vip
36 TopicsNot able to change virtual server traffic group from traffic-group-local-only to traffic-group-1
We have two LTM device in which i observe one virtual server is missing in secondary device. I checked the virtual server configuration in primary that virtual server configure in traffic group from traffic-group-local-only now i am changing the traffic group but it is not changing. Is there any way to change it?Solved66Views0likes1Commentpool members can't connect to another Virtual Server
Hello, for sure this is a problem already addressed but I have an issue with a client that is part of a pool behind a Vip. If from this client I attempt a connection to another Vip I get no response while the connection works in case I make the connection to my Vip. My client route to the Vip network is the F5 interface. Is there something wrong? I am attaching a diagram that is maybe better than a thousand words....Solved769Views0likes3CommentsRedirect on user browser inactivity on LTM VIP
We have a type Standard F5 LTM VIP (no APM, no ASM, just LTM) with a pool of application servers. Only SSL, TCP and HTTP profiles are applied to that VIP. Connection is made by browser to URL https://www.mysite.com/mypage and web page content displayed. All good at this point. Then a user is idle for 20 minutes doing nothing. We want in this case of inactivity to send http redirect from F5 to a user browser to redirectto https://www.mysite.com Again this is a very basic VIP; beside TCP profile idle timeout I don't see any other posisble timeouts and TCP idle timeout is totally different from what we want to do... Any suggestion how our goal can be achieved? Thanlk yuo in advance!469Views0likes3CommentsVIP not reachable
Hi, I have following simple virtual server on a 11.5.1 system; ltm virtual /ITSS/live-fisheye-temp-vs { destination /ITSS/2.170.236.64:8060 ip-protocol tcp mask 255.255.255.255 partition ITSS profiles { http { } tcp { } } rules { _sys_https_redirect } source 0.0.0.0/0 source-address-translation { type automap } vlans { EXT-WIN-11 } vlans-enabled vs-index 592 } ` ` And the VIP: ``ltm virtual-address /ITSS/2.170.236.64 { address 2.170.236.64 mask 255.255.255.255 partition ITSS traffic-group traffic-group-2 unit 2 } ping works, but a telnet 2.170.236.64 8060 keeps stuck at 'Trying 2.170.236.64...' I tried re-enabling the VIP and ARP status, but to no avail. I can reach other addresses in that range and on that traffic group. A telnet 2.170.236.64 8060 on the bigip works. I see no response back to my computer or to the gateway using telnet. The gateway has the correct VLAN mac address for the listener. Ideas?436Views0likes2CommentsVS Precedence
Hi I have a question relating to VS precedence and which VS would process the packet in the following example: Packet - destination IP > 10.10.10.10 destination port > TCP/80 VIP-A 10.10.10.0:80 protocol tcp mask 255.255.255.0 VIP-B 10.10.10.10:80 protocol udp mask 255.255.255.255 My understanding having read https://support.f5.com/kb/en-us/solutions/public/6000/400/sol6459.html is that there is a higher emphasis on the VS with the longest subnet match. However, in the in above example, this would be VIP-B - but the protocol for this VS is UDP. Would VIP-B process the request and subsequently drop traffic - or is the BigIP intelligent enough to match on a VS with a lower precedence, but one that has the correct protocol configured? Many thanks Lee271Views0likes2CommentsVS Precedence
Hi I have a question relating to VS precedence and which VS would process the packet in the following example: Packet - destination IP > 10.10.10.10 destination port > TCP/80 VIP-A 10.10.10.0:80 protocol tcp mask 255.255.255.0 VIP-B 10.10.10.10:80 protocol udp mask 255.255.255.255 My understanding having read https://support.f5.com/kb/en-us/solutions/public/6000/400/sol6459.html is that there is a higher emphasis on the VS with the longest subnet match. However, in the in above example, this would be VIP-B - but the protocol for this VS is UDP. Would VIP-B process the request and subsequently drop traffic - or is the BigIP intelligent enough to match on a VS with a lower precedence, but one that has the correct protocol configured? Many thanks Lee181Views0likes0CommentsExport VIP, Cert CN and Cert expiration date
Hi all, Client has requested the following information; VIP NAME, VIP IP, Cert CN + Cert Duration. I have a script that exports VIP and Pool, was hoping to collate all the information into this if possible. virtuallist=$(tmsh list ltm virtual | grep virtual | cut -d' ' -f3 | tr "\n" " " ); for v in $virtuallist ; do DEST=""; POOL=""; MEMB=""; DEST=$(tmsh list ltm virtual $v | grep destination | cut -d' ' -f6) POOL=$(tmsh list ltm virtual $v | grep pool | cut -d' ' -f6) MEMB=$(tmsh list ltm pool $POOL | egrep 'address '| sed '$!N;s/\n/ /') if [ "$POOL" != "" ]; then echo ""; echo " Virtual: $v - $DEST"; echo " Pool: $POOL"; echo "$MEMB"; else echo ""; echo "!! Virtual $v $DEST has no pool assigned"; echo ""; fi done :wq Cert expiry can be listed from - tmsh list sys file ssl-cert expiration-string Have noticed CN can be pulled using regex - regexp {CN=([^,]+)} [mcget {session.ssl.cert.subject} ] CNFull CNValue; return $CNValue Would there be a way to compilate this all into one script? I am very new to F5 and scripting, any help would be appreciated.443Views0likes1CommentHelp with Local Traffic Policy with streaming app. and basic understanding.
This is a homelab to have a better understanding of F5 BIG-IP and appercaite any help. For testing purpose I have setup a PLEX server for streaming service and will be setting up a Horizon View UAGs. I only have one public IP address and thanks to others I have setup a external VIP using a local traffic policy. I am running into couple issues with the policy. I have been doing a lot of reading but still missing something.I created a local traffic policy that matches "HTTP Host to abc.domain.com" that points to a virtual server for PLEX. If the VS is set to use the policy PLEX works via the web interface and the macOS apps works however using PLEX iOS/iPadOS app fails. It does not connect back. I have changed "forward traffic to pool and node" and still same problem. If I change the resourse setting to use "default pool" to the PLEX pool and remove the policy. The app works. I have done a tcpdump on F5 as well proxy capture of an iOS device and cipher suite are correct. I have looked at the ltm log but not seeing any errors. I have made multiple changes with SSL Profile on client/server but no luck. Any suggestions what would cause the app not to work using policy but works when default pool is set? What other troubleshooting should I look at?Solved1.6KViews0likes5CommentsLooking for Setup Advice
Hello, I am looking for some advise for setting up a F5 Big-IP that can accomplish the following things. I only have one public IP address but will be hosting muliple services. I am looking at setting up one VIP that's open to public with ports that are required then when hitting FQDN that it redirects to VIP that is hosting service. Example mysite1.domain.com goes to VIP 10.10.10.100, mysite2.domain.com goes to VIP 10.10.10.110, so on. Is this done by iRule, reverse proxy, or policy. What's the best pratice for setting something up like this. Thanks in advance for the help.Solved1.5KViews0likes8Comments