Redirect on user browser inactivity on LTM VIP
We have a type Standard F5 LTM VIP (no APM, no ASM, just LTM) with a pool of application servers. Only SSL, TCP and HTTP profiles are applied to that VIP. Connection is made by browser to URL https://www.mysite.com/mypage and web page content displayed. All good at this point. Then a user is idle for 20 minutes doing nothing. We want in this case of inactivity to send http redirect from F5 to a user browser to redirectto https://www.mysite.com Again this is a very basic VIP; beside TCP profile idle timeout I don't see any other posisble timeouts and TCP idle timeout is totally different from what we want to do... Any suggestion how our goal can be achieved? Thanlk yuo in advance!
VIP not reachable
Hi, I have following simple virtual server on a 11.5.1 system; ltm virtual /ITSS/live-fisheye-temp-vs { destination /ITSS/2.170.236.64:8060 ip-protocol tcp mask 255.255.255.255 partition ITSS profiles { http { } tcp { } } rules { _sys_https_redirect } source 0.0.0.0/0 source-address-translation { type automap } vlans { EXT-WIN-11 } vlans-enabled vs-index 592 } ` ` And the VIP: ``ltm virtual-address /ITSS/2.170.236.64 { address 2.170.236.64 mask 255.255.255.255 partition ITSS traffic-group traffic-group-2 unit 2 } ping works, but a telnet 2.170.236.64 8060 keeps stuck at 'Trying 2.170.236.64...' I tried re-enabling the VIP and ARP status, but to no avail. I can reach other addresses in that range and on that traffic group. A telnet 2.170.236.64 8060 on the bigip works. I see no response back to my computer or to the gateway using telnet. The gateway has the correct VLAN mac address for the listener. Ideas?
VS Precedence
Hi I have a question relating to VS precedence and which VS would process the packet in the following example: Packet - destination IP > 10.10.10.10 destination port > TCP/80 VIP-A 10.10.10.0:80 protocol tcp mask 255.255.255.0 VIP-B 10.10.10.10:80 protocol udp mask 255.255.255.255 My understanding having read https://support.f5.com/kb/en-us/solutions/public/6000/400/sol6459.html is that there is a higher emphasis on the VS with the longest subnet match. However, in the in above example, this would be VIP-B - but the protocol for this VS is UDP. Would VIP-B process the request and subsequently drop traffic - or is the BigIP intelligent enough to match on a VS with a lower precedence, but one that has the correct protocol configured? Many thanks Lee
VS Precedence
Hi I have a question relating to VS precedence and which VS would process the packet in the following example: Packet - destination IP > 10.10.10.10 destination port > TCP/80 VIP-A 10.10.10.0:80 protocol tcp mask 255.255.255.0 VIP-B 10.10.10.10:80 protocol udp mask 255.255.255.255 My understanding having read https://support.f5.com/kb/en-us/solutions/public/6000/400/sol6459.html is that there is a higher emphasis on the VS with the longest subnet match. However, in the in above example, this would be VIP-B - but the protocol for this VS is UDP. Would VIP-B process the request and subsequently drop traffic - or is the BigIP intelligent enough to match on a VS with a lower precedence, but one that has the correct protocol configured? Many thanks Lee
Export VIP, Cert CN and Cert expiration date
Hi all, Client has requested the following information; VIP NAME, VIP IP, Cert CN + Cert Duration. I have a script that exports VIP and Pool, was hoping to collate all the information into this if possible. virtuallist=$(tmsh list ltm virtual | grep virtual | cut -d' ' -f3 | tr "\n" " " ); for v in $virtuallist ; do DEST=""; POOL=""; MEMB=""; DEST=$(tmsh list ltm virtual $v | grep destination | cut -d' ' -f6) POOL=$(tmsh list ltm virtual $v | grep pool | cut -d' ' -f6) MEMB=$(tmsh list ltm pool $POOL | egrep 'address '| sed '$!N;s/\n/ /') if [ "$POOL" != "" ]; then echo ""; echo " Virtual: $v - $DEST"; echo " Pool: $POOL"; echo "$MEMB"; else echo ""; echo "!! Virtual $v $DEST has no pool assigned"; echo ""; fi done :wq Cert expiry can be listed from - tmsh list sys file ssl-cert expiration-string Have noticed CN can be pulled using regex - regexp {CN=([^,]+)} [mcget {session.ssl.cert.subject} ] CNFull CNValue; return $CNValue Would there be a way to compilate this all into one script? I am very new to F5 and scripting, any help would be appreciated.
Can you stop RST from being sent by VIP
I work for a large regional public transportation company. We are in the beginning process of rolling out phones with a VoIP over the top application on them. This will eliminate the need for radios (radio transmittion towers are now very expensive). I have determined that, for whatever reason, these phones send a DNS request on TCP port 853 and with that the VIP sends an RST to the requesting phone. That in turn resets the connection, the VoIP app beeps, disconnects for 30 sends, and then reconnects. I have both the phone and app vendor looking at this but thought I would see what it would take to mask this problem from the F5 side. I do realize that all DNS traffic currently hits this VIP, so at this time I am only exploring my options. John