APM Access Guided Configuration with VIP in different partion
I am trying to use the Guided Configuration to create SAML Service Provider. However ths is can only be run from the Common partition whereas the VIP required has to be on a different parition for security reasons. I have tried to configure this manually but running in to problems and all online guides point to the guided configuration. Is there a way around this partition restriction while using the guided configuration? I am trying to deploy Big IP APM to perform SAML authentication through Azure. We have the Metadata file but would like to use the Guided configuration to complete the deploy.
Pool Member Nodes: Different Partitions, Same IP Address
In summary, I have created multiple partitions. I'm attempting to perform a merge configuration. I get an error stating that I cannot use the same IP address for two separate nodes that reside in different partitions. Is this be design? I'm performing a migration from A10. Can F5 have nodes in different partitions with the same IP address? Here is my error via the CLI: 0107003a:3: Pool member node (/WEB/pcf-prod-gorouter1) and existing node (/APP/pcf-prod-gorouter1) cannot use the same IP Address (10.66.36.12). As you can see by the names of the nodes, they reside in different partitions. Thanks in advance for the assistance.
Route domain / partition problem
We're having an ltm cluster running 14.1.4.1 and we have configured a number of route domains and partitions on it. All but one route domains have been separated from the Common partition and live in their own partition. The odd one seems to reside both in its own partition as well as in Common. As a number of virtual servers are active in this route domain (and are working fine), I'm reluctant to delete the partition and route domain, and start again from scratch. I've tried editing the bigip.conf and bigip_base.conf files for both the Common and this partition, taking another partition as a template. However, when I issue "load sys config verify" I get the following error message: 01070973:3: The specified route domain (66) does not exist for address (<ip address>%66). Unexpected Error: Loading configuration process failed. The first item to be defined in bigip_base.conf is the route domain with this very id... Any clues as to what's causing this?
Checking VIPS that are in seperate partitions
Hello Is there a Big Pipe command that allows you to check VIPS that are in a particular partition. When im on CLI and the prompt is When i check on the GUI the VIP resides in a partition called manxxxxx-Client-RD2 the VIP i want to check is vip_10.89.115.25_80 when i issue a b virtual vip_10.89.115.25_80 list but the error appears below [root@F5:Active] [root@F5:Active] config b virtual vip_10.89.115.25_80 show BIGpipe virtual server query error: 01020036:3: The requested virtual server (vip_10.89.115.25_80) was not found. [root@F5:Active] config b virtual vip_10.89.115.25_80 list BIGpipe virtual server query error: 01020036:3: The requested virtual server (vip_10.89.115.25_80) was not found. [root@F5:Active] config when i run a B virtual list command it list command im still unable to see the VIP in question please can someone offer me some guidance, this simple check has been bugging me for weeks.How do I move a Pool from Common partition to another partition ?
Hi all, how do I move a pool from one partition(Common) to another partition in my F5 version 11.4 ? I notice the partition field is fixed and no option available to move it. What about the nodes , do i also need to move it toegther with the pool over to the other partition ? under the link below it says "you cannot move an object in Common to one of the new partitions. Instead, you must delete the object from Common and recreate it in the new partition." http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos_management_guide_10_1/tmos_partitions.html?sr=40389350
Set partition context in bash
When running the command "show ltm clientssl-proxy cached-certs virtual clientssl-profile " in tmsh I have to do "cd /" first so it finds the correct VS and profile. This VS and client-SSL profile is part of our forward proxy setup for general Internet traffic so this list is quite large. I wanted to save this output to a file to work on it in bash with other tools then just grep, but when I run "tmsh show ltm clientssl-proxy cached-certs virtual clientssl-profile " from bash it can't find the Virtual Server 01020036:3: The requested Virtual Server (/Common/) was not found. Is it possible to run this in the correct context so I can write the output to a file?
HA Configuration with Route-Domains
Hello All, I have couple of queries. (We are running 11.4 with HF3) 1. When deploying F5 using route domains each using separate partitions and each having its own internal/external vlans, what is the recommended HA configuration. Shall we define a separate HA-vlan for each route domain and then add them to the "failover unicast configuration" one-by-one ? because currently HA config (configSync/Failover/Mirroring) options just has the mgmt interface and the HA interface of the default route domain. We did a failover test by bringing down the the trunk on Active F5 but it didn't failed. I suspect this is happening because the self IPs in route domain are not visible in failover unicast configuration (common partition) and as mentioned above failover unicast configuration is just showing mgmt and HA-VLAN(direct HA link bw F5s). We then had to enable vlan fail-safe option (45 sec interval) on the internal/external vlan for the failover to work. Since we have multiple route domains, shall we define a separate traffic groups for each partition/route-domain ? Is there any best practice document with recommendations on above design challenges ? Regards, Akhtar
