iControl REST - Finding a pool with a specific member
Hi, Would anyone know of a shortcut to finding a pool (or pools) with a specific member? In the WebGUI (v13.1.3) when viewing the properties of a node there is a Pool Membership tab. It will show what pools the node is a member of. I would like to use an iControl REST call to determine the same thing. I have the code to get the list of pools with their basic properties. One of the pool's properties is the memberReference link. I can use this link to get a list of pool members with properties including memberName (nodeName:port), IPaddress, etc. Potentially I could query every pool (500+) and build a list of pool members with the properties like: PoolName, memberName, IPaddress.... Then I could scan this list for either the node or the node's IP address. It's a bit of a pig. Just thought there might be a quicker way. ...Patrick
How do I enable and disable pool members using iControlREST
Hi I'm trying to the following PUT request to enable a pool member (IP's masked out): https://10.102.xx.xx/mgmt/tm/ltm/pool/~QA~pool_vcoza_portal_UAT/members/~QA~10.102.xx.xx:9001 My request has the following body and Content-Type: application/json { "state" : "up" } I get the following result back: {"code":400,"message":"invalid property value \"state\":\"up\"","errorStack":[]} However, doing the same kind of thing for other properties, dynamicRatio for example, does work. Please help!
OCSP health monitor
Hey Guys, Sort of in a time crunch. I am looking for a way to create a health monitor the would monitor OCSP request instead of http/https. I've seen/read somewhere on the forums that is could be by an external script ? but not sure how that would be done. I have a pool of OCSP validators which work for http health monitor but that's not what our sec team is looking to get monitored. Any help is appreciated. Thanks
iRule for selecting different pools collect from ldap-query
Does anybody have an idea for an irule. I want to select different LDAP-Pools (which different LDAP-Servers) and it depents on the Data in a LDAP-Query to my LDAP Virtual Server. As an example: If DC=DOM1 then LDAP-Pool "DOM1" should select. If DC=DOM2 then LDAP-Pool "DOM2" should select.
SSL issue
Hello there, We have a F5 LTM and a virtual server configured to a server in port 443, the topology is: Computer --> F5 LTM --> switch --> server When we try to connect to the server through https we saw the message "Connection reset" in the browser, but if we try to connect without passing the F5 the connection is successful. We don't have configured any SSL client profile or server. This is the configuration on F5: #Virtual Server #________________________________________________________________________________ ltm virtual /Common/Server1 { destination /Common/10.1.5.X:443 ip-protocol tcp mask 255.255.255.255 pool /Common/Server1 profiles { /Common/tcp { } } source 0.0.0.0/0 translate-address enabled translate-port enabled } #________________________________________________________________________________ #Pools #________________________________________________________________________________ ltm pool /Common/Server1 { members { /Common/10.1.7.X:443 { address 10.1.7.X } } monitor /Common/https_443 } #________________________________________________________________________________ #Profiles #________________________________________________________________________________ # -Default Profile- ltm profile tcp tcp { ack-on-push enabled close-wait-timeout 5 congestion-control high-speed deferred-accept disabled delayed-acks enabled ecn disabled fin-wait-timeout 5 idle-timeout 300 keep-alive-interval 1800 limited-transmit enabled max-retrans 8 nagle disabled proxy-buffer-high 49152 proxy-buffer-low 32768 proxy-mss disabled proxy-options disabled receive-window-size 65535 reset-on-timeout enabled selective-acks enabled send-buffer-size 65535 slow-start enabled syn-max-retrans 3 time-wait-recycle enabled time-wait-timeout 2000 timestamps enabled } As you can see, we don't have any SSL client or server profile and we tried changing "translate-port" to disabled and "Source Address Translation" to auto map but none of these work. Also we made a tcpdump and we can see the TCP Reset from 10.1.7.X (tcpdump.png) and some curl (curl.png), openssl (openssl.png and openssl2.png) and a telnet (telnet.png). Hope you can help us to find out what's going on. Thank you.
HA Group and pools
Hi, According to what I read it seems that HA Group (HAG) is best suited for monitoring trunks and clusters (on VIPRION). Still pools can be used as well. My question is about what is best practice for configuring pools in HAG. I know article Best practices for the HA group feature - there is not a lot here except from avoiding pools with members that are not stable (can go down and up rapidly). I can see two scenarios when using pool makes sense: Same pool used on each device in HAG - each device has completely separate network path to members. So it is possible that member is down on one device and up on another. Quite simple to configure. Separate pools on each device pointing to different members - that is one that I am not sure how to implement. Second case is showed in this video Setting up HA Groups (part 2 of 2). One of the condition is that each device should have not only separate pool (A, B, C) but as well separate VS using those pools like that: BIG-IPA - VSA - PoolA BIG-IPB - VSB - PoolB ... As well easy to configure but there is one catch - in case of failover VS IP will change, so connections will be lost and there is some external method necessary to direct clients to new VIP - Am I right? So not a perfect solution. I can imagine that there is a way to switch pools assigned to the same VS depending on which device is Active (using iRule with HA::status and tcl_platform(machine)) - but is that good idea? Sure connections will be reset as well but there is no need to redirect clients to other VIP. Any other way to have same VIP on every device but using separate pools for HAG config? Any other scenarios for using pools in HAG? Piotr
