F5 High Availability - Public Cloud Guidance
This article will provide information about BIG-IP and NGINX high availability (HA) topics that should be considered when leveraging the public cloud. There are differences between on-prem and public cloud such as cloud provider L2 networking. These differences lead to challenges in how you address HA, failover time, peer setup, scaling options, and application state. Topics Covered: Discuss and Define HA Importance of Application Behavior and Traffic Sizing HA Capabilities of BIG-IP and NGINX Various HA Deployment Options (Active/Active, Active/Standby, auto scale) Example Customer Scenario What is High Availability? High availability can mean many things to different people. Depending on the application and traffic requirements, HA requires dual data paths, redundant storage, redundant power, and compute. It means the ability to survive a failure, maintenance windows should be seamless to user, and the user experience should never suffer...ever! Reference: https://en.wikipedia.org/wiki/High_availability So what should HA provide? Synchronization of configuration data to peers (ex. configs objects) Synchronization of application session state (ex. persistence records) Enable traffic to fail over to a peer Locally, allow clusters of devices to act and appear as one unit Globally, disburse traffic via DNS and routing Importance of Application Behavior and Traffic Sizing Let's look at a common use case... "gaming app, lots of persistent connections, client needs to hit same backend throughout entire game session" Session State The requirement of session state is common across applications using methods like HTTP cookies,F5 iRule persistence, JSessionID, IP affinity, or hash. The session type used by the application can help you decide what migration path is right for you. Is this an app more fitting for a lift-n-shift approach...Rehost? Can the app be redesigned to take advantage of all native IaaS and PaaS technologies...Refactor? Reference: 6 R's of a Cloud Migration Application session state allows user to have a consistent and reliable experience Auto scaling L7 proxies (BIG-IP or NGINX) keep track of session state BIG-IP can only mirror session state to next device in cluster NGINX can mirror state to all devices in cluster (via zone sync) Traffic Sizing The cloud provider does a great job with things like scaling, but there are still cloud provider limits that affect sizing and machine instance types to keep in mind. BIG-IP and NGINX are considered network virtual appliances (NVA). They carry quota limits like other cloud objects. Google GCP VPC Resource Limits Azure VM Flow Limits AWS Instance Types Unfortunately, not all limits are documented. Key metrics for L7 proxies are typically SSL stats, throughput, connection type, and connection count. Collecting these application and traffic metrics can help identify the correct instance type. We have a list of the F5 supported BIG-IP VE platforms on F5 CloudDocs. F5 Products and HA Capabilities BIG-IP HA Capabilities BIG-IP supports the following HA cluster configurations: Active/Active - all devices processing traffic Active/Standby - one device processes traffic, others wait in standby Configuration sync to all devices in cluster L3/L4 connection sharing to next device in cluster (ex. avoids re-login) L5-L7 state sharing to next device in cluster (ex. IP persistence, SSL persistence, iRule UIE persistence) Reference: BIG-IP High Availability Docs NGINX HA Capabilities NGINX supports the following HA cluster configurations: Active/Active - all devices processing traffic Active/Standby - one device processes traffic, others wait in standby Configuration sync to all devices in cluster Mirroring connections at L3/L4 not available Mirroring session state to ALL devices in cluster using Zone Synchronization Module (NGINX Plus R15) Reference: NGINX High Availability Docs HA Methods for BIG-IP In the following sections, I will illustrate 3 common deployment configurations for BIG-IP in public cloud. HA for BIG-IP Design #1 - Active/Standby via API HA for BIG-IP Design #2 - A/A or A/S via LB HA for BIG-IP Design #3 - Regional Failover (multi region) HA for BIG-IP Design #1 - Active/Standby via API (multi AZ) This failover method uses API calls to communicate with the cloud provider and move objects (IP address, routes, etc) during failover events. The F5 Cloud Failover Extension (CFE) for BIG-IP is used to declaratively configure the HA settings. Cloud provider load balancer is NOT required Fail over time can be SLOW! Only one device actively used (other device sits idle) Failover uses API calls to move cloud objects, times vary (see CFE Performance and Sizing) Key Findings: Google API failover times depend on number of forwarding rules Azure API slow to disassociate/associate IPs to NICs (remapping) Azure API fast when updating routes (UDR, user defined routes) AWS reliable with API regarding IP moves and routes Recommendations: This design with multi AZ is more preferred than single AZ Recommend when "traditional" HA cluster required or Lift-n-Shift...Rehost For Azure (based on my testing)... Recommend using Azure UDR versus IP failover when possible Look at Failover via LB example instead for Azure If API method required, look at DNS solutions to provide further redundancy HA for BIG-IP Design #2 - A/A or A/S via LB (multi AZ) Cloud LB health checks the BIG-IP for up/down status Faster failover times (depends on cloud LB health timers) Cloud LB allows A/A or A/S Key difference: Increased network/compute redundancy Cloud load balancer required Recommendations: Use "failover via LB" if you require faster failover times For Google (based on my testing)... Recommend against "via LB" for IPSEC traffic (Google LB not supported) If load balancing IPSEC, then use "via API" or "via DNS" failover methods HA for BIG-IP Design #3 - Regional Failover via DNS (multi AZ, multi region) BIG-IP VE active/active in multiple regions Traffic disbursed to VEs by DNS/GSLB DNS/GSLB intelligent health checks for the VEs Key difference: Cloud LB is not required DNS logic required by clients Orchestration required to manage configs across each BIG-IP BIG-IP standalone devices (no DSC cluster limitations) Recommendations: Good for apps that handle DNS resolution well upon failover events Recommend when cloud LB cannot handle a particular protocol Recommend when customer is already using DNS to direct traffic Recommend for applications that have been refactored to handle session state outside of BIG-IP Recommend for customers with in-house skillset to orchestrate (Ansible, Terraform, etc) HA Methods for NGINX In the following sections, I will illustrate 2 common deployment configurations for NGINX in public cloud. HA for NGINX Design #1 - Active/Standby via API HA for NGINX Design #2 - Auto Scale Active/Active via LB HA for NGINX Design #1 - Active/Standby via API (multi AZ) NGINX Plus required Cloud provider load balancer is NOT required Only one device actively used (other device sits idle) Only available in AWS currently Recommendations: Recommend when "traditional" HA cluster required or Lift-n-Shift...Rehost Reference: Active-Passive HA for NGINX Plus on AWS HA for NGINX Design #2 - Auto Scale Active/Active via LB (multi AZ) NGINX Plus required Cloud LB health checks the NGINX Faster failover times Key difference: Increased network/compute redundancy Cloud load balancer required Recommendations: Recommended for apps fitting a migration type of Replatform or Refactor Reference: Active-Active HA for NGINX Plus on AWS, Active-Active HA for NGINX Plus on Google Pros & Cons: Public Cloud Scaling Options Review this handy table to understand the high level pros and cons of each deployment method. Example Customer Scenario #1 As a means to make this topic a little more real, here isa common customer scenario that shows you the decisions that go into moving an application to the public cloud. Sometimes it's as easy as a lift-n-shift, other times you might need to do a little more work. In general, public cloud is not on-prem and things might need some tweaking. Hopefully this example will give you some pointers and guidance on your next app migration to the cloud. Current Setup: Gaming applications F5 Hardware BIG-IP VIRPIONs on-prem Two data centers for HA redundancy iRule heavy configuration (TLS encryption/decryption, payload inspections) Session Persistence = iRule Universal Persistence (UIE), and other methods Biggest app 15K SSL TPS 15Gbps throughput 2 million concurrent connections 300K HTTP req/sec (L7 with TLS) Requirements for Successful Cloud Migration: Support current traffic numbers Support future target traffic growth Must run in multiple geographic regions Maintain session state Must retain all iRules in use Recommended Design for Cloud Phase #1: Migration Type: Hybrid model, on-prem + cloud, and some Rehost Platform: BIG-IP Retaining iRules means BIG-IP is required Licensing: High Performance BIG-IP Unlocks additional CPU cores past 8 (up to 24) extra traffic and SSL processing Instance type: check F5 supported BIG-IP VE platforms for accelerated networking (10Gb+) HA method: Active/Standby and multi-region with DNS iRule Universal persistence only mirrors to only next device, keep cluster size to 2 scale horizontally via additional HA clusters and DNS clients pinned to a region via DNS (on-prem or public cloud) inside region, local proxy cluster shares state This example comes up in customer conversations often. Based on customer requirements, in-house skillset, current operational model, and time frames there is one option that is better than the rest. A second design phase lends itself to more of a Replatform or Refactor migration type. In that case, more options can be leveraged to take advantage of cloud-native features. For example, changing the application persistence type from iRule UIE to cookie would allow BIG-IP to avoid keeping track of state. Why? With cookies, the client keeps track of that session state. Client receives a cookie, passes the cookie to L7 proxy on successive requests, proxy checks cookie value, sends to backend pool member. The requirement for L7 proxy to share session state is now removed. Example Customer Scenario #2 Here is another customer scenario. This time the application is a full suite of multimedia content. In contrast to the first scenario, this one will illustrate the benefits of rearchitecting various components allowing greater flexibility when leveraging the cloud. You still must factor in-house skill set, project time frames, and other important business (and application) requirements when deciding on the best migration type. Current Setup: Multimedia (Gaming, Movie, TV, Music) Platform BIG-IP VIPRIONs using vCMP on-prem Two data centers for HA redundancy iRule heavy (Security, Traffic Manipulation, Performance) Biggest App: oAuth + Cassandra for token storage (entitlements) Requirements for Success Cloud Migration: Support current traffic numbers Elastic auto scale for seasonal growth (ex. holidays) VPC peering with partners (must also bypass Web Application Firewall) Must support current or similar traffic manipulating in data plane Compatibility with existing tooling used by Business Recommended Design for Cloud Phase #1: Migration Type: Repurchase, migration BIG-IP to NGINX Plus Platform: NGINX iRules converted to JS or LUA Licensing: NGINX Plus Modules: GeoIP, LUA, JavaScript HA method: N+1 Autoscaling via Native LB Active Health Checks This is a great example of a Repurchase in which application characteristics can allow the various teams to explore alternative cloud migration approaches. In this scenario, it describes a phase one migration of converting BIG-IP devices to NGINX Plus devices. This example assumes the BIG-IP configurations can be somewhat easily converted to NGINX Plus, and it also assumes there is available skillset and project time allocated to properly rearchitect the application where needed. Summary OK! Brains are expanding...hopefully? We learned about high availability and what that means for applications and user experience. We touched on the importance of application behavior and traffic sizing. Then we explored the various F5 products, how they handle HA, and HA designs. These recommendations are based on my own lab testing and interactions with customers. Every scenario will carry its own requirements, and all options should be carefully considered when leveraging the public cloud. Finally, we looked at a customer scenario, discussed requirements, and design proposal. Fun! Resources Read the following articles for more guidance specific to the various cloud providers. Advanced Topologies and More on Highly Available Services Lightboard Lessons - BIG-IP Deployments in Azure Google and BIG-IP Failing Faster in the Cloud BIG-IP VE on Public Cloud High-Availability Load Balancing with NGINX Plus on Google Cloud Platform Using AWS Quick Starts to Deploy NGINX Plus NGINX on Azure
Google Analytics script injection
Problem this snippet solves: Add google analytics script in the html content of the HTTP response. Works also for other Analytics providers like Piwik. How to use this snippet: Installation Files The code below has to be imported as an ifile. By default, you must name this ifile google.js but you can change it in the irule if required. Google Analytics code : <!-- Google Analytics --> <script> window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date; ga('create', '$static::tracking_id', 'auto'); ga('send', 'pageview'); </script> <script async src='https://www.google-analytics.com/analytics.js'></script> <!-- End Google Analytics --> Piwik javascript code : <!-- Piwik --> <script type="text/javascript"> var _paq = _paq || []; _paq.push(['trackPageView']); _paq.push(['enableLinkTracking']); (function() { var u="//$static::piwik_url/"; _paq.push(['setTrackerUrl', u+'piwik.php']); _paq.push(['setSiteId', {$static::siteid}]); var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0]; g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s); })(); </script> <!-- End Piwik Code --> irule You need to install the irule on your Virtual Server. Variables set static::tracking_id "UA-XXXXX-Y" # replace the Google Tracking ID by your own set static::siteid "UA-XXXXX-Y" # replace the Piwik Site ID by your own set static::piwik_url "https://www.mypiwik.com/piwik/piwik" # replace the Piwik URL by your own Features Version 1.0 Insert Google Analytics JS code within html response support for Piwik JS insertion Manage Multiple TrackingID by hostname (see Multiple "hostname and TrackingID section") Backlog Add logging External links Github : https://github.com/e-XpertSolutions/f5 BONUS : Multiple hostname and TrackingID Prerequisite You need to add a string based Datagroup named HOST_TRACKING_MAPPING. ltm data-group internal HOST_TRACKING_MAPPING { records { blog.e-xpertsolutions.com { data UA-XXXXX-Z } www.e-xpertsolutions.com { data UA-XXXXX-Y } } type string } The google.js ifile need to be replaced by the following example : <!-- Google Analytics --> <script> window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date; ga('create', '$tracking_id', 'auto'); ga('send', 'pageview'); </script> <script async src='https://www.google-analytics.com/analytics.js'></script> <!-- End Google Analytics --> Irule when RULE_INIT { set static::default_trackingid "UA-XXXXX-Y" } when HTTP_REQUEST { HTTP::header remove "Accept-Encoding" set host [HTTP::host] } when HTTP_RESPONSE { if { [HTTP::header Content-Type] contains "text/html" } { if { [HTTP::header exists "Content-Length"] } { set content_length [HTTP::header "Content-Length"] } else { set content_length 1000000 } if { $content_length > 0 } { HTTP::collect $content_length } } } when HTTP_RESPONSE_DATA { set search "</head>" set tracking_id [class match -value -- $host equals HOST_TRACKING_MAPPING] if { $tracking_id eq "" } { set tracking_id $static::default_trackingid } HTTP::payload replace 0 $content_length [string map [list $search "[subst -nocommands -nobackslashes [ifile get google.js]]</head>"] [HTTP::payload]] HTTP::release } Code : when RULE_INIT { set static::tracking_id "UA-XXXXX-Y" set static::siteid "XXXXX" set static::piwik_url "https://www.piwik.url/piwik/piwik" } when HTTP_REQUEST { HTTP::header remove "Accept-Encoding" } when HTTP_RESPONSE { if { [HTTP::header Content-Type] contains "text/html" } { if { [HTTP::header exists "Content-Length"] } { set content_length [HTTP::header "Content-Length"] } else { set content_length 1000000 } if { $content_length > 0 } { HTTP::collect $content_length } } } when HTTP_RESPONSE_DATA { set search "" HTTP::payload replace 0 $content_length [string map [list $search "[subst -nocommands -nobackslashes [ifile get google.js]]"] [HTTP::payload]] HTTP::release } Tested this on version: 11.5Checksums for F5 Supported Google Cloud GDM templates on GitHub
Problem this snippet solves: Checksums for F5 supported Google Cloud GDM templates F5 Networks provides checksums for all of our supported Google Cloud Deployment Manager (GDM) templates. See the README files on GitHub for information on individual templates. You can find the Google GDM templates in the supported directory on GitHub: https://github.com/F5Networks/f5-google-gdm-templates You can get a checksum for a particular template by running one of the following commands, depending on your operating system: Linux: sha512sum <path_to_template> Windows using CertUtil: CertUtil –hashfile <path_to_template> SHA512 You can compare the checksum produced by that command against the following list. Note As of Release 1.4.0, we now put all templates and hashes in a table. To find your hash, copy the script-signature hash out of your template and search for it on this page. To find the script signature, click the link in the Solution File column (look closely at the path to find the template you are using) and search for script-signature. The hash immediately follows. Google Deployment Manager Templates Release 2.1.3 Solution File Hash https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/2nic/existing-stack/payg/f5-existing-stack-payg-2nic-bigip.py e456288df1984c5b3db985f6167f1368b680656e2217aad52fe33a92d5f41e6acfccbfe3514e4798d60fe3c355c7dd05f1dd401a3c3d1e26c3b4bf5a258c45c6 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/2nic/existing-stack/byol/f5-existing-stack-byol-2nic-bigip.py 9b6b210e4c0cc2b616d7244b0a43d3787e46ff497a825c93f9cdc44d1061446b7cde531f904a070c177a1de99ff30fa36c24f5d1b717a2505a8b533c61c33428 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/3nic/existing-stack/payg/f5-existing-stack-payg-3nic-bigip.py 7f97ae8a201edd2c00ba56867e1d4bce7f4dfa15b01c6e8c41a1c9394f8f3ad7f4ca254d8c3f22de87879992bd3b02596460f02a282be8a41f608fed593ead25 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/3nic/existing-stack/byol/f5-existing-stack-byol-3nic-bigip.py 77c5d63151e976953af099fdeee30f58ae2527ea0124820d7f4ffd5f5394e074f13e70913b7ab8cb6d9ad8eea661dca2cdc76c9f2b1dc260942789c327a1ef2e https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/1nic/existing-stack/payg/f5-existing-stack-payg-1nic-bigip.py 187460a6f889d7fc78b9f3195715bc3b95db280ae7f1e703f10fbe72019bab93a0887b5c4ff9b2fc4b111e7c57b9e592e508f69bce5f0844ed7d3d50e231ffae https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/1nic/existing-stack/byol/f5-existing-stack-byol-1nic-bigip.py dd949abdbf8db621d8a901a5a014b0c9f4348a2464acb1989799ba37e4874cac3f85a51530fcc9b5aaabe3a58e4f04cc609b672580d428aec67091bb40d00032 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/failover/same-net/via-lb/3nic/existing-stack/payg/f5-existing-stack-same-net-cluster-payg-3nic-bigip.py 4541773709c5ee9f2f1bc35779326354b80db55df7746f6a3a816c6c17411eefcfec5b3d6194e4b4f429235f13b78d0ad12905899e83b4a47fdd07733c946899 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/failover/same-net/via-lb/3nic/existing-stack/byol/f5-existing-stack-same-net-cluster-byol-3nic-bigip.py 2495fb7b321d11a21dc73af7e28978e1402f78a2b47b5d28efa765a591776646c6e5c2832c7ce6d5e090680c18d1b7f74280fcd6aeb95af39f5ed25aefc1bbfd https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/failover/same-net/via-api/3nic/production-stack/payg/f5-prod-stack-same-net-cluster-payg-3nic-bigip.py e64c710790e8bfe1817a4cf69813f515e3eb246046dd567aba261ece5d41d7e2883b9386abc5320f4dd59ad5124c7aefdcad6784ac353b93d9ba79e08287f79e https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/failover/same-net/via-api/3nic/production-stack/byol/f5-prod-stack-same-net-cluster-byol-3nic-bigip.py 200624dcda180fc7016de3efd046defcdf0a5770bce3437da00b047e17c17fba59c4ea03818c3d44648f06abebb230a48aced55553f9a1b9261a8a103c5d54d0 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/failover/same-net/via-api/3nic/existing-stack/payg/f5-existing-stack-same-net-cluster-payg-3nic-bigip.py a7cb6c50fe079199fa81a45eefc978565f0f4585b29cc72c2c08437854ffed04a9bb38905858ac89367d3ffcdf322ec6bb09ca31da15bb0d9530d984706ecab4 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/failover/same-net/via-api/3nic/existing-stack/byol/f5-existing-stack-same-net-cluster-byol-3nic-bigip.py ab198ae40e47848d538e32a946ab349bcaaefb6467c2b87cc94249e99253a4119e3a732013d67fc6d9b5d77b3f96b899f2e0be601e06679e544fe2d97ba5d5a4 Release 2.1.2 Solution File Hash https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/failover/same-net/via-api/3nic/existing-stack/byol/f5-existing-stack-same-net-cluster-byol-3nic-bigip.py 62016bf6fa60f28e73e98923a943d2e5005788d26d51a1c90d7b94f84677f36da7f527349910683cac3aac3d5757369bc5e3c32eaecfc3ba488e8d90ad7e26d6 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/failover/same-net/via-api/3nic/existing-stack/payg/f5-existing-stack-same-net-cluster-payg-3nic-bigip.py dfafad84ae57da83202e2ba647b2dc4daac9729478d944d793936979b0e90ccf86dbd1f010b1206053f2e899eb2dd019e4dba3b204c82950ff0f137ac82dcb55 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/failover/same-net/via-api/3nic/production-stack/byol/f5-prod-stack-same-net-cluster-byol-3nic-bigip.py d5a869a1ba7d39375b39fe222e004128da1b6b343f7c8e27aba1cc8b577eae3c03182eb3ef7e6a9f02085961c27d53dd4699ab2a364bcc9e04828bac18e5acde https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/failover/same-net/via-api/3nic/production-stack/payg/f5-prod-stack-same-net-cluster-payg-3nic-bigip.py 13d53d97eb29408d776f32c71955ab63a26d690bdb7f64c43be6de6fa9a5e2a56bfe0657eb4a2cf0e9c267e6e1edfa307f70574577d7374b3a6e5706af39f701 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/failover/same-net/via-lb/3nic/existing-stack/byol/f5-existing-stack-same-net-cluster-byol-3nic-bigip.py 366169a12fbaecd3c717c9b2d6003b313262b3b4d56885948a7f2eb3bfbeedaeb9e707835b5b8648d4287997a8b8ce47db7a4a1f844e79e6e8831b778c9176b6 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/failover/same-net/via-lb/3nic/existing-stack/payg/f5-existing-stack-same-net-cluster-payg-3nic-bigip.py a6bad1aac43726122b33e9a71dcdd35dec10e3feab14b0a0914c5694bc56253cd130386b4ee33bbe35348f3c0e392d506fc2a867fefcb412dd035c5cb8d2b825 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/1nic/existing-stack/byol/f5-existing-stack-byol-1nic-bigip.py 20dc48ec76e4260d00fa439414435d37d729bb2733037298ad67cc35d335d34acda32983bb525e1a3fb8731a286cb9e11ffffd1916d57f980ecb9089d7ff681c https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/1nic/existing-stack/payg/f5-existing-stack-payg-1nic-bigip.py 9bfa771e28c6a2f1062276d45ffd558f764500eb3c469f1eb0f39198c55ed3f7770ead22de1e4a4eafbff2f28ac05de4c77bbe672ae448f9d33152c7372b69af https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/2nic/existing-stack/byol/f5-existing-stack-byol-2nic-bigip.py d48d634b834383075d8d07afd2ec5a772864046710445328b7f66e7d4e1c47bdb0bbf13431d47bb8b010a1ec66455aa87585cb85113b292dbe293bd9e3ca13bf https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/2nic/existing-stack/payg/f5-existing-stack-payg-2nic-bigip.py ebb8fb06bf68c46815fdd024844e36a93d8335fb4f00ea903312e8d0d9bcceef9ce8bcdcf0616450ab18f4cee578fa1ded61d7ace301ecd4a3005db6e9f0e4fc https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/3nic/existing-stack/byol/f5-existing-stack-byol-3nic-bigip.py 87f18b5889155b065f30129af7d9a5b3297b8d74a16e5249255ff0a382b37d5bdb148ffbc45620553dcc8611f8e9459bfd21b85dde926f81d3e8979b430c434b https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/3nic/existing-stack/payg/f5-existing-stack-payg-3nic-bigip.py 71c4c7cc4a3d0ff9d0ccafa4200269f5afbf4e69e24f1da63cb6db656b05b8a69f5166e51e0feb3f2c0b6d27e22961f06fb088b38637ea9688e41fd4da2b670b Release 2.1.1 Solution File Hash https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/failover/same-net/via-api/3nic/existing-stack/byol/f5-existing-stack-same-net-cluster-byol-3nic-bigip.py 15b1be14efd25a21f9bc3411562e2474fd31a4fabbcd74e719e18fbc3c13857100af5323274fe385b534c71c36098d9615759d2d152512a9bdcfaff017b9bf6c https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/failover/same-net/via-api/3nic/existing-stack/payg/f5-existing-stack-same-net-cluster-payg-3nic-bigip.py 8f9ad3e7fe4fb9519e454f136d47f85c2920134aeb4cd664736f4940031f12f27581a24cb707d800bc41892d0105a1b99328d149822a788a72f7cb9ec17c273d https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/failover/same-net/via-api/3nic/production-stack/byol/f5-prod-stack-same-net-cluster-byol-3nic-bigip.py 3a0da3beaf52546d106661a3a6cbd9f84f83d5587c62339870d1b9e950a0a7996f545d74a534430815d6c12023399b2e2cfc95a9acceaa954f9cbf50f63ba419 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/failover/same-net/via-api/3nic/production-stack/payg/f5-prod-stack-same-net-cluster-payg-3nic-bigip.py e617c9f0faf6eb1e8938274088b774b313aae17735fe34890723c3b3c2762c5f5d8dcbcdf4b30f9202a09897d74d73f07a5b7fe28051d4c5ff4a70e7232c7e14 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/failover/same-net/via-lb/3nic/existing-stack/byol/f5-existing-stack-same-net-cluster-byol-3nic-bigip.py 3868a2b7659b4c19fe35f9e6e9092bb5802a29d79395717bb76be45aa8c305bff0ca9ca3f0aba928c80a4eeda3a5be0d060a4e07aa0601abc19fa5c589deeac9 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/failover/same-net/via-lb/3nic/existing-stack/payg/f5-existing-stack-same-net-cluster-payg-3nic-bigip.py 03b25fa8ae07f540f8fb489b168107cdc919bd808a5bb88a057cab3723db8d8380f0b519240613b428863207c1902075bf6e3fe26ad99f824fe4130b37913081 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/1nic/existing-stack/byol/f5-existing-stack-byol-1nic-bigip.py fdfac344da6eda9e7d7a770b45371bcebd33678367d3b70c0334bbff1f59b5e9155aeac7266f6d446f02d82ec741f80639cff69f8824ef3b5734593286b07093 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/1nic/existing-stack/payg/f5-existing-stack-payg-1nic-bigip.py 42efec05c81a479d827773e51c5acfe6f677fc46ddf36248dc137d6d88d020511bfd00a590c357512fbfe8d93085b541e1fd10923e0b97be65c09b1b03b68d06 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/2nic/existing-stack/byol/f5-existing-stack-byol-2nic-bigip.py 14243747293dcaf6fe4ac872195547975cfa1693bae00c3269848116a3da7bc0cfe0966262ae1b54149c5fcde3be1481939e7e9cfe0e58c1a49a1b54c83a9c4c https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/2nic/existing-stack/payg/f5-existing-stack-payg-2nic-bigip.py acfa9ead8741040112c57f60a7781c4078ad39babc519c27edfe1dc5c823c36ec826a5c200e7da1baaf83cbdc634afb78eaf4c38a3d84283e6182f7cf94a9ae9 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/3nic/existing-stack/byol/f5-existing-stack-byol-3nic-bigip.py d5de2b357dd5a3c34b99feb48b78c0bb0c06e4d9fd81deaa49903123bd052e13591a615dc49b8aa2fcb8fab550cbaac163614487fbecc1f38074041daf1ae34d https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/3nic/existing-stack/payg/f5-existing-stack-payg-3nic-bigip.py e213c627946f44273c73afdde67d37033e616c44a46a2bc35d70ebb3537d40553a0f370266f8a2c40f35140ce687d70cb48255f1a44845a22298ee1e450b50af Release 2.1.0 Solution File Hash https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/failover/same-net/via-api/3nic/existing-stack/byol/f5-existing-stack-same-net-cluster-byol-3nic-bigip.py fafb124943dc8900628a961c548363b6f83b7676ee7c8646e7287594040d88cdedf7d6c7b9609e6e0730e8313cb653a72ea3ca87de49e261cbc36b3252ce6e3b https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/failover/same-net/via-api/3nic/existing-stack/payg/f5-existing-stack-same-net-cluster-payg-3nic-bigip.py 9907305faf584514dbc6d49e53e357497390abc7d5b10af1b620ecf2ae50d8f134fdd081a2941666537a314b0d67a855ac55b4cf8a3a92c7f2993e3e8306df4b https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/failover/same-net/via-api/3nic/production-stack/byol/f5-prod-stack-same-net-cluster-byol-3nic-bigip.py 25b6bedd28145e31c31477ee82f384a03f7d9075a5c1a4624af9f5686d7723deac1858640bc6ebd37749aaa3df993cf8475271ea1071b6682da5bb58b81c754d https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/failover/same-net/via-api/3nic/production-stack/payg/f5-prod-stack-same-net-cluster-payg-3nic-bigip.py ab6cd50df4be458ea72df043a6b31fe1a59dd808c383dc22238d125abcb5bc47a23f52a9d7c9fb7291fdb7974713029c45cd572727568efe19f8e0329721289e https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/failover/same-net/via-lb/3nic/existing-stack/byol/f5-existing-stack-same-net-cluster-byol-3nic-bigip.py 4f04f21b7a43004ce830671880505512838f1b3dba7d498fddf915c523f3de538e318a791ce7d4961ff263d89f73f8eea404ccb49056a1ec8554777be02ce45a https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/failover/same-net/via-lb/3nic/existing-stack/payg/f5-existing-stack-same-net-cluster-payg-3nic-bigip.py 48c9852f2d2de68cef311eeedddcd0fa66f19ce3252dff59fc7bcade681ec5b54e0d8bf38a5c942a21f4eaf3ca847573c2989bc9ea0aac4f3b2dd8a1b643f079 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/1nic/existing-stack/byol/f5-existing-stack-byol-1nic-bigip.py 589d54f01f113469fdf21df6ddaafa2c4ad3f90c78f63e292b2307d9ad4be6aff61c96166233cbd6cf09d16df0f6d1dbf5ae353e9898154c53b633ddea0f4f7f https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/1nic/existing-stack/payg/f5-existing-stack-payg-1nic-bigip.py fa956cdb07a1fd7c44320a58fc2d87f5bad94aaba1cdcf3258bd9c38cb1cbaec6b9426c797a091f513c5513ab3e346149641557222479138d0ec3d101edd865b https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/2nic/existing-stack/byol/f5-existing-stack-byol-2nic-bigip.py e0907f019266dacc356cf433bbdeb2751ee3426a24c2bddf3bffb2240b2334318380724f92e935608f58d1ff3ecbb5359303de209289d63b9f4546f3358260d2 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/2nic/existing-stack/payg/f5-existing-stack-payg-2nic-bigip.py b24fe950d07d45c9ed74d1c8ab128c43ad0c46019449728da6084d46029289ad7c81e477688468dcaa3d0fd38228a0032972a89b519799837ebbda1ab4c161d7 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/3nic/existing-stack/byol/f5-existing-stack-byol-3nic-bigip.py af8d2a5fac0a1752d5b2f6ce385ceed2872c1f4286c847b82e15e29cac39ce23bf74841b2ae68cc8747068ea292817437655ffec77c302f76c6b4c3c17f3fcc8 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/3nic/existing-stack/payg/f5-existing-stack-payg-3nic-bigip.py ded1a238dfd729fb54567441e4757948eede6f7c0eb8ca1048c51f6ebeec553cd76b1d4d16e2208ca866401fe502c8329699c4dc570dd68cfc28784e0acd7310 Release 2.0.0 Solution File Hash https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/1nic/existing-stack/byol/f5-existing-stack-byol-1nic-bigip.py 3c7f59af68fa01d5d4057734c0ff34d7eff3b88bc2570738419d654549b61197514fcb997e01a25b17e476e7f5a94a53833e4f9358c8b89c0e4da6e06c622d58 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/1nic/existing-stack/payg/f5-existing-stack-payg-1nic-bigip.py 22c874e0f252aec851d0e14c6e9f6b7fdc847b2eb3a8b5662fdac9df57baae3532275c1c0aabd9a427d3a31d889d587e394b3a11cef336faf9a9b6bdb9ff390e https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/2nic/existing-stack/byol/f5-existing-stack-byol-2nic-bigip.py 8aa0a049def24f189ea49679a167a5ee12d915f1affd913c610c7ad9b0c72fc32fbfeac60f2e33ef1ba7e97ec79a382a892c60987ab0cfdcd476802579be863b https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/2nic/existing-stack/payg/f5-existing-stack-payg-2nic-bigip.py fec2779c142b3d352bfe37d10bdd61584eed2554cd11d7eb7a5d4d843e277314db0d92cf84518c60b1224b40c5f86871c5f5fc2ab356291b4fb5cdd4f3f39f42 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/3nic/existing-stack/byol/f5-existing-stack-byol-3nic-bigip.py 3e6354e33815667d713c10e5c808521b293feef6befbcd9bdc362fe097bf576dad5fa08ab6fabd45113c75b49829bb1e1abbed63cbee14413cd03ec4e6031543 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/3nic/existing-stack/payg/f5-existing-stack-payg-3nic-bigip.py 4586ec6a66fcd9c762f8566147e72210dbaa3f80629a30b2fffcbc7609f8b981cf0de682f5d326cca59de89813a02ffccae916a0f597e69a1e6bb1c86ed9701f Release 1.5.1 Solution File Hash https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/2nic/existing-stack/payg/f5-existing-stack-payg-2nic-bigip.py 6de6756e4bd96fdeb34e889f9a3635296ace2510414dc87234655b0f6a31acdfc2d333322ecb3c4bcb5203de3a8368bb64bfb5e816a05cc2d8a298c99b3a4a38 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/2nic/existing-stack/byol/f5-existing-stack-byol-2nic-bigip.py 20216260f114ecd11bae3d792f4cd67cbec69ab77de376de62e0e2003eebfe0f211e2e78edd3264669a1dbb9c7b574d454de7a09034f555a7b4eced42e9bbc26 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/3nic/existing-stack/payg/f5-existing-stack-payg-3nic-bigip.py dd60ae0d814da673a04fdbb52a472ad00f1155d1c80c901cffc435b0096a4f5374cb1eeb20ad9c965b65a425a28bd5e14585397363a08d646f78ac36bc5677b9 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/3nic/existing-stack/byol/f5-existing-stack-byol-3nic-bigip.py 4bb13b186174899f94017bd8a3589826abd406f343496df178069f0b4828946c312bfdbbe9502c138122eb61f9cf808e17a3154a0a2ed0bb539ddc8aec9ddc41 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/1nic/existing-stack/payg/f5-existing-stack-payg-1nic-bigip.py 8c9cfa9456e6f780f4a9495f7bc947ae6b83388fdde4710891fc091883a449343cdb0bb636f51aa783f887f8e451e1c41d420f0e62bf7e1720010cca12629748 https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/1nic/existing-stack/byol/f5-existing-stack-byol-1nic-bigip.py c9ba68dc3f9368f09a1d7bde63d0eed2b86cf89fdbf9d1b40a70129bbf00e9522e63a0e1ee682159c975282be6a257567f3acd41827b50a9e670b4a6bb1750c8 Release 1.5.0 Solution File Hash https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/1nic/existing-stack/byol/f5-existing-stack-byol-1nic-bigip.py `8eba1cd3d935d1dec6296f446994c2f9fd274b147521dfd5b6b9572a480c831caee506a6bbe6213b0a7ac741dafab8a87a0200c9c7ea3f1142525327dcc4ebea` https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/1nic/existing-stack/payg/f5-existing-stack-payg-1nic-bigip.py `8d43417513fe82263e77a5b51f3c2078ace7c337a69c40f0245fd1e82f61d16a05e89dfec58ca2bf7399f6449140ff0e5a519984b351dc61d2546625c35a7f2c` https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/2nic/existing-stack/byol/f5-existing-stack-byol-2nic-bigip.py `69455baf88fa45bb6e0cb738266b40f9e4e5ecc5e301947edbad7fb951bcb144e9318cd77bc463af512e607ffb0b5a9efa9b66096ca8381cac2e423e8c7ca6ca` https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/2nic/existing-stack/payg/f5-existing-stack-payg-2nic-bigip.py `64696f0ae9b77e4d9130f98ddb14fa694db2a3578473f028eda2cbc664aa6c087ff4276bd07bd1b85b7d2ddf2eca3d885f5e2187f0fcc6eb9f66dc8bfddd7692` https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/3nic/existing-stack/byol/f5-existing-stack-byol-3nic-bigip.py `c64c047edc5b8941b269f111840347527c63ef9f2f36b9c32ff1d355c19f604a81414919d7991a7cb2cdf7caa4b707ae8283a59e77bc9f95a1a2a4de95cd66d8` https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/3nic/existing-stack/payg/f5-existing-stack-payg-3nic-bigip.py `70ef3dbfd5adb1a5650673fff754e15fa10bfdaf5eb2309df85b8a8f20182f62bf66b7e04e520c80f3e8442f0b86d7409360be73ea89c622ffcea7ff45e645ad` Release 1.4.0 Solution File Hash https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/1nic/existing-stack/byol/f5-existing-stack-byol-1nic-bigip.py `a8f2fcb0171a6e83445f7ea87549749082de28ec636fa5d3340cd5a947247f7b7f0a046f4dd77b5a2213ac83e2026bfa49fceef5728497852bdf0fac4b6c14f3` https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/1nic/existing-stack/payg/f5-existing-stack-payg-1nic-bigip.py `b070c5ac63529c233d94319470ec52c4449b450da8fe733f35011a36ffe98c50b0a686b9a0f2e020ad48a66f4471115f37005f8d2ab48d903896a92fade93204` https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/2nic/existing-stack/byol/f5-existing-stack-byol-2nic-bigip.py `b229ec49df284218e77cccce91a437341802ecb6390eb5804bbfa1d20dbc76b20f494645379e773601b0e2ebaa31c38cf75e6f8b6114bca79810ad6df5a9a553` https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/2nic/existing-stack/payg/f5-existing-stack-payg-2nic-bigip.py `f83c0a8c817d59fed931d93f26aa494f4cc46d14f7e383e33ab94af242383e3679c129751ed8b9c86242bb1d06b43ed0d081484e7bf3ad9c1afede4a1c5a7f2c` https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/3nic/existing-stack/byol/f5-existing-stack-byol-3nic-bigip.py `09c45fae01d692235ded2620526c4f274cb2e6bc167a2f61d7e7ad8e08691306ac51fcfe2bf315db12b88e7dc9c6a8ab2f49fc08030b86ea9678685df7fcd4a9` https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/3nic/existing-stack/payg/f5-existing-stack-payg-3nic-bigip.py `4d7580d89142442088b9cc38908ea62cda9a6d777299874d7b491457e18fb542ce5d2cfce26f73b7c34f29ef890e8c605c68bcaa9fa3eff613baae86286dee29` Release 1.3.1 Standalone: 1 NIC template - BYOL (f5-existing-stack-byol-1nic-bigip.py) 31f9d90416debae28afdfa52e8d72512b06889238f1a0e05094c51b22788d015383aa52d5fb1f76eee7be75b3d3dd1ae685b56aca274c5fd134fba4dc0f4328c Standalone: 1 NIC template - PAYG (f5-existing-stack-payg-1nic-bigip.py) 24051d220acc210c53c004956c83ba7c6e2766202c4e67555c68c7725fd045908b688c2e4d94a9639e87ca610c3a5ec3b2b43387b5538589a34d3b0fc7531d9c Standalone: 2 NIC template - BYOL (f5-existing-stack-byol-2nic-bigip.py) 4be922188aef641f285a088634819ca302b5ebe188e4df3237085b3959192693bc5d09643c8c3bdf5ae2b0fb8e65aac7605e8d8c66e74ef51469326484b5d64e Standalone: 2 NIC template - PAYG (f5-existing-stack-payg-2nic-bigip.py) bf3280e8dc9b32f14e22116fbaae24975bb7dd809c09f3971ceabaa786c37608ccb000717e290541f48d8297151dbbff9f2ac58f7f0564e795062fcbd2656967 Standalone: 3 NIC template - BYOL (f5-existing-stack-byol-3nic-bigip.py) 9f01c9f0a8fd0908c50054edd31203bca07998a2a1b73981a9634967cd4864971490b9a9f4d4d549fa97e3d6a4abe5dff069930d5d691ecd0420abf540378e90 Standalone: 3 NIC template - PAYG (f5-existing-stack-payg-3nic-bigip.py) f331fe5cf3a9eff18255e7f4bb5c700538543021e99a56324970c990d7b2457fc7b460902ad14d50c62f4e314c73f7a5c5e19203b7d61af6156daded14858b66 Release 1.3.0 Standalone: 1 NIC template - BYOL (f5-existing-stack-byol-1nic-bigip.py) a337ab4936a9b43ae5e0a792510ea6cee7f56f06c9d25f293c3a21ab585f54b56909651848feb4099f8ed86670d28817a066495158b6373f3ed1d1916421db2f Standalone: 1 NIC template - PAYG (f5-existing-stack-payg-1nic-bigip.py) d7a397a2dc0d36689e1e44cf95101ea2dc949d35783f2893180f8451eb7246a00131993212cf7f0abd753330ef59133eabf6218c014b5d5dc5ae2f6ced0d2ab6 Standalone: 2 NIC template - BYOL (f5-existing-stack-byol-2nic-bigip.py) ea7efcc8f9a67a9f95fe3c3415b2240f7260398c9c3fa1e83e0e8c6cb02cc69fc0b3edebe753b2e8c0dce812c5780c71d815c4cdc7ec60e6531c8dde7564f191 Standalone: 2 NIC template - PAYG (f5-existing-stack-payg-2nic-bigip.py) 89ddf9528e086c1e0a66d3c8fa09e0b10375f0f96ad4c010693663296d3a8a3aed14526aecd48233ffae45e10bdf1e0a8d3fc4c9bb72feda637e21d6d0e597f2 Standalone: 3 NIC template - BYOL (f5-existing-stack-byol-3nic-bigip.py) 72084419076f8f47554fb2b9678ffa9a5e0112f5da8065631ec0874f880f7d3bcdd9168dac79f3cb9b894a08c5a303ff4680d307424cb42afe131bca043d2606 Standalone: 3 NIC template - PAYG (f5-existing-stack-payg-3nic-bigip.py) 6bc6eeaec03a3f5f74be8a564aadf4359bcd30af35c0619fafa59506e4ce20fe1a12ac9cde2f0f25b9bb7aa432bb8965eb14bdd6e4658b01a05e6f3cc5d03962 Release 1.2.0 Standalone: 1 NIC template (f5-existing-stack-byol-1nic-bigip.py) 42b176a15e1bb448d1ae77b02356bcaf83338fcaa28c3586f1abd821849cb39808e3b795cc235c9e83e44e69089bbffa61c3b399151e0755b9f88d1ee18a215b Release 1.1.0 Standalone: 1 NIC template (f5-existing-stack-byol-1nic-bigip.py) 42b176a15e1bb448d1ae77b02356bcaf83338fcaa28c3586f1abd821849cb39808e3b795cc235c9e83e44e69089bbffa61c3b399151e0755b9f88d1ee18a215b Release 1.0.0 Standalone: 1 NIC template (f5-existing-stack-byol-1nic-bigip.py) de5542d7c25b820da0b0fd400e4d26ce11c686136b18ff62279f7ccc94cdfc38fcb6432cc13d6546837031878f2186e02244a9faa405f403649906e9c2d428cc Code : You can get a checksum for a particular template by running one of the following commands, depending on your operating system: Linux: sha512sum Windows using CertUtil: CertUtil –hashfile SHA512 You can compare the checksum produced by that command against the following list.Google Analytics different code for Multiple Sites
Hi All, I am trying to figure out how to make different Google Analytic codes work for multiple sites. I found this on the good old interewebz/DevCentral listed below. However, when I create a second iRule and change out the gacode for another code I still see one GA code dominate both sites. I see now that Rule_INIT is a global call and I'm just not sure how to switch it up to make this work. Could any of you awesome people help me here? I've tried messing with streams to change it out and also thinking maybe my answer might be in the client_accept call, but I'm just kind of green here. Thanks in advance. Code when RULE_INIT { set ::find "" set gacode "UA-Code-x" set ::replace " " } when HTTP_RESPONSE { STREAM::disable if {[HTTP::header value Content-Type] contains "text"}{ STREAM::expression "@$::find@$::replace@" STREAM::enable } }Help with creating script
Currently we are using the google authenticator with our F5 implementation. We provide our users with a shared secret key and store the same key in our Active Directory for later reference. So basically we add a sample key like this to one of our AD fields: GVUEYVDJMNSFIMD2 So basically i have a ton of users with this setup in their AD fields. One of the issues i have with our setup is the fact the key we store in Active Directory is too visible to others in my organization. So a friend point this link to me and I think it will fix my concerns: https://devcentral.f5.com/questions/apm-active-directory-authention-with-google-auth So we add the following code to the google authenticator generator page: append ga_secret_http_resp "key (secret): $secret_b32\n \n " set key "3658F2C8C5C2017839B2B1761F713F8B" set iv "DC4F6A9A1C6D12C15FEC43179660C78B" set enc_ga_secret [b64encode [CRYPTO::encrypt -alg aes-128-cbc -keyhex $key -ivhex $iv $secret_b32]] append ga_secret_http_resp "encrypted secret: $enc_ga_secret\n" append ga_secret_http_resp "\n" Users are provide the key GVUEYVDJMNSFIMD2 and we now add this encrypted key 3qqb/Yr1gSblF99F8/XkgJVFG5vs9KG5OwflwLHkU9I= to AD. The F5 can then decrypt the key and it works great. However, I now need to create a script that will take the remain shared key we have in everybody account and encrypt it. I was hoping someone knew a little power shell or some other scripting language that could help me out of this jam!
google 2fa irule error
I'm struggling with this error when doing "load sys config verify [use curly braces to avoid double substitution] full error message /Common/Google_Token:131: warning: [use curly braces to avoid double substitution][(0x{[string range ${token} ${offset} [expr {${offset} + 7}]]}] The irule line in original code was set ga_code [expr (0x[string range $token $offset [expr $offset + 7]] & 0x7FFFFFFF) % 1000000] And I changed it to set ga_code [expr (0x[string range ${token} ${offset} [expr {${offset} + 7}]] & 0x7FFFFFFF) % 1000000] I'm able to connect to APM and passing the token , it is working fine there, but this cannot get rid of this error message Any one can help with the correct syntax ? article https://support.f5.com/csp/article/K57410758 seems not to be very helpful
Excluding google from geolocation with IRULE
Hi, I am interested in an irule that will exclude google IPs from geolocation blocking. Since Google's IP list is dynamic, I need a way to take this list and turn it into a data group on a regular basis. The list is here: https://developers.google.com/search/apis/ipranges/googlebot.json And the ranges are here: https://www.gstatic.com/ipranges/goog.json Any ideas? Anybody done this already? Thanks, VeredUsing Cloud Templates to Change BIG-IP Versions - Google GCP
Introduction This article will make use of F5 cloud templates on GitHub to modify the BIG-IP versions for your public cloud deployments in Google. This is part of an article series, so please review the “Concepts” as well as other articles within the series. Modifying BIG-IP Templates for Google Cloud This section will show you how to modify the BIG-IP version in Google deployments. The template deployment service in Google is called Google Deployment Manager. Google GDM BIG-IP Cloud Templates for Google on GitHub There are a few methods I tested, and I’ll do a “How To” for each. Check the Appendix for additional examples. Use Latest Template Release (no edits required) Use Previous Template Release (no edits required) Edit Latest Template to Change BIG-IP Versions Edit Latest Template to Use Custom Uploaded Image Note: At the time of this article, the "Latest" template release version for F5 cloud templates in Google is 3.5.0 and found under Tag 3.5.0 on GitHub. See Tag 3.5.0 Release Notes. Option #1: Use Latest Template Release (no edits required) This option lets you use templates without modification of code. Each release corresponds to a certain BIG-IP version (see Google GDM Template Matrix), and the template is hard coded with the selection of one BIG-IP version in Google F5 cloud templates. The latest template will deploy BIG-IP version 15.0.1.0 by default. You can change the BIG-IP version by supplying a different Google image in the imageName parameter. Here is an example to deploy BIG-IP version 14.1.2.3. Search for Google images via gcloud CLI: Open your favorite terminal Enter a search filter. This filter will query the f5 vendor project. command = gcloud compute images list --project=f5-7626-networks-public | grep f5 Find your desired image My example = BIG-IP 14.1.2.3 PAYG BEST You can filter further with basic CLI by adding “grep 14-1-2-3" If you want BYOL, then “grep” for “byol” Copy the image ID and save for later (my example f5-bigip-14-1-2-3-0-0-5-payg-best-1gbps-191218142340) #Example image search and results gcloud compute images list --project=f5-7626-networks-public | grep f5 #Output similar to this... --snippet-- f5-bigip-13-1-3-2-0-0-4-payg-best-1gbps-20191105210022 f5-bigip-13-1-3-2-0-0-4-payg-best-200mbps-20191105210022 f5-bigip-13-1-3-2-0-0-4-byol-all-modules-2slot-20191105200157 ...and some more f5-bigip-14-1-2-3-0-0-5-byol-ltm-1boot-loc-191218142225 f5-bigip-14-1-2-3-0-0-5-payg-best-1gbps-191218142340 ...and more... Deploy BIG-IP with custom image ID: Find your favorite BIG-IP template for Google. I’ll use the BIG-IP, standalone, 3nic, PAYG licensing (Tag 3.5.0) Review the entire README for installation instructions Download template files: py, schema, yaml Edit yaml file imageName = f5-bigip-14-1-2-3-0-0-5-payg-best-1gbps-191218142340 Populate all remaining parameters Make sure all values in yaml are populated or commented (#) If values are commented, make sure schema contains defaults More details in my other article, Service Discovery in Google Gloud with BIG-IP Save file and deploy with your favorite method Google will validate the template and launch a BIG-IP running 14.1.2.3 #Example deploy using Google gcloud gcloud deployment-manager deployments create my-f5-14-1-2 --config f5-existing-stack-payg-3nic-bigip.yaml Easy right? Try another AMI ID search and launch the template again to get a v13.x, v14.x, or v15.x BIG-IP. Option #2: Use Previous Template Release (no edits required) If you don’t mind a previous template release (less fixes/features), AND you still don’t want to tweak template code, AND you still need a different BIG-IP version, AND the BIG-IP version is listed in the matrix then keep reading! Here is an example to deploy BIG-IP version 13.1.1.0. Find a previous template release to deploy BIG-IP version you desire: Decide what BIG-IP version you need (my example 13.1.1.0) Check the Google GDM Template Matrix for BIG-IP Scroll down the list and you’ll see template release v2.2.0 It allows “13.1.1” Click the link to review v2.2.0 template release notes Deploy BIG-IP with previous template release: Find your favorite BIG-IP template for Google. I’ll use the BIG-IP, standalone, 3nic, PAYG licensing (Tag 2.2.0) Review the entire README for installation instructions Download template files: py, schema, yaml Edit yaml file imageName = f5-hourly-bigip-13-1-1-0-0-4-best-1gbps (see yaml file for available images) Populate all remaining parameters Make sure all values in yaml are populated or commented (#) If values are commented, make sure schema contains defaults More details in my other article, Service Discovery in Google Gloud with BIG-IP Save file and deploy with your favorite method Google will validate the template and launch a BIG-IP running 13.1.1.0 #Example deploy using Google gcloud gcloud deployment-manager deployments create my-f5-13-1-1 --config f5-existing-stack-payg-3nic-bigip.yaml OK...we made it this far, but you still don’t see the BIG-IP version you need. Keep reading! In the next section, we’ll tweak some templates! Option #3: Edit Latest Template to Change BIG-IP Versions (TBD) This section is reserved for future use in situations where templates need to be modified in order to select a preferred BIG-IP version from public marketplace. In my testing, I have not yet found a scenario where a template edit is required. Therefore, this section is a place holder for potential future template hacks! Note: Review the knowledge article F5 support for GitHub software for any questions pertaining to support of templates and modified templates. Option #4: Edit Latest Template to Use Custom Uploaded Image The final Google option allows you to upload or create your own BIG-IP images and reference those images in F5 cloud template deployments. There is an existing how-to doc on the F5 Image Generator GitHub for GCE repository explaining how to create a BIG-IP image for your Google environment. I’ll walk through the high-level steps of the article below. Then we'll review the deploy steps. Note: Custom images only allow BYOL licensing. Note: Review the knowledge article F5 support for GitHub software for any questions pertaining to support of templates and modified templates Upload/Create Custom Image: Obtain an image file for the BIG-IP version you desire My example = 13.1.3.3 Download image file from https://downloads.f5.com Use F5 Image Generator to make your own custom image Review entire "Prerequisites" section Create a virtual disk image locally Upload the virtual disk image to a GCE bucket Create the virtual machine image Save image name for later (my example f5-bigip-13-1-3-3-0-0-6-byol-ltm-1slot-a83bji8j2) #Example image creation ./build-image -i BIGIP-13.1.3.3-0.0.6.iso -c config.yml -p gce -m ltm -b 1 #Output similar to this... ... qemu-system installing RTM Image -- start time: 01:58:44 qemu-system installing RTM Image -- elapsed time: 0:08:51 qemu-system performing selinux relabeling -- start time: 02:07:35 qemu-system performing selinux relabeling -- elapsed time: 0:02:10 ... ------======[ Finished disk generation for 'gce' 'ltm' '1' boot-locations. ]======------ Starting prepare cloud image 'f5-bigip-13-1-3-3-0-0-6-byol-ltm-1slot-a83bji8j2'. ... Finished prepare cloud image 'f5-bigip-13-1-3-3-0-0-6-byol-ltm-1slot-a83bji8j2' Deploy custom BIG-IP image with latest template release: Find your favorite BIG-IP template for Google. I’ll use the BIG-IP, standalone, 3nic, BYOL licensing (Tag 3.5.0) Review the entire README for installation instructions Download template files: py, schema, yaml Edit python file **Refer to EXAMPLE EDITS code snippet below Replace project ID in sourceImage with your project ID Edit yaml file imageName = f5-bigip-13-1-3-3-0-0-6-byol-ltm-1slot-a83bji8j2 Populate all remaining parameters Make sure all values in yaml are populated or commented (#) If values are commented, make sure schema contains defaults More details in my other article, Service Discovery in Google Gloud with BIG-IP Save file and deploy with your favorite method Google will validate the template and launch a BIG-IP running 13.1.3.3 #Example Edits for Option #4: Edit Latest Template to Use Custom Uploaded Image #original 'sourceImage': ''.join([COMPUTE_URL_BASE, 'projects/f5-7626-networks-public', '/global/images/', context.properties['imageName'], ]) #after edits 'sourceImage': ''.join([COMPUTE_URL_BASE, 'projects/myproject123', '/global/images/', context.properties['imageName'], ]) #Example deploy using Google gcloud gcloud deployment-manager deployments create my-f5-13-1-3 --config f5-existing-stack-byol-3nic-bigip.yaml Summary That is a wrap! There’s lots of info in this post, and I hope it makes your job easier in deciding what template to choose when deploying various versions of BIG-IP devices in the Google public cloud.Using Cloud Templates to Change BIG-IP Versions - Concepts
Introduction This article series will detail how you can deploy F5 into a public cloud leveraging cloud templates. This article will first cover some of the basic concepts, and we then go into some deployment guidance specific for the most common public clouds. In this article series, we will be using F5 cloud templates (available on GitHub) to modify the BIG-IP versions for your public cloud deployments. I will also share a few ways to use cloud templates in order to deploy the latest or previous stable releases of BIG-IP. Topics covered: F5 Cloud Templates Overview Image Repository Template Versions and BIG-IP Versions F5 BIG-IP Custom Images F5 Cloud Templates Next Steps...Go Read the How-To Articles! F5 Cloud Templates Overview Given the range of F5 products and the numerous public cloud providers,the F5 product teams have created quite the collection of cloud templates. These are located on GitHub with various BIG-IP templates for each cloud provider. Each template enables you to deploy BIG-IP devices in your cloud environment using different designs, licensing models, and features like load balancing, web application security, or all the BIG-IP modules - all these across a range of BIG-IP versions! GitHub For those of you who are unfamiliar with our F5 cloud templates, I encourage you to head over to GitHub and review the available templates. Each template has a corresponding README with relevant install info. These templates take care of various dependencies like network setup, access list updates, public IP creation, BIG-IP creation, HA cluster, auto scale, and more. BIG-IP Cloud Templates for AWS BIG-IP Cloud Templates for Azure BIG-IP Cloud Templates for Google F5 CloudDocs Also...head over to F5 CloudDocs for BIG-IP virtual edition (VE) for some quickstart installation and docs. F5 CloudDocs is a key resource that details important features, capabilities and usage guidance across the range of F5’s Cloud offerings. Support If you find yourself running into issues and require support, don't hesitate to open a GitHub issue on the relevant repo and create a GitHub "issue". You also have the ability to create a ticket with F5 support on https://support.f5.com. Review the F5 support policies regarding GitHub F5 repositories to learn what is and is not covered. When in doubt, reach out to your friendly F5 account team! Image Repository Each cloud provider has a public marketplace where vendors like F5 can upload images of their products, like BIG-IP. The cloud provider marketplace can be used as an image repository...with some important caveats, of course. The marketplace for each cloud provider has limits on the number of images for each vendor. As new versions of BIG-IP are released, F5 removes previous versions from marketplace to make room for the new versions. Customers relying on previous BIG-IP releases are encouraged to archive those specific BIG-IP versions in their own private image repository for each cloud provider. You can do this by uploading a BIG-IP cloud image to the cloud provider. It then becomes an available image ID for deployment. Grab these images from https://download.f5.com and look for your specific cloud provider. Template Versions and BIG-IP Versions There are two types of “versions” to discuss. One...the F5 cloud template versions. Two...the BIG-IP version. F5 Cloud Template Versions The F5 cloud templates are updated regularly and tagged with a release number. The templates are tested against the latest (aka newest) BIG-IP version available in marketplace at the time of template release and allow the user to select other versions of BIG-IP too. There is a Template-to-BIG-IP Version matrix for each cloud provider, and this tells you the various template versions and BIG-IP versions supported for that specific template release. It is recommended to always use the latest template release because it includes the most recent template fixes and improvements. You can select the matrix links below and then click on the tag/release version to see release notes. AWS CFT Template Matrix Azure ARM Template Matrix Google GDM Template Matrix BIG-IP Versions As for BIG-IP versions and what is supported in each cloud provider, please review the BIG-IP VE Support Platforms. This will list the recommended instance types/sizes and licensing for each cloud provider. Note: Best practice is to always use the latest templates as they are most up to date with the latest features and fixes for templated deployment of BIG-IP devices. This article series has workarounds that I have tested in my lab in order to help you deploy various versions of BIG-IP. If you decide to use a previous template version, then check the release notes to determine if your deployment is affected by any of the items noted (features, fixes, workarounds). F5 BIG-IP Custom Images All that talk about vendor images, public marketplace, private images...oh my! What happens if you need to customize your own image, patch it, do something magical to it? What happens if the image you need on public marketplace is no longer there? Enter the F5 Custom Image Builder! Use the F5 BIG-IP Image Generator Tool to create custom images from the .ISO file for F5 BIG-IP VE releases or for hot-fixes. You can then upload that image to the cloud provider and reference it in your template deployments. The F5 Virtual Edition (VE) team developed the F5 BIG-IP Image Generator internally to do the following: Create custom images from the .ISO file for F5 BIG-IP VE releases or for hot-fixes that are not available on the various public cloud marketplaces. Provide pre-deployment file customization of BIG-IP (for example, SSH keys, trusted certificates, custom packages, and so forth). Automatically publish images to public cloud providers. Simplify deployment workflows, such as encrypting custom images in AWS (prevents launching an instance in the marketplace first). Next Steps In the rest of the articles in this series, I will discuss HOW TO modify cloud templates to change BIG-IP versions for AWS, Azure, and Google cloud offerings.Service Discovery in Google Cloud with F5 BIG-IP
Service discovery allows cool things to happen like dynamic node discovery for your applications. The BIG-IP device can utilize service discovery to automate the scale in/out of pool members. What does this mean? Your BIG-IP configs will get updated without user intervention. Google Cloud uses "Labels" that are assigned to virtual machines (VM). The BIG-IP will use these "Labels" to automate the dynamic nature of pool members coming and going. It periodically scans the cloud provider for VMs matching those labels. Benefit? Yes indeed! No tickets to IT asking for pool member modifications...no waiting on emails...no approvals. I setup a BIG-IP (3nic standalone) with service discovery in Google Cloud using our F5 cloud templates on GitHub, and I am here to share the how-to and results. After reading the Github repo as well as visiting our CloudDocs site, I went to work. This article has the following sections: Prerequisites Download, Customize, and Deploy Template Attach Service Account to BIG-IP VM Login to the BIG-IP via SSH and Set Password Configure Service Discovery with iApp Configure Service Discovery with AS3 Summary Appendix Sections Prerequisites - Google Cloud SDK Must have Google Cloud SDK...easy. Go here https://cloud.google.com/sdk/docs/quickstarts. curl https://sdk.cloud.google.com | bash exec -l $SHELL gcloud init The Google Cloud SDK lets you do "?" and "tab" helpers. Meaning, type gcloud then hit tab a few times to see all the options. When you run "gcloud init", it will authenticate your device to the google network resulting in your laptop having Google Cloud API access. If you are running "gcloud init" for the first time, the SSH shell will pop open a browser window in which you authenticate to Google with your credentials. You'll be given an option to select the project name, and you can also configure default zones and regions. Play around with gcloud on CLI and then hit "tab" to see all the options. You can also the Google Cloud docs here https://cloud.google.com/sdk/docs/initializing. Prerequisites - VPC Networks, Subnets, Firewalls, and Routes A VM in Google Cloud can only have one NIC per VPC network. Therefore, a BIG-IP 3nic deployment requires 3 VPC networks with 1 subnet each. Before deploying the GDM template, you'll need to create the required networks and subnets. Then make sure any necessary ports are open via firewall rules. VPC Networks and Subnets Here are some screenshots of my setup. I have a management, external, and internal network. Here are the network and subnet properties for the management network as an example. Firewalls Modify firewall rules to allow any necessary management ports. These are not setup by the template. Therefore, common management ports like tcp:22 and tcp:443 should be created. Here is my management firewall ruleset as an example. In my example, my BIG-IP has additional interfaces (NICs) and therefore additional networks and firewall rules. Make sure to allow appropriate application access (ex. 80/443) to the NICs on the BIG-IP that are processing application traffic. Here is an example for my external NIC. Routes I didn't touch these. However, it is important to review the VPC network routes and make sure you have a default gateway if required. If the network is meant to be internal/private, then it's best to remove the default route pointing to internet gateway. Here is an example of my management network routes in use. Prerequisites - Service Account To do auto-discovery of pool members (aka Service Discovery), the BIG-IP device requires a role assigned to its VM. When a VM instance has an assigned role in the cloud, it will inherit permissions assigned by the role to do certain tasks like list compute instances, access cloud storage, re-map elastic IPs, and more. This avoids the need to hard-code credentials in application code. In the example of service discovery, we need the service account to have a minimum of "Compute Viewer" or "Compute Engine - Read Only" permissions. Other deployment examples may require more permissions such as storage permissions or pub-sub permissions. Create a new service account in the IAM section, then find "Service accounts". Here's an example of a new service account and role assigned. If done correctly, it will be visible as an IAM user. See below for example. Prerequisites - Pools Members Tagged Correctly Deploy the VM instances that will run your app...the pool members (e.g. http server running port 80) and add a "Label" name with value to each VM instance. For example, my label name = app. My label value = demo. Any VM instance in my project with label name = app, value = demo will be discovered by the BIG-IP and pulled in as new pool member(s). Example... Pre-reqs are done! Download and Customize YAML Template File The Google Cloud templates make use of a YAML file, a PY file, and a schema file (requirements and defaults). The GitHub README contains helpful guidance. Visit the GitHub site to download the necessary files. As a reminder, this demo uses the following 3nic standalone template: https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/3nic/existing-stack/payg Scroll down to the "Deploying the template" section to review the requirements. Download the YAML file to your desktop and ALSO make sure to download the python (PY) and schema files to your desktop. Here's an example of my modified YAML file. Notice some fields are optional and not required by the template as noted in the GitHub README file parameters table. Therefore, 'mgmtSubnetAddress' is commented out and ignored, but I left it in the example for visualization purposes. # Copyright 2019 F5 Networks All rights reserved. # # Version 3.2.0 imports: - path: f5-existing-stack-payg-3nic-bigip.py resources: - name: f5-existing-stack-payg-3nic-bigip type: f5-existing-stack-payg-3nic-bigip.py properties: region: us-west1 availabilityZone1: us-west1-b mgmtNetwork: jgiroux-net-mgmt mgmtSubnet: jgiroux-subnet-mgmt #mgmtSubnetAddress: <DYNAMIC or address> restrictedSrcAddress: 0.0.0.0/0 restrictedSrcAddressApp: 0.0.0.0/0 network1: jgiroux-net-ext subnet1: jgiroux-subnet-ext #subnet1Address: <DYNAMIC or address> network2: jgiroux-net-int subnet2: jgiroux-subnet-int #subnet2Address: <DYNAMIC or address> provisionPublicIP: 'yes' imageName: f5-bigip-15-0-1-0-0-11-payg-best-25mbps-190803012348 instanceType: n1-standard-8 #mgmtGuiPort: <port> #applicationPort: <port port> #ntpServer: <server server> #timezone: <timezone> bigIpModules: ltm:nominal allowUsageAnalytics: 'yes' #logLevel: <level> declarationUrl: default Deploy Template Make sure you point to the correct file location, and you're ready to go! Again, reference the GitHub README for more info. Example syntax... gcloud deployment-manager deployments create <your-deployment-name> --config <your-file-name.yaml> Attach Service Account to BIG-IP VM Once deployed, you will need to attach the service account to the newly created BIG-IP VM instance. You do this by shutting down the BIG-IP VM instance, binding a service account to the VM, and then starting the VM again. It's worth noting that the template can be easily modified to include service account binding during VM instance creation. You can also do this via orchestration tools like Ansible or Terraform. Example... gcloud compute instances stop bigip1-jg-f5-sd gcloud compute instances set-service-account bigip1-jg-f5-sd --service-account svc-jgiroux@xxxxx.iam.gserviceaccount.com gcloud compute instances start bigip1-jg-f5-sd Login to the BIG-IP and Set Password You should have a running BIG-IP at this point with attached service account. In order to access the web UI, you'll need to first access SSH via SSH key authentication and then set the admin password There are orchestrated ways to do this, but let's do the old fashion manual way. First, go to Google Cloud Console, and view properties of the BIG-IP VM instance. Look for the mgmt NIC public IP. Note: In Google Cloud, the BIG-IP mgmt interface is swapped with NIC1 Open your favorite SSH client and access the BIG-IP. Make sure your SSH key already exists in your Google Console. Instructions for uploading SSH keys are found here. Example syntax... ssh admin@x.x.x.x -i /key/location Update the admin password and save config while on the TMOS CLI prompt. Here's an example. admin@(bigip1-jg-f5-sd)(tmos)# modify auth user admin password myNewPassword123! admin@(bigip1-jg-f5-sd)(tmos)# save sys config Now access the web UI using the mgmt public IP via https://x.x.x.x. Login with admin and the newly modified password. Configure Service Discovery with iApp The BIG-IP device is very programmable, and you can apply configurations using various methods like web UI or CLI, iApps, imperative APIs, and declarative APIs. For demo purposes, I will illustrate the iApp method in this section. The F5 cloud templates automatically include the Service Discovery iApp as part of the onboard and build process, but you'll still need to configure an application service. First, the CLI method is a quick TMSH one-liner to configure the app service using the Service Discovery iApp. It does the following: creates new app service called "serviceDiscovery" uses "gce" (Google) as provider chooses a region "default" (causes script to look in same region as BIG-IP VM) chooses intervals and health checks creates new pool, looks for pool tag:value (app=demo, port 80) tmsh create /sys application service serviceDiscovery template f5.service_discovery variables add { basic__advanced { value no } basic__display_help { value hide } cloud__cloud_provider { value gce } cloud__gce_region { value \"/#default#\" } monitor__frequency { value 30 } monitor__http_method { value GET } monitor__http_verison { value http11 } monitor__monitor { value \"/#create_new#\"} monitor__response { value \"\" } monitor__uri { value / } pool__interval { value 60 } pool__member_conn_limit { value 0 } pool__member_port { value 80 } pool__pool_to_use { value \"/#create_new#\" } pool__public_private {value private} pool__tag_key { value 'app'} pool__tag_value { value 'demo'} } If you still love the web UI, then go to the BIG-IP web UI > iApps > Application Services. If you executed the TMSH command above, then you should have an app service called "serviceDiscovery". Select it, then hit "Reconfigure" to review the settings. If no app service exists yet, then create a new app service and set it to match your environmental requirements. Here is my example. Validate Results of Service Discovery with iApp Review the /var/log/ltm file. It will show pool up/down messages for the service discovery pool. It will also indicate if the service discovery script is failing to run or not. tail -f /var/log/ltm Example showing successful member add to pool... Another place to look is the /var/log/cloud/service_discovery/get_nodes.log file. You'll see messages showing the script query and status. tail -f /var/log/cloud/service_discovery/get_nodes.log Example showing getNodes.js call and parameters with successful "finished" message... Last but not least, you can check the UI within the LTM > Pools section. Note: Service Discovery with iApp complete Attach this new pool to a BIG-IP virtual server, and now your app can dynamically scale. I'll leave the virtual server creation up to you! In other words...challenge time! For additional methods to configure service discovery on a BIG-IP, continue reading. Configure Service Discovery with AS3 (declarative option) As mentioned earlier, the BIG-IP device is very programmable. We used the iApp method to automate BIG-IP configs for pool members changes in the previous section. Now let's look at a declarative API approach using AS3 from the F5 Automation Toolchain. You can read more about AS3 - here. At a high level, AS3 enables L4-L7 application services to be managed in a declarative model. This enables teams to place BIG-IP security and traffic management services in orchestration pipelines and greatly eases the configuration of L4-L7 services. This also has the benefit of using consistent patterns to deploy and migrate applications. Similar to the Service Discovery iApp...the AS3 rpm comes bundled with the handy F5 cloud templates. If you deployed via alternative methods, if you do not have AS3 rpm pre-loaded, if you want to upgrade, or if you simply want a place to start learning, review the Quick Start AS3 Docs. Review the Additional Declarations for examples on how to use AS3 with iRules, WAF policies, and more. Note: AS3 is a declarative API and therefore no web UI exists to configure L4-L7 services. Postman will be used in my example to POST the JSON declaration. Open Postman, authenticate to the BIG-IP, and then post the app declaration. Learn how by reviewing the Quick Start AS3 Docs. Here's my example declaration. It does the following: creates new application (aka VIP) with public IP of 10.1.10.34 uses "gce" (Google) as cloud provider defines tenant as "Sample_sd_01" chooses a region "us-west1" in which to query for VMs creates new pool 'web_pool' with members matching tag=app, value=demo on port 80 { "class": "ADC", "schemaVersion": "3.0.0", "id": "urn:uuid:33045210-3ab8-4636-9b2a-c98d22ab425d", "controls": { "class": "Controls", "trace": true, "logLevel": "debug" }, "label": "GCP Service Discovery", "remark": "Simple HTTP application with a pool using GCP service discovery", "Sample_sd_01": { "class": "Tenant", "verifiers": { }, "A1": { "class": "Application", "template": "http", "serviceMain": { "class": "Service_HTTP", "virtualAddresses": [ "10.1.1.34" ], "pool": "web_pool" }, "web_pool": { "class": "Pool", "monitors": [ "http" ], "members": [ { "servicePort": 80, "addressDiscovery": "gce", "updateInterval": 1, "tagKey": "app", "tagValue": "demo", "addressRealm": "private", "region": "us-west1" } ] } } } } Validate Results of Service Discovery with AS3 Similar to the iApp method, review the /var/log/ltm file to validate AS3 pool member discovery. You'll see basic pool member up/down messages. tail -f /var/log/ltm Example showing successful member add to pool... Another place to look is the /var/log/restnoded/restnoded.log file. You'll see messages showing status. tail -f /var/log/restnoded/restnoded.log Example showing restnoded.log sample logs... Last but not least, you can check the UI within the LTM > Pools section. AS3 is multi-tenant and therefore uses partitions (tenants). Make sure to change the partition in upper-right corner of web UI if you don't see your config objects. Change partition... View pool and pool member... As a bonus, you can test the application from a web browser. AS3 deployed full L4-L7 services in my example. Therefore, it also deployed a virtual server listening on the value in declaration parameter 'virtualAddresses' which is IP 10.1.10.34. Here is my virtual server example... This IP of 10.1.10.34 maps to a public IP associated with the BIG-IP VM in Google Cloud of 34.82.79.120 on nic0. See example NIC layout below... Open a web browser and test the app on http://34.82.79.120. Note: Service Discovery with AS3 complete Great job! You're done! Review the Appendix sections for more information. Summary I hope you enjoyed this writeup and gained some new knowledge along the way. I demonstrated a basic Google Cloud network, deployed an F5 BIG-IP instance using F5 cloud templates, and then configured service discovery to dynamically populate pool members. As for other general guidance around BIG-IP and high availability designs in the cloud, I'll leave those details for another article. Appendix: Google Networking and BIG-IP Listeners In my example, I have an external IP mapping to the BIG-IP VM private IP on nic0...no forwarding rules. Therefore Google NATs the incoming traffic from 34.82.79.120 to the VM private IP 10.1.10.34. The BIG-IP virtual server listener will be 10.1.10.34. On the other hand, Google Cloud forwarding rules map public IPs to VM instances and do not NAT. Therefore a forwarding rule of 35.85.85.125 mapping to my BIG-IP VM will result in a virtual server listener of 35.85.85.125. Remember... External public IP > VM private IP mapping = NAT to VM Forwarding rule public IP > VM instance = no NAT to VM Learn more about Google Cloud forwarding rules in the following links: Forwarding Rule Concepts - how rules interact with Google LBs Using Protocol Forwarding - allowing multiple public IPs to one VM with forwarding rules Appendix: Example Errors This is an example of incorrect permissions. You will find this in /var/log/ltm. The iCall script runs and calls the cloud provider API to get a list of pool members. Jan 24 23:40:00 jg-f5-sd err scriptd[26229]: 014f0013:3: Script (/Common/serviceDiscovery.app/serviceDiscovery_service_discovery_icall_script) generated this Tcl error: (script did not successfully complete: (jq: error: unxpected response from node worker while executing "exec /bin/bash -c "NODE_JSON=\$(curl -sku admin: https://localhost:$mgmt_port/mgmt/shared/cloud/nodes?mgmtPort=$mgmt_port\\&cloud=gce\\&memberTag=app=..." invoked from within "set members [exec /bin/bash -c "NODE_JSON=\$(curl -sku admin: https://localhost:$mgmt_port/mgmt/shared/cloud/nodes?mgmtPort=$mgmt_port\\&cloud=gce\\&m..." line:4)) Review the iCall script to see the curl command running against the cloud provider. Run it manually via CLI for troubleshooting. curl -sku admin: "https://localhost/mgmt/shared/cloud/nodes?mgmtPort=443&cloud=gce&memberTag=app=demo&memberAddressType=private&memberPort=80&providerOptions=region%3d" {"error":{"code":500,"message":"Required 'compute.instances.list' permission for 'projects/xxxxx'","innererror":{"referer":"restnoded","originalRequestBody":"","errorStack":[]}}} From the output, I had the wrong permissions as indicated in the logs (error 500 permissions). Correct the permissions for the service account that is in use by the BIG-IP VM.
