High CPU utilization (100%).
I observed high CPU utilization (100%) on F5 device, resource provision ASM nominal. I checked the client-side throughput and server-side throughput both are normal but found management interface throughput is very high and what i noticed this is happening in same time period for last 30 days. What could be the reason for this spike. Many thanks in advanced for your time and consideration.
Can BIG-IP DNS recursion only my domain?
Hi We are using F5 DNS as DNS server and have many CNAME record. We want to query those CNAME record and then get IP as a result too. (Which solved by Enable "recursion yes; in named configuration) But we found problem that our F5 DNS perform recursion on EVERY domain client asking. (eg. f5.com, nginx.com., etc.) We want F5 DNS to answer query on only domain we handle (many domain in zonerunner and gslb) How can we do that? Is it possible to do that? because "recursion yes;" is config on named configuration. I think it's global configuration. and "allow-recursion {}" is only check for client IP address (it's not check on domain we handle) Thank youGTM zone record mismatch
We resolved the GTM Zone Record Mismatch on BIG-IP. Steps: Stop the zrd service System > Services: Services List > CLICK the zrd service > CLICK stop button Disable/Uncheck the GTM synchronization Copy the zone file from GTM 1 to GTM 2(missing zone record) Start the zrd service Enable GTM synchronization
GTM setup for waiting 10 mins for primary pool member of wideip once get down.
Hi All, I wanted to set up a wide ip with 2 pool members. Suppose we have wide ip - abc.gtm.com pool - abc_pool Pool member - Server A : 0(Generic Host) --> Primary Server B : 0 (Generic Hosts) Now I want to make a setup like If Server A go down, Server B will be active. And Server A should not come online or wait till 10 mins to take part in ip resolution again. I mean if Server A came up within 10 mins from its down start time, even then wide ip should transfer the request to server B only for 10 mins.Not able to change virtual server traffic group from traffic-group-local-only to traffic-group-1
We have two LTM device in which i observe one virtual server is missing in secondary device. I checked the virtual server configuration in primary that virtual server configure in traffic group from traffic-group-local-only now i am changing the traffic group but it is not changing. Is there any way to change it?
F5 DNS with cPanel Web Hosting Server
Hi, We have a publicly accessible web hosting server backed by cPanel and currently we are using F5 to handle our DNS. The problem that we are facing is when one of our end customer adds a Zone /DNS record INSIDE his cPanel account and everytime we have to manually check and add those records in F5 to make things work. Is there a solution for this?.
gtm_add failing due to CERT error
I am trying to cluster to GTM devices using the gtm_add command, but this is failing with this error: ERROR: found "END CERT..." without BEGIN at line: 0. ERROR: Malformed certificates found in local /config/httpd/conf/ssl.crt/server.crt. But when I check the mentioned file it looks like a valid certificate: more /config/httpd/conf/ssl.crt/server.crt -----BEGIN CERTIFICATE----- MIIHFjCCBP6gAwIBAgIDbUVxMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAoTA0lORzERMA8GA1UE CxMIU2VydmljZXMxIDAeBgNVBAsTF0NlcnRpZmljYXRlIEF1dGhvcml0aWVzMScwJQYDVQQDEx5J TkcgQ29ycG9yYXRlIEludGVybmFsIENBIC0gRzMwHhcNMjQwNjI0MTQyMzAyWhcNMjUwNzI0MTMw ... E1Zg8g9QlL+jksX7ew0tIuZPNGPbhPE3StATtD7b4oi1TYjVfIwn79DluSwkIp5hwVDrAcW/B5T6 zK+sJJlib4ZeCnV19cCkwBnYyRz0p46VrwXw7i3bYeC8Cq4Of++LaYaXDuhOVq/V61phJRoGTlRU vOII3wHBmXiXQv7MIScQQbmKaBRC2lxu0gAJV9a8vzpXfN6T+n7PxNBH4AuNdR5KeeG7 -----END CERTIFICATE----- Also via the browser the correct certificate is shown. Any suggestions on what the problem could be?
BIG-IP DNS Generic Host
Hello, I need to add some services running on 'generic host'. The destination host is reachable (icmp) from CLI (rd0), but after adding it to GTM configuration as 'server' with 'icmp monitor' - it is not getting up (green) but monitor fails with reason 'no reply from big3d: timed out'. configuration: gtm server /Common/host-dca { datacenter /Common/DCA devices { host-dca { addresses { 172.25.113.23 { } } } } monitor /Common/my_icmp product generic-host virtual-servers { service1 { destination 172.25.113.21:0 } service3 { destination 172.25.113.23:0 } } } gtm monitor gateway-icmp /Common/my_icmp { defaults-from /Common/gateway_icmp interval 5 probe-attempts 3 probe-interval 1 probe-timeout 5 timeout 15 } log: # host 172.25.113.21 alert gtmd[13178]: 011a5004:1: SNMP_TRAP: Server /Common/host-dca (ip=172.25.113.21) state change blue --> red (No enabled VS available) alert gtmd[13178]: 011ae0f2:1: Monitor instance /Common/my_icmp 172.25.113.21:0 CHECKING --> DOWN from /Common/dca-dcdns-adc (no reply from big3d: timed out) alert gtmd[13178]: 011a6006:1: SNMP_TRAP: VS service1 (ip:port=172.25.113.21:0) (Server /Common/host-dca) state change blue --> red ( Monitor /Common/my_icmp : no reply from big3d: timed out) # host 172.25.113.23 alert gtmd[13178]: 011a5004:1: SNMP_TRAP: Server /Common/host-dca (ip=172.25.113.23) state change blue --> red (No enabled VS available) alert gtmd[13178]: 011ae0f2:1: Monitor instance /Common/my_icmp 172.25.113.23:0 CHECKING --> DOWN from /Common/dca-dcdns-adc (no reply from big3d: timed out) alert gtmd[13178]: 011a6006:1: SNMP_TRAP: VS service3 (ip:port=172.25.113.23:0) (Server /Common/host-dca) state change blue --> red ( Monitor /Common/my_icmp : no reply from big3d: timed out) why is there 'no reply from big3d: timed out'?? the server type is 'generic host' (not 'bigip'). network: GTM is running in HA (there are two GTM devices). Each of them has one self and one float IP address configured. All in routing domain 0 only. Nothing special. Troubleshooting host 172.25.113.21 is currently down, host 172.25.113.23 is reachable: # ping 172.25.113.21 PING 172.25.113.21 (172.25.113.21) 56(84) bytes of data. ^C --- 172.25.113.21 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 1999ms # ping 172.25.113.23 PING 172.25.113.23 (172.25.113.23) 56(84) bytes of data. 64 bytes from 172.25.113.23: icmp_seq=1 ttl=253 time=2.11 ms 64 bytes from 172.25.113.23: icmp_seq=2 ttl=253 time=1.96 ms 64 bytes from 172.25.113.23: icmp_seq=3 ttl=253 time=3.68 ms ^C --- 172.25.113.23 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 1.964/2.586/3.684/0.780 ms tcpdump from bigip CLI (rd0) with above 'ping' tests: # tcpdump -i0.0:nn -nnp host 172.25.113.21 or 172.25.113.23 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 0.0:nn, link-type EN10MB (Ethernet), capture size 65535 bytes 11:28:50.368443 IP 172.18.210.20 > 172.25.113.21: ICMP echo request, id 1286, seq 1, length 64 out slot1/tmm0 lis= port=1/0.16 trunk=.itrunk0 flowtype=130 flowid=4000013D1C00 peerid=4000013D1B00 conflags=20E26 inslot=1 inport=18 haunit=0 priority=0 11:28:52.816810 IP 172.18.210.20 > 172.25.113.23: ICMP echo request, id 1321, seq 1, length 64 out slot1/tmm0 lis= port=1/0.16 trunk=.itrunk0 flowtype=130 flowid=4000013CD140 peerid=4000013CD040 conflags=20E26 inslot=1 inport=18 haunit=0 priority=0 11:28:52.818050 IP 172.25.113.23 > 172.18.210.20: ICMP echo reply, id 1321, seq 1, length 64 in slot2/tmm0 lis= port=.itrunk0 trunk= flowtype=0 flowid=0 peerid=0 conflags=0 inslot=7 inport=26 haunit=0 priority=3 Question: I thing, the configuration is correct, but server (host-dca) and virtual services (service1 and service3) are going down. Why is the reason of virtual service is going down 'no reply from big3d: timed out'? the server type is 'generic host', not 'bigip' I can't see monitoring (my_icmp monitor) requests in the tcpdump. why is this not working? I can see only ping request from CLI, but not from monitor 'my_icmp'. thank you for adviceGSLB - Monitoring LTM VIP load balancing via iRule
In one of our environments we are configuring a single LTM VIP and load balancing multiple applications via an iRule. We currently have other LTM environments integrated via iQuery with our GTM for GSLB configuration and monitoring. Is there a way to monitor the VIP at the GTM level via iQuery that would give a true back-end pool status? Since, let's say, we are load balancing 100 different applications via a single VIP, if 99 of them went offline, the VIP would still show as ONLINE/GREEN. Or would we even go as far as integrating via iQuery and adding a dependency monitor of the pool itself instead?BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member
Good day, everyone! Within the LTM platform, if a Pool is configured with "Min 1 of" with multiple monitors, you can check the status per monitor viatmsh show ltm monitor <name>, or you can click the Pool member in the TMUI and it will show you the status of each monitor for that member. I cannot seem to locate a similar function on the GTM/BIG-IP DNS platform. We'd typically use this methodology when transitioning to a new type of monitor, where we can passively test connectivity without the potential for impact prior to removing the previous monitor. Does anyone have a way through tmsh or the TMUI where you can check an individual pool member's status against the multiple monitors configured for its pool? Thanks, all!
