Big-IP Next 20.2.0-2.375.1+0.0.43 iRule count problem
I have very simple iRule to show the problem: when HTTP_REQUEST { set Client_IP [IP::client_addr] if { ($Client_IP starts_with "x.x.x.x") && ([HTTP::uri] equals "/seed") } { table set -subtable TABLE "key1" "value1" 30 table set -subtable TABLE "key2" "value2" 15 table set -subtable TABLE "key3" "value3" 45 HTTP::respond 200 content "Done" TCP::close return } set key_value "key1" set key_value2 "key2" set key_value3 "key3" set count [table keys -subtable TABLE -count] HTTP::respond 200 content " Remaining timeout / defined timeout for ${key_value} => [table lookup -notouch -subtable TABLE ${key_value}] [table timeout -subtable TABLE -remaining ${key_value}]/[table timeout -subtable TABLE ${key_value}] Remaining timeout / defined timeout for ${key_value2} => [table lookup -notouch -subtable TABLE ${key_value2}] [table timeout -subtable TABLE -remaining ${key_value2}]/[table timeout -subtable TABLE ${key_value2}] Remaining timeout / defined timeout for ${key_value3} => [table lookup -notouch -subtable TABLE ${key_value3}] [table timeout -subtable TABLE -remaining ${key_value3}]/[table timeout -subtable TABLE ${key_value3}] Count TABLE ${count}" } It looks like table -keys -subtable <tablename> -count don't work properly: Remaining timeout / defined timeout for key1 => value1 27/30 Remaining timeout / defined timeout for key2 => value2 12/15 Remaining timeout / defined timeout for key3 => value3 42/45 Count TABLE 0 My expected output would be 3 (as it is not timeouted), not 0. Can someone check if I am correct? Or tell me how I can count not expired entries in table.87Views0likes4CommentsF5 Rseries HA
Dears, I know that there is no HA between rseries appliance, and the HA will be configured between tenants on each appliance, my question her about when i prepare to configure HA between Tenant so before making this i will configure the network setting and VLAN on F5OS so I will need a dedicated interface and HA VLAN between two tenants on each appliance so what is the next step after I configured the network setting on Appliance (F5OS), and what i need to confirm on the network setting that i will configure on each appliance (F5OS) to make HA between the two tenants37Views0likes2CommentsImport PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP
We have more than 160 BIG-IP Virtual Edition with version 15.1.10.3 build 0.0.12. We need to import, in each one, an SSL Certificate in PFX/PKCS 12 format in the path System ›› Certificate Management: Device Certificate Management: Device Certificate. We looked in the documentation and the KB but we couldn't find a way to do it. Has anyone dealt with this and have a solution to do it via Script, CLI or API? Thank you.24Views0likes1CommentOverwriting or adding LTM SSL Traffic cert and key using iControlREST
Hi, I am trying to overwrite an existing cert and key within the LTM SSL Traffic cert and key using iControlREST. Here is the basic process, and result of each step. Upload key and cert PEM files to the uploads directory. I have tried this step both inside and outside of a transaction with the same result. This works fine. Create a transaction using the transaction REST endpoint. This works fine. Add a command to install the key over the desired SSL Traffic key referencing the local path from step 1 with the transaction id in the header. The command is set to install and from-local-file. Successfully added to the transaction commands. Add a command to install the key over the desired SSL Traffic cert referencing the local path from step 1 with the transaction id in the header. The command is set to install and from-local-file. Successfully added to the transaction commands. Get the transaction commands just to observe the contents. The commands are present, and the paths are correct per steps 3 & 4 above. Attempt to commit the transaction, and receive the failure with a message like the one below. message=transaction failed:01070712:3: file (/var/system/tmp/tmsh/GexeqO/IIS-F5v13.key) expected to exist. As you can see, F5 is looking in a different directory than specified in steps 3 & 4. I've closely examined all requests and responses using Fiddler, and there's no way to determine the randomly generated sub directory name ('GexeqO' in this particular case). It is different each transaction. Also note, this happens even when not overwriting existing entries. But I am using a transaction so that I don't get the 'key and certificate do not match' message. Any insights would be tremendously helpful. Best, Gary610Views2likes6CommentsTCP RST from remote system error in F5
Hi, I am unable to access the URL externally that i have defined in F5 for reverse proxy and it shows an error connection refused by host and the below error in F5 R 162:162(0) ack 982 win 5121 out slot1/tmm1 lis=/Common/vs_ext_skype__https flowtype=64 flowid=570065ECFE00 peerid=570065CB5D00 conflags=4820124 inslot=63 inport=55 haunit=1 rst_cause="[0x19080da:2106] {peer} TCP RST from remote system" peerremote=00000000:00000000:0000FFFF:0A606211 peerlocal=00000000:00000000:0000FFFF:0A606204 remoteport=4443 localport=60380 proto=6 vlan=98 Can this be any error in F5 config2.8KViews0likes4CommentsBig-Ip Edge Client specials characters problems
Hello, I have installed the big-ip edge client version 7.2.4.5 with APM modern and I have some problem with specials characters in FRENCH as shown on the screenshot. What do I need to do ? I tried to modify the text on the general customization but I got an script error after that. Regards, Miguel Campos34Views0likes1CommentF5 Not sending traffic to Pool Members
Hello guys, I have an issue with our F5 devices, we have 2 devices in a cluster in an Active and standby state. we noticed the issue started about two weeks ago, the active F5 just stops sending traffic to the pool member behind the VS, we tried some couple of troubleshooting whenever this occurs we check the var/log/ltm and var/log/monitor logs for the pool affected but we cant see any stating a failure. we changed the health monitor and it is still the same. we can confirm that it is not the network because the other pools are working fine and checkup was done on the affected server to confirm all services and functions are working as should. Even after deleting and adding the pool member back to the pool, F5 doesn't send traffic to it. what i noticed is the statistics page show bits in without any bits outs also for packets Please what can cause this as it is an intermittent issue that occurs almost daily. we have to failover to the secondary device before F5 starts sending traffic out to pool member, this is a production issue as application server stops working(stops recieving traffic) until an administrator is able to do this.120Views0likes3Comments