route
11 TopicsiRule HTTPS(443) to HTTPS(8701)
I am having difficulty finding a iRule or creating that would auto route HTTPS(443) to HTTPS(8701). I have set up HTTP(80) to HTTPS(8701) that was pretty straight forward using this when HTTP_REQUEST { HTTP::redirect https://[getfield [HTTP::host] ":" 1]:8701[HTTP::uri] } Any help will be greatly appreciated.354Views0likes2CommentsGRE Tunnel From F5 to Linux Server
Hi, I have 2 redhat 6 linux servers that have a GRE tunnel configured between them as follows: GRE1 Linux Server: ONBOOT=yes DEVICE=tun0 TYPE=GRE MY_INNER_IPADDR=192.168.255.2 PEER_INNER_IPADDR=192.168.255.1 PEER_OUTER_IPADDR=1.1.1.1 MY_OUTER_IPADDR=2.2.2.2 GRE2 Linux Server: ONBOOT=yes DEVICE=tun0 TYPE=GRE MY_INNER_IPADDR=192.168.255.1 PEER_INNER_IPADDR=192.168.255.2 PEER_OUTER_IPADDR=2.2.2.2 MY_OUTER_IPADDR=1.1.1.1 This is working just fine and I can ping both inner IPs from both directions. I would like to replace GRE2 with an F5 and have it provide the exact same GRE tunnel to GRE1 I've tried creating the tunnel and assigning a self IP, however, I can't seem to get ping to work and I'm confused on where each of the IP addresses would go in the F5 configuration (MY_INNER_IPADDR, PEER_INNER_IPADDR, etc). I'm looking for advise on how to mimic the configuration in GRE2 onto the F5. Thanks!Solved742Views0likes2CommentsCannot add F5 net route
Hello! I am scratching my head because I can't see why this static route is not being added to the config. The "x" is replaced with a usable 1-254 IP. Existing config: net self INT-350_NET1_PRIMARY_IP { address x.159.222.101/24 allow-service { default } traffic-group traffic-group-local-only vlan INT-350 } net self INT-350_NET1_FLOATING_IP { address x.159.222.103/24 allow-service { default } floating enabled traffic-group traffic-group-1 unit 1 vlan INT-350 } net vlan INT-350 { if-index 448 interfaces { n7k-Po16 { tag-mode service tagged } } tag 350 } root@(sfltm1)(cfg-sync Standalone)(Active)(/Common)(tmos) load sys config merge from-terminal Enter configuration. Press CTRL-D to submit or CTRL-C to cancel. net route INT-350_NET1_ROUTE { gw x.159.222.254 network x.159.222.0/24 } Loading configuration... 01070666:3: Static route duplicates Self IP x.159.222.0 / 255.255.255.0 implied route Unexpected Error: Loading configuration process failed.845Views0likes8CommentsiControl or script to get dynamic route from F5
Hi I currently use F5 with dynamic routing (Learn BGP dynamic route from neighbor router). Problem is sometimes router can't send me route and all dynamic route is gone. (we got downtimes and there is no alert to us) Do we have iControl script or any script command to get route list from F5 ? I only know tmsh command to get dynamic route. So there will be alert to us when routing have a problem. Thank you431Views0likes1CommentAdded route on F5 APM not showing up on my device
hello everyone I added a route on our F5 APM, however I am not able to see it on my device. netstat -rn shows nothing for that subnet. I also check on F5 Big IP Client -> View details -> Routing Table my subnet is not there. I added my route on F5 -> Network -> Routes -> add and I choose gateway. When I manually add the route on my device using sudo route -n add -net x.x.x.x/24 x.x.x.x it is working. Am I missing something why my subnet isnt showing up? thank you!565Views0likes1CommentAre NTP and DNS traffic management type or not?
Hello everyone, I'm system engineer in integrator company and currently I have one PoC of AWAF project with a customer. I have little experience of working with f5 devices, so I have one question and it'll help me a lot in future to analyze how BIG-IP devices. I've done some research in documentations but I couldn't find clear answer on topics, which type of traffic is considered as Data Traffic and which one is Management? For example NTP and DNS traffic should use management route or TMM route (I mean the case when there is no direct path to the destination DNS/NTP servers)? I thought that BIG-IP devices will use management route (management gateway) to do DNS queries and time synchronization, so I asked customer to grant access on firewall from management interface to the destination servers, but it didn't work. Then I've captured traffic via tcpdump and I realized that BIG-IP devices try to use TMM default route instead. But I've read in this article - https://support.f5.com/csp/article/K13284 that NTP is management traffic. Also this article - https://support.f5.com/csp/article/K7017 says that during the device boot, ntpd daemon is starting before TMM, so if it has no route via management interface, time synchronization will fail. So, I'm a little confused, what should I ask customer, open access from TMM interface for DNS, NTP, also for Signature Updates? I just do not understand logically, why NTP, DNS and system update do not use management routes? If all of them are considered as a data traffic, than what is management route used for? Only for accessing management GUI and SSH, is that correct? Sorry for a long question, but I really want to understand the platform's logic of traffic routing, to be able to operate it and correctly implement it with the customer. Thanks in advance. // Giorgi1.8KViews0likes5CommentsStatic route gateway X.X.X.X is not directly connected via an interface
Hello, When verifying bigip.conf file, an error is reported about a network route. But the error has no reason to be there. Here is the error: &&&&&&&&&&& load sys conf file /config/bigip.conf verify Validating system configuration... . . Validating configuration... /config/bigip.conf 01070330:3: Static route gateway 10.10.99.254 is not directly connected via an interface. Unexpected Error: Validating configuration process failed. &&&&&&&&& When I then exit tmsh and look at my network configuration I see that 10.10.99.254 is on the same network as one of my interfaces. netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.1.0 0.0.0.0 255.255.255.252 U 0 0 0 HA 127.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 tmm0 127.3.0.0 0.0.0.0 255.255.255.0 U 0 0 0 mgmt_bp 192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan20 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.220.220.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan220 10.194.94.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan194 127.2.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.1 10.10.96.0 0.0.0.0 255.255.252.0 U 0 0 0 vlan1 &&&& LOOK HERE &&&& 0.0.0.0 10.10.99.254 0.0.0.0 UG 0 0 0 vlan1 &&&&&&&&&& This configuration is up and running. I can even ping 10.10.99.254... I am just worried this error hides something more serious. fyi we run version BIG-IP 11.3.0 Build 3144.51 Engineering Hotfix HF8 thanking you in advance Alberto4.8KViews0likes7CommentsDo I need a "Route" configured for route domain 0?
Hi all, I'm currrently using route domain 0 for everything on the Big-IP. I've not created any other route domains. When I go to Network > Routes, there are no routes listed. Do I need to create a default route for route domain 0? What does route domain 0 use as its default route if I don't specify one?518Views0likes11CommentsRoute Problem ?
Hi, I want to expose my sap portal to the internet so i configured ASM policy (recommended by F5 template HTTPS). My problem is that the virtual server and the node (sap portal server) is not in the same subnet, in my my F5 configuration i have only 1 subnet so when the F5 wants to go to sap server he must use his default gatway. The status is that i can see my request in the ASM log but i cant see the sap portal page. I check my network routing and i don't have any routing problem (i make a telnet session from F5 to the portal server ) in the network i think the problem is because the virtual server and the node are not in same subnet. Please help Regards Rafi236Views0likes3Comments