performance
1349 TopicsCookie persistence and source address fallback
I wonder what will be result of such setup: LB set to Round Robin Default Persistence Profile: Cookie (Cookie Insert) Fallback Persistence Profile: Source Address Source IP same for all requests (SNATed) My assumption is: First new TCP connection established, no cookie present Fallback Persistence used, no Persistence Record (PR) found No persistence is applied because none exist so connection will be directed to first member What will happen then? Persistence Record for source IP will be created pointing to first server? In HTTP response cookie is inserted pointing to first pool member Then second connection from the same IP comes, assuming that PR was created and did not time out then LB will be ignored and connection will be directed to first server In HTTP response again cookie pointing to first server will be inserted Then all returning connections (with cookies set) will be directed to first server, LB in fact will not be used, except for situation when there is enough period of inactivity between connections to allow PR to expire, but will then new connection be send to second server according to RR or not necessarily? Is above correct? PiotrSolved852Views0likes19CommentsView NAT / SNAT Sessions
Hi, I have recently enabled an SNAT in an iRule: switch -exact -- "1" [IP::addr [getfield [IP::client_addr] "%" "1"] equals 10.80.0.0/16] { snat automap } and I am trying to work out how many sessions are being SNAT'd as a result of this change. Issuing the commands: sho ltm nat sho ltm snat sho sys connection cs-client-addr 10.80.0.202 etc are not giving me any results. I am not so much interested in the details of the sessions, just totals so I can verify that I'm not exceeding the 64k limit but obviously doing something wrong. Thanks James2.4KViews0likes6CommentsOne Connect not keeping connection open on HTTP 204 No Content
We have an application that returns a 'HTTP 204 No Content' response on 99% of all requests. These connections are being kept open and reused on the client side of the F5. The problem is the Load Balancer closes these connections on the server side right after the HTTP 204 RESPONSE is received from the server. When we send a HTTP 200 the connection is kept open and reused(normal One Connect operation). Is there an iRule that we can apply to the VIP to keep the connection open even when the Server returns a 'HTTP 204 No Content'? Thanks589Views0likes9CommentsURL rewrite through iRule
Hi Guys, i have one "Performance (HTTP)" virtual server on F5-1600 series, and i want to change the URL "http://www.abc.com" to "http://partner.abc.com/xyz". i have tried all below scripts : 1- when HTTP_REQUEST { if {([string tolower [HTTP::host]] equals "http://www.abc.com")}{ HTTP::header replace Host "http://partner.abc.com/xyz" } } 2- when HTTP_REQUEST { if { not ([HTTP::uri] starts_with "/xyz") } { HTTP::uri /xyz[HTTP::uri] } } 3- when HTTP_REQUEST { if {[HTTP::uri] equals {http://www.abc.com}} {HTTP::uri {http://partner.abc.com/xyz} } } but i wasn't successful! can anyone help me how can i do this through iRule ?Solved9.5KViews0likes27Commentshigh cpu usage independent from Traffic
Hello, we've recognised since a few weeks every day for about 4 hours from 9 to 13 very high cpu-usage on Control-Plane and Analysis-Plane. Overall concurrent Client-side connections between 1200 and 1800 That's also on the standby-Machine, so it's independent from Traffic (this F5 is for Traffic from Web and terminates ssl) the hardware is i4800, but it's the same on our virtual Test-Machine Version: 16.1.3.3, on Test: 16.1.3.4 Any hint, where to look for the cause? Thank you KarlSolved4.6KViews0likes13CommentsLTM - IP Fowarder Performance issues (Stateless Router config)
Hi All, Wondering if anyone else has issues with using an IP Forwarder in the manner described in this article (Specifically - Emulating stateless IP routing with BIG-IP LTM forwarding virtual servers): https://support.f5.com/kb/en-us/solutions/public/7000/500/sol7595.html. Here's the scenario.... VLAN attached behind the BIG-IP, which has the web servers on. MSSQL servers sat on a VLAN reachable through the BIG-IP. The connections all work, just if SQL traffic isn't routed through the BIG-IP, it works fine. Otherwise, behind the BIG-IP, there is severe delays. I'd suggest it be a good idea not to route this through the BIG-IP, but I wondered what the F5 communities' take on this would be. In short....Simple IP Forwarder (Stateless) for mssql traffic... Good or bad idea? Thanks, JD449Views1like4Commentstcpdump portrange option
Hi everyone, I'm trying to capture traffic directed to a certain range of tcp ports with tcpdump. When using the "portrange" expression I get a syntax error: tcpdump -i -s0 -w capture_file.trc portrange 8080-8082 tcpdump: syntax error in filter expression Is this expression supported on BIG-IP (1600 10.2.4 HF5)? Thanks in advance, Regards. moog67Solved14KViews0likes8CommentsThroughput dashboard / SNMP OID / tmsh show sys performance throughput
Throughput in the dashboard displays information In Out in bps I've added the following in OID in PRTG Network Monitor : sysStatClientBytesIn (.1.3.6.1.4.1.3375.2.1.1.2.1.3) sysStatClientBytesOut (.1.3.6.1.4.1.3375.2.1.1.2.1.5) sysStatServerBytesIn (.1.3.6.1.4.1.3375.2.1.1.2.1.10) sysStatServerBytesOut (.1.3.6.1.4.1.3375.2.1.1.2.1.12) https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos_management_guide_10_1 /tmos_snmp.html1038911 states information about the SNMP values used. tmsh show sys performance throughput (detail) These 3 values don't match. We are working on an older version software, 11.1.0 HF2. Upgrades are already planned. I understand that the dashboard gives a certain summary from the values. But what I don't understand is that the values from the SNMP differ from the show sys performance. Can someone explain me how I should interpret the information.656Views0likes5CommentsOneConnect, no HTTP profile, still per HTTP request LB?
Hi, My understanding was that one of the functions of service or protocol profiles is to allow LTM to decode, understand and manipulate protocol data at given layer. In Overview of the OneConnect profile there is statement: When a OneConnect profile is enabled for a TCP virtual server that does not have an HTTP profile applied, and a client sends multiple requests within a single connection, the BIG-IP system is able to process each request individually. The BIG-IP system sends the requests to different destination servers as determined by the load balancing method. Without a OneConnect profile enabled for the virtual server, the BIG-IP system performs load-balancing only once for each TCP connection. Is OC profile exception from the rule that to understand and handle traffic at given layer appropriate layer profile should be used? From above it looks like having only TCP profile and OC profile allows LTM to understand that TCP stream is carrying HTTP traffic and recognize HTTP requests, and in turn apply LB not per TCP connection but per HTTP request in given TCP connection. If so what is that mean for VS without persistence set and for example Round Robin LB? Without OC first TCP connection will be LB to first member, second to second and so on With OC first TCP connection (and in turn first HTTP request) will be LB to first server, second HTTP request in the same TCP connection to second server and so on Piotr704Views0likes26CommentsHTTP ERROR: Couldn't open socket connection to server http://....... prior to connect()
Hi Guys: There is a solution balancing links with two Big-IP 2000s Lik Controller, is working properly. The solution is working with the functionality of the Wide-IPs actually it has 11 wide-IPs and are working well, but there is one that is generating connectivity issues and presents a random error. Apparently this error occurs when large numbers of queries are made. -ERROR: wsdl error: Getting http://app.domain.com.pe/edi/sisws.asmx?wsdl - HTTP ERROR: Couldn't open socket connection to server http://app.domain.com.pe/edi/sisws.asmx?wsdl prior to connect(). This is often a problem looking up the host name. I describe the flow Connection of this web service that is having problems. The user searches the web delegated by the ISP CNAME to F5 The F5 responds with app.b.domain.com.pe (Wide-IP) and the user shows the website. The user enters the correct page and authenticates when you perform a query operation is when a patient presents random error lines shown above. -FLOW. app.domain.com.pe (ISP-CNAME) >>> app.b.domain.com.pe (F5) >>> vs_ISP1, vs_ISP2 >>> Pool_APP (1 member) I really do not know what would be happening, since the service worked fine before configure you as Wide-IP. That is, when only estab configured as virtual server only worked well, but when the wide-ips are set up to be swinging by two bonds (DNS resolution) start these problems. -Wide-IP gtm pool /Common/app.domain.com.pe { fallback-mode ratio load-balancing-mode least-connections members { /Common/LB1.domain.com.pe:/Common/vs_CLARO_APP { order 0 } /Common/LB1.domain.com.pe:/Common/vs_TdP_APP { order 1 } } } Note: I could see that in the wide-IP is configured TTL default (30 seconds). This could be causing me this error on page when making inquiries or information recorded on the website. I hope some of you can give me some support on this issue that has become critical. Regards. John748Views0likes1Comment