APM :: VMware View :: Blast HTML5
I'm trying to get the APM functioning with VMware View Blast client - and I am having quite the time. I have tried the iApp (1.5) but haven't been able to get that to function either. At the moment, I have a manual configuration based-off of the deployment guide. The deployment guide says to create a forwarding virtual server, and the iApp does the same thing. Neither of which seem to be working for me. So with the forwarding VS above created… I can log-in fine, the webtop displays, the RDP link I have works great... the Blast HTML5 link... not so much. If I click on the VMware View desktop shown above, it brings me to the following: The error shown above is thrown-around a lot by View, so it’s hard to say what the real problem is. I’ve seen that error displayed for straight-up communications issues in the past… which I think this is. If I do a tcpdump on the BIG-IP, I can see it trying to connect to 8443, but it cannot connect (SYNs… no SYN/ACKs). 11:27:30.022625 IP x.x.x.10.28862 > x.x.x.252.8443: Flags [S], seq 2246191783, win 4140, options [mss 1380,sackOK,eol], length 0 out slot1/tmm0 lis=/Common/xxxxxxxxxxxxxxxxxxxx-https Source is the floating IP, destination is the VS. I know 8443 is listening on the VMware View server because I can connect to it locally. And I know the VMware View server knows how to get back to the F5 because it populates the webtop with my available desktop(s) shown above. I tried converting the forwarding VS to standard, assigned a pool, etc… and it still did the same thing. SYNs… no SYN/ACKs. What might be telling though is the lis= above. It lists my main virtual server with the APM policy assigned. That makes me think though… Why is it trying to connect to that VS and not the forwarding VS? The forwarding virtual server is a better match no? In any event, yeah if the virtual server isn’t listening on 8443, of course it won’t reply back (my thought-process anyway). So I figure… welp, why not just try an “any” port VS… yeah not so much. If I manually remove the :0 and submit, it loads the same error about the certificate. Nothing shows-up in tcpdump trying to connect to 8443 either - so, a step back. If anybody happen to have any ideas for me, I would be really appreciative. Thanks!
BIG-IP : iRule return statement
From the docs : Causes immediate exit from the currently executing event in the currently executing iRule. iRule processing is not aborted, and subsequent events will be triggered and evaluated. Note that return does not: - cause an exit from the iRule altogether; - prevent the same event from firing in another iRule; or - prevent the same event with a higher priority value from firing in the same iRule. To prevent further processing of an event in the current rule or other rules for the current TCP connection, you can use 'event EVENT_NAME disable'. Here are my questions : How can the same event exist more than once within a single iRule ? Is 'current TCP connection' refer to a session that is maintained across multiple request-response sequences from a given client-browser ? Or does each new request initiate a new TCP connection ?irule class match each query param separately
Data Group dg1 param1=p11¶m2=p21 := host1 param1=p12¶m2=p22 := host2 The problem is that some request urls might list their query params in reverse order param2=p21¶m1=p11 Therefore I need to match query params individually. So I have two problems to solve : extract from [HTTP::query] the param segments for param1 and param2 determine if both param1_segment and param2_segment are found together in some key in dg1 So something like : set param1 "param1" set param2 "param2" set param1_segment = [[HTTP:query] $param1] set param2_segment = [[HTTP:query] $param2] if { (class match $param1_segment&$param2_segment equals dg1) or (class match $param2_segment&$param1_segment equals dg1) } { NOTE: I know the above is wrong in terms of both language elements and syntax. I'm just providing to better describe the problem I need to solve. Because my use-case might extend to 3 query params ( in any order ) it might be better to AND together class match for each query param segment.ADFS 3.0 Monitor not working
Hi All, I have been tussling with this for a couple of days now. I have used the links, http://www.f5.com/pdf/deployment-guides/microsoft-adfs-dg.pdf and https://devcentral.f5.com/articles/big-ip-and-adfs-part-5-working-with-adfs-30-and-sni to follow with no success. I have uploaded the script and set the variable but i still get the monitor down, when i browse directly to the server i am able to get to the sign in page, so I know at least ADFS configuration is correct. Below is the script i am using: !/bin/sh These argument This script expects the following Name/Value pairs: s supplied automatically for all external monitors: $1 = IP (nnn.nnn.nnn.nnn notation) $2 = port (decimal, host byte order) SNI = the host name of the SNI-enabled site URI = the URI to request RECV = the expected response Remove IPv6/IPv4 compatibility prefix (LTM passes addresses in IPv6 format) NODE= echo ${1} | sed 's/::ffff://' if [[ $NODE =~ ^[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$ ]]; then node is v4 NODE=${NODE} else node is v6 NODE=[${NODE}] fi PORT=${2} PIDFILE="/var/run/ basename ${0} .sni_monitor_${SNI}_${PORT}_${NODE}_sni.pid" kill of the last instance of this monitor if hung and log current pid if [ -f $PIDFILE ] then echo "EAV exceeded runtime needed to kill ${SNI}:${PORT}:${NODE}" | logger -p local0.error kill -9 cat $PIDFILE > /dev/null 2>&1 fi echo "$$" > $PIDFILE curl-apd -k -v --resolve $SNI:$PORT:$NODE https://$SNI$URI 2>&1 > /dev/null | grep -i "${RECV}" STATUS=$? rm -f $PIDFILE if [ $STATUS -eq 0 ] then echo "UP" fi exit Variable are: SNI= sso.mysite.com URI= adfs/ls/idpinitiatedsignon.htm RECV= HTTP/1.1 200 Please assist if you can. Thanks!11.4.0 unable to import 3M-record external data-file
f5 BIG-IP LTM VE v11.4.0 ESXi VM allocated with 200 gb hdd , 16 gb ram System > File Management > Data Group File List > Import > point to 3M-record data-file on disk ( 216 MB ) receive error : " File upload failed, please check log file for details " I review all logs but don't see any entries related to data-file load. System > File Management > iFile List > Import > point to the same 3M-record file I receive the same error. Examining /var/log/ltm I see : err diskmonitor: 011d0004: Disk partition _root_ has only 0% free but the timestamp of this error does not coincide with my attempted file uploads. I assume _root_ refers to the Linux disk partition -- why would I receive an error showing 0% free ? In /var/log i see tmm , tmm1 , tmm2 , tmm3bigstart restart now logs not being written
I successfully completed a bigstart restart sequence ( logs show everything coming back up as expected ). However, now logs that should be written by my irule are not being written. Also, I've been restarting BIG-IP to force data-group-files to be re-cached, but is there a better way ?
BIG-IP VE 11.1.0 LACP support
Hi! Could you please confirm that BIG-IP VE 11.1.0 doesn't support LACP trunking? As I see from web interface it's possible to create a trunk, but there is in option to choose LACP active or passive mode. Also, when I try to enable LACP on trunk using the tmsh I get the following: root@bigip1(Active)(/Common)(tmos) modify net trunk mytrunk lacp enabled01070687:3: Link Aggregation Control Protocol (LACP) is not supported on this platform. Thank you!iRule redirect to mobile site
Hi, I'm trying to create an iRule that will redirect users to site "www.mobilesite.com/slm/faces/m/index.jspx" if on mobile device else redirect to "https://mysite.com/OLA/faces/siteLocator.jspx". So far I have: when HTTP_REQUEST { if { [string tolower [HTTP::host]] contains "www.mobilesite.com"}{ switch -glob [string tolower [HTTP::header User-Agent]] { "*ipad*" - "*iphone*" - "*android*" - "*windows phone*" - "*windows ce*" - "*bada*" - "*bb10*" - "*blackberry*" - "*symbinos*" - "*symbain os*" - "*symbian*" - "*java*" - "*winowsphone*" - "*windowsce*" { HTTP::redirect "www.mobilesite.com/slm/faces/m/index.jspx" return } } } }
