Round-robin method not load balanced
I have configured BIG-IP 1600 to distribute the load to two servers in a round-robin fashion, but only one of them is communicating and the load is not distributed. We have confirmed that all Pool Nodes for load balancing are green, but we would like to know the cause of the problem. Persistence does not seem to be set.Question about source persistence across traffic group
Hello, Hope you are doing great! I would like to know if it is supported to mirror persistence between 2 DC's across 2 Traffic Groups, each one is Active on a DC. DC 1 Active on TG1 DC 2 Active on TG2 Client established connection on DC1, if it reconnected in DC2 traffic should be rerouted to DC1 backend. (There's no application level session synchronization) Any suggestions would be appreciated! Thank you. Regards!
Syn-Flood protection in F5 LTM BIG-IP 17.1.1.3
HI Guys Sorry maybe i have not been so clear. I've ben searching for information about syn-flood protection of f5 LTM. I know there is the this feature (i saw the command on the CLI "syn-flood protection not active) but i could not find many information. I searched in the : techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-system-syn-flood-attacks-13-0-0/1.html page but it seems all these pages of f5.com are no longer there. Can anyone explain how to activate this feature or send some exhaustive link ? device is BIG-IP 17.1.1.3 Build 0.0.5 Point Release 3 Thank You B.R Mario
Upgrade Path for BIG-IP 2000 – Out of Warranty and EoRMA Status
Hi Team, We are currently running BIG-IP LTM and AFM version 14.1.4.6 on a BIG-IP 2000 appliance. While reviewing our setup in iHealth, we received the following message: "Your hardware reached its End of Return to Manufacturing (EoRMA) date on April 1, 2025. Support options may be limited and an upgrade is recommended." As the platform is no longer under warranty and we’re running an older software version, we are planning to upgrade to the latest supported version on this hardware. Based on the compatibility matrix, it appears that BIG-IP 15.1.10.x is the latest version supported on the 2000 series. We understand that 15.1.x will reach End of Technical Support in December 2025, and we plan to use this upgrade as a short-term solution while we evaluate options for hardware replacement. Our questions are: Since we are out of warranty and do not currently have an active support contract, can we still upgrade to 15.1.10.x? If the device doesn’t have internet access, will collecting the license dossier and uploading it to the F5 licensing portal allow us to reactivate the existing license? Are there any limitations in upgrading or re-licensing in this scenario that we should be aware of? Any guidance or confirmation would be appreciated.can't access on prem dns when using F5LTM as a gateway
The title is the tl/dr. I have a server on an internal network that is set up to use our F5 as a gateway. I have all of the forwarding vip's set up and routed through snat pools. and if i set the server to use an external dns like google or opendns everything seems to work perfectly. however the server is being set up as an smtp server and needs to rely on our on prem dns for some mail destinations. side note, if forwarding vip's are set for snat automap, on prem dns works fine. i did watch traffic with tcpdump from the F5, on the internal network when using nslookup with both on prem and off prem dns servers, i could see traffic hit the outbound forwarding vip. however watching traffic on the external network, traffic appeared on the outbound forwarding vip's when using external dns servers. on prem seem to have died somewhere in the F5. can i fix this by just adding another outbound vip set to snat outmap to manage dns traffic? is that an appropriate fix?Implementing multi-link bandwidth usage threshold redundancy for outbound traffic
I have multiple link exports, using irules for outbound traffic. For example, there are currently China Telecom and China Unicom. Can I define the bandwidth usage of each link as 80% according to the policy or specify a threshold to implement a switching mechanism? It cannot be set globally, only for member or outbound VS, or are there any permissions that can achieve it? When the bandwidth usage of any member exceeds the custom value, traffic will no longer be allocated to the member, and the existing traffic sessions will remain unchanged and wait for aging. Thank you very much for discussing with each other!
Questions about F5 BIG-IP Multi-Datacenter Configuration
We have an infrastructure with two datacenters (DC1 and DC2), each equipped with an F5 BIG-IP using the LTM module for DNS traffic load balancing to resolvers, and the Routing module to inject BGP routes to the Internet Gateways (IGW) for redundancy. Here’s our current setup (based on the attached diagram): Each DC has a BIG-IP connected to resolvers via virtual interfaces (VPI1 and VPI2). Routing tables indicate VPI1->DC1 and VPI2->DC2. Each DC has its own IGW for Internet connectivity. Question 1: Handling BIG-IP Failures If the BIG-IP in one datacenter (e.g., DC1) fails, will the DNS traffic destined for its resolvers be automatically redirected to DC2 via BGP? How can BGP be configured to ensure this? Is it feasible and recommended to create a HA Group including the BIG-IPs from both datacenters for automatic failover? What are the limitations or best practices for such a setup across remote sites? Question 2: IGW Redundancy Currently, each datacenter has its own IGW. We’d like to implement redundancy between the IGWs of the two DCs. Can a protocol like HSRP or VRRP be used to share a virtual IP address between the IGWs of the two datacenters? If so, how can the geographical distance be managed? If not, what are the alternatives to ensure effective IGW redundancy in a multi-datacenter environment? Question 3: BGP Optimization and Latency We use BGP to redirect traffic to the available datacenter in case of resolver failures. How can BGP be configured to minimize latency during this redirection? Are there specific techniques or configurations recommended by F5 to optimize this? Question 4: Alternatives to the DNS Module for Redundancy We are considering a solution like the DNS module (GSLB) to intelligently manage DNS traffic redirection between datacenters in case of failures. However, this could increase costs. Are there alternatives to the DNS module that would achieve this goal (intelligent redirection and inter-datacenter redundancy) while leveraging the existing LTM and Routing modules? For example, advanced BGP configurations or other built-in features of these modules? Thank you in advance for your advice and feedback!
