Syn-Flood protection in F5 LTM BIG-IP 17.1.1.3
HI Guys Sorry maybe i have not been so clear. I've ben searching for information about syn-flood protection of f5 LTM. I know there is the this feature (i saw the command on the CLI "syn-flood protection not active) but i could not find many information. I searched in the : techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-system-syn-flood-attacks-13-0-0/1.html page but it seems all these pages of f5.com are no longer there. Can anyone explain how to activate this feature or send some exhaustive link ? device is BIG-IP 17.1.1.3 Build 0.0.5 Point Release 3 Thank You B.R Mario
Round-robin method not load balanced
I have configured BIG-IP 1600 to distribute the load to two servers in a round-robin fashion, but only one of them is communicating and the load is not distributed. We have confirmed that all Pool Nodes for load balancing are green, but we would like to know the cause of the problem. Persistence does not seem to be set.
Upgrade Path for BIG-IP 2000 – Out of Warranty and EoRMA Status
Hi Team, We are currently running BIG-IP LTM and AFM version 14.1.4.6 on a BIG-IP 2000 appliance. While reviewing our setup in iHealth, we received the following message: "Your hardware reached its End of Return to Manufacturing (EoRMA) date on April 1, 2025. Support options may be limited and an upgrade is recommended." As the platform is no longer under warranty and we’re running an older software version, we are planning to upgrade to the latest supported version on this hardware. Based on the compatibility matrix, it appears that BIG-IP 15.1.10.x is the latest version supported on the 2000 series. We understand that 15.1.x will reach End of Technical Support in December 2025, and we plan to use this upgrade as a short-term solution while we evaluate options for hardware replacement. Our questions are: Since we are out of warranty and do not currently have an active support contract, can we still upgrade to 15.1.10.x? If the device doesn’t have internet access, will collecting the license dossier and uploading it to the F5 licensing portal allow us to reactivate the existing license? Are there any limitations in upgrading or re-licensing in this scenario that we should be aware of? Any guidance or confirmation would be appreciated.F5 is not providing any console/Web Access.Software is corrupted. How to clean install its firmware?
My Failed F5 is not providing any console/Wwb Access after multiple tries. I think its software/Firmware is corrupted BIGIP 2000. How to resolve or clean install its firmware. Console access gives ambigous chars, numbering, how to clean install its firmware 13.0.0. while keeping in mind it would be hard reset first i think by any way because its not providing any web/console access. No screen buttons working and screen showing message only "F5 Networks incorporated".How to realize multi-link bandwidth utilization load
I have multiple links, namely China Mobile, China Unicom and China Telecom. Currently, I use the traditional outbound virtual server to go out through irules. According to the internal client request target address, the corresponding link is selected for the specific ISP to share. I have a requirement. Can it be realized according to a certain pool or member (specifically referring to the sharing limit threshold of a certain ISP link bandwidth utilization rate, such as China Telecom 100Mbps. When the threshold is exceeded, the new session traffic will no longer share the telecom member or according to the percentage utilization rate)? The current version is 17. I have tried to use Acceleration ›› Bandwidth Controllers : Policies and then call the location Network ›› Packet Filters : Rules ›› New Packet Filter Rule. But this is global and has a certain impact on other parts. It requires limited policy adjustment. Is there a better way, including whether the irules method can use the BWC::measure measurement method to achieve it? If you can write it, please leave a message! Thank you! Any message is very grateful! ! !Implementing multi-link bandwidth usage threshold redundancy for outbound traffic
I have multiple link exports, using irules for outbound traffic. For example, there are currently China Telecom and China Unicom. Can I define the bandwidth usage of each link as 80% according to the policy or specify a threshold to implement a switching mechanism? It cannot be set globally, only for member or outbound VS, or are there any permissions that can achieve it? When the bandwidth usage of any member exceeds the custom value, traffic will no longer be allocated to the member, and the existing traffic sessions will remain unchanged and wait for aging. Thank you very much for discussing with each other!
Questions about F5 BIG-IP Multi-Datacenter Configuration
We have an infrastructure with two datacenters (DC1 and DC2), each equipped with an F5 BIG-IP using the LTM module for DNS traffic load balancing to resolvers, and the Routing module to inject BGP routes to the Internet Gateways (IGW) for redundancy. Here’s our current setup (based on the attached diagram): Each DC has a BIG-IP connected to resolvers via virtual interfaces (VPI1 and VPI2). Routing tables indicate VPI1->DC1 and VPI2->DC2. Each DC has its own IGW for Internet connectivity. Question 1: Handling BIG-IP Failures If the BIG-IP in one datacenter (e.g., DC1) fails, will the DNS traffic destined for its resolvers be automatically redirected to DC2 via BGP? How can BGP be configured to ensure this? Is it feasible and recommended to create a HA Group including the BIG-IPs from both datacenters for automatic failover? What are the limitations or best practices for such a setup across remote sites? Question 2: IGW Redundancy Currently, each datacenter has its own IGW. We’d like to implement redundancy between the IGWs of the two DCs. Can a protocol like HSRP or VRRP be used to share a virtual IP address between the IGWs of the two datacenters? If so, how can the geographical distance be managed? If not, what are the alternatives to ensure effective IGW redundancy in a multi-datacenter environment? Question 3: BGP Optimization and Latency We use BGP to redirect traffic to the available datacenter in case of resolver failures. How can BGP be configured to minimize latency during this redirection? Are there specific techniques or configurations recommended by F5 to optimize this? Question 4: Alternatives to the DNS Module for Redundancy We are considering a solution like the DNS module (GSLB) to intelligently manage DNS traffic redirection between datacenters in case of failures. However, this could increase costs. Are there alternatives to the DNS module that would achieve this goal (intelligent redirection and inter-datacenter redundancy) while leveraging the existing LTM and Routing modules? For example, advanced BGP configurations or other built-in features of these modules? Thank you in advance for your advice and feedback!
