What is the best practice for migrating from iseries to rseries?
hi ,we plan to migrate to new r-series F5 (v15.1.x) from i-series legacy appliance v13.x.x. We will create the same vlans and IP address config, but the physical interfaces will be different. The new r-series appliance is already licensed. What is the best practice for this migration? option1: import the whole UCS file to new r-series appliance. after importing the ucs to new appliance, what are the next steps to complete the whole migration? option2: copy the config for every module, for example to copy ltm config first, then gtm, final AFW ...... can someone please advise, thanks in advance!How are memory and disk allocated to different modules on bigip appliance?
hi, when doing "Resource Provisioning", the memory and disk space are auto allocated to LTM and ASM are shown as below. The amount of Memory and disk is minimum requirement, right? When a huge number of virtual server will be created later, will appliance auto allocate more spare memory and disk to the module? And what is he management module responsible for? Is it responsible for packet forwarding? should we set "Provisioning" to "Medium" or "Large" if the throughput is larger than 1Gbps? Can someone please advise? thanks in advance!
Problems connecting to vpn after upgrading to ubuntu 24.04
good afternoon, I have upgraded ubuntu to 24.04 and since then I can no longer connect correctly to the vpn with the f5 client. In the client it appears that I am connected to the vpn, but then I do not reach any of the sites and servers that with the 22.04 version if it arrived. Can you help me.
Is it possible to create a Single Pool with multiple ports ?
Am getting this error when i try to create a Pool with Any service ports 01070622:3: The monitor /Common/tcp has a wildcard destination service and cannot be associated with a node that has a zero service is there anyway we can create single pool which supports multiple ports ? we have the requirements for using more that 50 ports , and in the VIP config we can create a single vip with add the required ports from port list. How we can accomplish this Or creating a multiple pools and VIP's with different ports is the only option . Any help would be appreciated .Thanks in advance
Syslog traffic is not sending out from other blades/slots
Hi Community Members, I have F5 viprion's in my environment. The issue I am facing that syslog's are being sent out from primary viprion only but not from the blades and slots. Below are the slot and blades. I have added the log publisher and log destination profile with splunk IP but still no luck. How to fix the syslog issue from blade and slots ? exxvipr01 (Primary) exxvipr01blade2 exxvipr01slot7 exxvipr01slot6 exxvipr01slot5 exxvipr01blade3 exxvipr01blade4 exxvipr01slot8TCL Error possibly causing TCP Resets?
Good day all, Thanks for taking the time to read and hopefully respond with helpful suggestions on my issue. We are experiencing random TCP Reset / Forcibly closed connection issues from Windows Web Application Servers to our iPaaS DB servers and we are investigating traffic routing and a few other options. I've also recently discovered these "TCL Errors...." in our logs. Internet search suggests that improper iRules with [LB::server pool] configuration could cause TCP Resets. Based on the image of the logs below and the portion of irule that the logs reference, what is potentially incorrect with my code on lines 1 and 282?: iRule Lines 1 - 52: when HTTP_REQUEST { if { [HTTP::has_responded] } { return }; # X-Forwarded header clean-up if {[HTTP::header exists "X-Forwarded-Host"]}{ HTTP::header remove X-Forwarded-Host } if { [class match -- [string tolower [HTTP::header "User-Agent"]] contains "/Common/user_agent_blocklist"] } { log local0. "User_agent [HTTP::header "User-Agent"] is blocked. from: [IP::client_addr]" drop } if { [class match [string tolower [HTTP::host]] contains "/Common/user_agent_block_list_claudebot"] && [string tolower [HTTP::header "User-Agent"]] contains "claudebot" } { log local0. "User_agent [HTTP::header "User-Agent"] is blocked from: [IP::client_addr] for domain [HTTP::host]" drop } if { [HTTP::header "Referer"] contains "https://darknet-markets-onion.com"} { log local0. "Referer [HTTP::header "Referer"] is blocked. from: [IP::client_addr]" reject } if { [string tolower [HTTP::path]] contains "<redadcted>" && (![class match [IP::client_addr] equals "/Common/<redacted>"])} { log local0. "TDINTERNALWEBAPI dropping traffic from [IP::client_addr] to [HTTP::host][HTTP::uri]" drop } elseif { [string tolower [HTTP::uri]] starts_with "/<redacted>" || [string tolower [HTTP::uri]] starts_with "/<redacted>" } { if { !( [HTTP::header exists "X-Forwarded-Port"]) }{ HTTP::header insert X-Forwarded-Port [TCP::local_port clientside] } pool <pool_name> if { [class match "enabled" equals <redacted>] } { if { [string tolower [HTTP::uri]] starts_with "/<redacted>" } { HTTP::respond 503 content [ifile get <redacted>.json] "Content-Type" "application/json" } else { HTTP::respond 503 content [ifile get <redacted>.html] Cache-Control "no-store, must-revalidate" } } elseif { [active_members [LB::server pool]] == 0 } { if { [string tolower [HTTP::uri]] starts_with "/<redacted>" } { HTTP::respond 503 content [ifile get <redacted>.json] "Content-Type" "application/json" } else { HTTP::respond 503 content [ifile get <redacted>.html] Cache-Control "no-store, must-revalidate" } } } iRule Lines 272 - 294: else { pool <pool> if { [class match "enabled" equals <redacted>] } { if { [string tolower [HTTP::uri]] starts_with "/<redacted>" } { HTTP::respond 503 content [ifile get <redacted>.json] "Content-Type" "application/json" } else { HTTP::respond 503 content [ifile get <redacted>.html] Cache-Control "no-store, must-revalidate" (line 282)} } elseif { [active_members [LB::server pool]] == 0 } { if { [string tolower [HTTP::uri]] starts_with "/<redacted>" } { HTTP::respond 503 content [ifile get <redacted>.json] "Content-Type" "application/json" } else { HTTP::respond 503 content [ifile get <redacted>.html] Cache-Control "no-store, must-revalidate" } } } } I sincerely appreciate your time and energy in this. Thanks. - Paul C.
Scenarios where Service Policy should be used over iRule and Vice versa
can anyone help me with some examples where service policy should be used instead of using an iRule and vice versa but remember example should be where requirement can be acheived using both service policy and irule but wanted to know where service policy is best fit over irule and example where iRule is best fit over service policy
