View NAT / SNAT Sessions
Hi, I have recently enabled an SNAT in an iRule: switch -exact -- "1" [IP::addr [getfield [IP::client_addr] "%" "1"] equals 10.80.0.0/16] { snat automap } and I am trying to work out how many sessions are being SNAT'd as a result of this change. Issuing the commands: sho ltm nat sho ltm snat sho sys connection cs-client-addr 10.80.0.202 etc are not giving me any results. I am not so much interested in the details of the sessions, just totals so I can verify that I'm not exceeding the 64k limit but obviously doing something wrong. Thanks JamesOne Connect not keeping connection open on HTTP 204 No Content
We have an application that returns a 'HTTP 204 No Content' response on 99% of all requests. These connections are being kept open and reused on the client side of the F5. The problem is the Load Balancer closes these connections on the server side right after the HTTP 204 RESPONSE is received from the server. When we send a HTTP 200 the connection is kept open and reused(normal One Connect operation). Is there an iRule that we can apply to the VIP to keep the connection open even when the Server returns a 'HTTP 204 No Content'? Thanks
LTM - IP Fowarder Performance issues (Stateless Router config)
Hi All, Wondering if anyone else has issues with using an IP Forwarder in the manner described in this article (Specifically - Emulating stateless IP routing with BIG-IP LTM forwarding virtual servers): https://support.f5.com/kb/en-us/solutions/public/7000/500/sol7595.html. Here's the scenario.... VLAN attached behind the BIG-IP, which has the web servers on. MSSQL servers sat on a VLAN reachable through the BIG-IP. The connections all work, just if SQL traffic isn't routed through the BIG-IP, it works fine. Otherwise, behind the BIG-IP, there is severe delays. I'd suggest it be a good idea not to route this through the BIG-IP, but I wondered what the F5 communities' take on this would be. In short....Simple IP Forwarder (Stateless) for mssql traffic... Good or bad idea? Thanks, JD
Throughput dashboard / SNMP OID / tmsh show sys performance throughput
Throughput in the dashboard displays information In Out in bps I've added the following in OID in PRTG Network Monitor : sysStatClientBytesIn (.1.3.6.1.4.1.3375.2.1.1.2.1.3) sysStatClientBytesOut (.1.3.6.1.4.1.3375.2.1.1.2.1.5) sysStatServerBytesIn (.1.3.6.1.4.1.3375.2.1.1.2.1.10) sysStatServerBytesOut (.1.3.6.1.4.1.3375.2.1.1.2.1.12) https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos_management_guide_10_1 /tmos_snmp.html1038911 states information about the SNMP values used. tmsh show sys performance throughput (detail) These 3 values don't match. We are working on an older version software, 11.1.0 HF2. Upgrades are already planned. I understand that the dashboard gives a certain summary from the values. But what I don't understand is that the values from the SNMP differ from the show sys performance. Can someone explain me how I should interpret the information.OneConnect, no HTTP profile, still per HTTP request LB?
Hi, My understanding was that one of the functions of service or protocol profiles is to allow LTM to decode, understand and manipulate protocol data at given layer. In Overview of the OneConnect profile there is statement: When a OneConnect profile is enabled for a TCP virtual server that does not have an HTTP profile applied, and a client sends multiple requests within a single connection, the BIG-IP system is able to process each request individually. The BIG-IP system sends the requests to different destination servers as determined by the load balancing method. Without a OneConnect profile enabled for the virtual server, the BIG-IP system performs load-balancing only once for each TCP connection. Is OC profile exception from the rule that to understand and handle traffic at given layer appropriate layer profile should be used? From above it looks like having only TCP profile and OC profile allows LTM to understand that TCP stream is carrying HTTP traffic and recognize HTTP requests, and in turn apply LB not per TCP connection but per HTTP request in given TCP connection. If so what is that mean for VS without persistence set and for example Round Robin LB? Without OC first TCP connection will be LB to first member, second to second and so on With OC first TCP connection (and in turn first HTTP request) will be LB to first server, second HTTP request in the same TCP connection to second server and so on Piotr
HTTP ERROR: Couldn't open socket connection to server http://....... prior to connect()
Hi Guys: There is a solution balancing links with two Big-IP 2000s Lik Controller, is working properly. The solution is working with the functionality of the Wide-IPs actually it has 11 wide-IPs and are working well, but there is one that is generating connectivity issues and presents a random error. Apparently this error occurs when large numbers of queries are made. -ERROR: wsdl error: Getting http://app.domain.com.pe/edi/sisws.asmx?wsdl - HTTP ERROR: Couldn't open socket connection to server http://app.domain.com.pe/edi/sisws.asmx?wsdl prior to connect(). This is often a problem looking up the host name. I describe the flow Connection of this web service that is having problems. The user searches the web delegated by the ISP CNAME to F5 The F5 responds with app.b.domain.com.pe (Wide-IP) and the user shows the website. The user enters the correct page and authenticates when you perform a query operation is when a patient presents random error lines shown above. -FLOW. app.domain.com.pe (ISP-CNAME) >>> app.b.domain.com.pe (F5) >>> vs_ISP1, vs_ISP2 >>> Pool_APP (1 member) I really do not know what would be happening, since the service worked fine before configure you as Wide-IP. That is, when only estab configured as virtual server only worked well, but when the wide-ips are set up to be swinging by two bonds (DNS resolution) start these problems. -Wide-IP gtm pool /Common/app.domain.com.pe { fallback-mode ratio load-balancing-mode least-connections members { /Common/LB1.domain.com.pe:/Common/vs_CLARO_APP { order 0 } /Common/LB1.domain.com.pe:/Common/vs_TdP_APP { order 1 } } } Note: I could see that in the wide-IP is configured TTL default (30 seconds). This could be causing me this error on page when making inquiries or information recorded on the website. I hope some of you can give me some support on this issue that has become critical. Regards. John