member. Then on the way back out the source is translated to the of the vip. But what about the selfip? Can someone please explain all this? Thanks!
How to preserve data in a HTTP 302 redirect of a POST
Hi, We are trying to implement the following scenario and would like to know if the LTM can do the following: An application execute an HTTP POST request with parameters inside the HTML body LTM sends back a 302 redirect request back to the client to another local url How can LTM sends back in the 302 redirect with the same parameters that were availble in the initial packet (see 1))? Can LTM look into HTML body and use them in packet 2) with an iRule? In initial packet 1) these parameters can be a small text or a large file that is being posted to the servers behind LTM Thanks, Giulio.
What exactly does FastL4 profile do?
Customer have to load balance a webserver. Using default settings it takes more than 10 seconds to completely load the webpage. After using the FastL4 profile it takes only 3 seconds. So what does it do to speed this up? We tested also the Fasthttp profile but some objects in the webpage cannot be loaded. Is there any limitation for this profile? Thanks a lot.
Can LTM be used to configure Active and Passive Servers?
For a given vip is it possible to define pool of servers that are active and also some pool of members that passive. Basically this is what I want to do: 1. Define active pool of servers for a vip 2. Define passive pool of servers for a vip 3. When all the members in pool go down then make passive pool active Is it possible to do that in LTM? If it's possible then when one of the pool members (previously active) become active again does it switch it back?
Application Web Pages Not Being Served Correctly by F5
Hi, One of our customers has an application that doesn't appear to perform very well when load-balanced by the F5. The application is currently using a Standard VS profile, which is not doing SSL offload, uses cookie persistence and a SNAT pool with a single IP address and pretty much everything else is default. We have recently applied a Web Acceleration profile to the VS to attempt to address the problem but it doesn't appear to have solved anything. The WA profile is only set to cache and serve up static CSS and JS files. The major issue, we believe, is that the client fails to receive some of the Javascript that is necessary for the page to render correctly. This was the case prior to the WA profile being applied as well as after. The application used to be load-balanced, in a very rudimentary way, by iptables and these issues were not seen then. I'm very keen to find any clue as to where to look on the F5 for what could be causing the problem. I'm considering changing the profile to Perf L4 to see if it helps but there are two problems with that: 1. I don't get to learn what was causing the problem 2. I think the client wants to have the F5 do SSL offload in the near future Any help would be greatly appreciated. Thanks in advance, BenAPM - How to create a keytab file with multiple SPNs
Hi, I have run into a problem using Kerberos Authentication when using CNAMEs in DNS. You can search the web but basically if you use a CNAME record like "www CNAME www1" and then A records "www1 A 10.10.10.1" and "www2 A 10.10.20.1", when IE or .NET needs to authenticate it forms the request to "www1" (or "www2") and not "www". Now, you can add the additional SPNs on the Domain Controllers using the MS tool "setspn" with the "-A" switch no problem against the same service account. The instructions for creating the keytab file only cover the use of the MS tool "ktpass". This tool can only create a keytab file with a single SPN and when you use this with APM it will only work for "www" and break for anything else. I'm unfamiliar with the Kerberos utilities on BIG-IP but I have seen that there are several (kadmin, kinit, ktutil). Can anyone give me a working example of how I can create a keytab file which will work using these tools for all 3 SPNs which will work with MS AD. Thanks.Pool members with fully-qualified domain names (FQDNs): How does this work?
From release notes of v11.6.0 (on new features): Populate pools by FQDN This release includes the ability to configure a BIG-IP system with nodes and pool members that are identified with fully-qualified domain names (FQDNs). When configuring pool members with FQDN, addresses dynamically follow DNS changes. Fully dynamic DNS-managed pools may even be created. How does this work? When the fqdn resolves to multiple addresses, how is LB handled?