Applying Analytics profile to VS changes chunking behavior?
Hi, I was doing some test (v11.2.0HF7) and for some reason two almost identically configured server was delivering different responses to the client: One chunked Second not chunked Both VS were sending traffic to the same backend server, using same settings for Response Chunking: Selective After long trial&error it turned out that disconnecting Analytics profile from VS disables chunking of the reply send to client. Why so? Is that bug or expected behavior? In Analytics profile options enabled as below: ltm profile analytics my-analytics { alerts none app-service none captured-traffic-external-logging disabled captured-traffic-internal-logging enabled collect-geo disabled collect-http-throughput enabled collect-ip disabled collect-methods enabled collect-page-load-time enabled collect-response-codes enabled collect-server-latency enabled collect-url enabled collect-user-agent disabled collect-user-sessions disabled collected-stats-external-logging disabled collected-stats-internal-logging enabled defaults-from analytics description none notification-by-email disabled notification-by-snmp disabled notification-by-syslog disabled notification-email-addresses none partition Common remote-server-ip any6 remote-server-port 514 remote-server-syslog-facility local0 sampling-ratio 1 session-timeout-minutes 30 smtp-config none traffic-capture { capturing-for-my-analytics { app-service none captured-protocols all client-ips none methods none node-addresses none request-captured-parts headers request-content-filter-search-part none request-content-filter-search-string none response-captured-parts headers response-codes none response-content-filter-search-part none response-content-filter-search-string none url-path-prefixes none user-agent-substrings none virtual-servers none } } trust-xff enabled } Is any of above setting forcing VS to send chunked response to client? Piotr
Applying Analytics profile to VS changes chunking behavior?
Hi, I was doing some test (v11.2.0HF7) and for some reason two almost identically configured server was delivering different responses to the client: One chunked Second not chunked Both VS were sending traffic to the same backend server, using same settings for Response Chunking: Selective After long trial&error it turned out that disconnecting Analytics profile from VS disables chunking of the reply send to client. Why so? Is that bug or expected behavior? In Analytics profile options enabled as below: ltm profile analytics my-analytics { alerts none app-service none captured-traffic-external-logging disabled captured-traffic-internal-logging enabled collect-geo disabled collect-http-throughput enabled collect-ip disabled collect-methods enabled collect-page-load-time enabled collect-response-codes enabled collect-server-latency enabled collect-url enabled collect-user-agent disabled collect-user-sessions disabled collected-stats-external-logging disabled collected-stats-internal-logging enabled defaults-from analytics description none notification-by-email disabled notification-by-snmp disabled notification-by-syslog disabled notification-email-addresses none partition Common remote-server-ip any6 remote-server-port 514 remote-server-syslog-facility local0 sampling-ratio 1 session-timeout-minutes 30 smtp-config none traffic-capture { capturing-for-my-analytics { app-service none captured-protocols all client-ips none methods none node-addresses none request-captured-parts headers request-content-filter-search-part none request-content-filter-search-string none response-captured-parts headers response-codes none response-content-filter-search-part none response-content-filter-search-string none url-path-prefixes none user-agent-substrings none virtual-servers none } } trust-xff enabled } Is any of above setting forcing VS to send chunked response to client? Piotr
ASM - confusion about Wildcard, Selective, All Entities
Regarding the "Explicit Entities Learning" in ASM 11.6, i am failing to understand "Selective" case. I understood that: Wildcard, the policy will include only a * Selective, ??? Full Entities, the policy will enforce all entities after all loosing/tightening period. What about Selective? I am confused what it means and when it is used.... Can you please provide an example? The manual encrypted definition is: Never (wildcard only)Specifies that when false positives occur, the system suggests relaxing the settings of the wildcard. This option results in a security policy that is easy to manage, but is not as strict. If Policy Builder is running, it does not add explicit entities that match a wildcard to the security policy. The wildcard entity remains in the security policy. The Policy Builder changes the attributes of any matched wildcard. If not running, Policy Builder suggests changing the attributes of matched wildcard entities, but does not suggest you add explicit entities that match the wildcard entity. SelectiveApplies only to * wildcard entity. When false positives occur, adds an explicit entity with relaxed settings. This option serves as a good balance between security, policy size, and ease of maintenance. If Policy Builder is running, it adds explicit entities that do not match the attributes of the * wildcard, and does not remove the * wildcard. If Policy Builder is not running, the system suggests adding explicit entities that match the * wildcard. (Option not applicable to Redirection Domains.) Add All EntitiesCreates a comprehensive whitelist policy that includes all web site entities. This option results in a large, more granular configuration with stricter security. If Policy Builder is running, it adds explicit entities that match a wildcard to the security policy. When the security policy is stable, the * wildcard is removed. If Policy Builder is not running, the system suggests adding explicit entities that match the wildcard.
Using Selective ACK on Virtual Address
We have a 2 tier system whereby Tier 1 needs to know quickly if Tier 2 services have stopped, be that VS or the pools or the box itself. To that end we've setup an ICMP monitor at tier 1 to ping the VS at Tier 2 and we've configured the ICMP option within Virtual Address to be Selective (ie don't respond if VS is red). This works well most of the time. However every now and again we'll see that a service has been marked down at Tier 1 and the ICMP monitor is the one saying it had marked the service down. You go to Tier 2 and the VS is green (it has been down but come back up) and a TCPDUMP shows that the ICMP request is getting to Tier 2 but Tier 2 is NOT sending an ICMP response. Typically the only fix is to reboot the Tier 2 box - which is not ideal in a production environment. I have opened a case with F5 for this but wondered if anybody else had come across something similar etc.