Question regarding K22301343, extend /var/ folder after upgrade..
Hi all! We´ve been looking to extend the space of /var/ as it´s causing all types of problems for us when it´s gets full (which happens all the the time). So I´ve been reading and found this article, https://my.f5.com/manage/s/article/K22301343. We´re doing an upgrade at the same this so does anyone know if the /var/ needs to have been extended previously before doing this?? /Kim35Views0likes1CommentF5 VE on Proxmox
Has anybody been successful running F5 BIG-IP VE on Proxmox? Proxmox: Operating System: Debian GNU/Linux 10 (buster) Kernel: Linux 5.0.18-1-pve Architecture: x86-64 F5 VE: virtual edition 14.1.2.2 from downloads.f5.com I tried both qcow2 and .ova(scsi) licensing with trial license obtained from F5 single NIC mode According to https://clouddocs.f5.com/cloud/public/v1/matrix.html, Debian should be supported distribution. Following instructions on https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-ve-setup-linux-kvm-13-0-0/1.html. Creating new VM in Proxmox: OS: guest OS Linux, 2.6 Kernel, no media for OS Hard Disk: bus SCSI, VirtIO SCSI, NFS storage, QEMU format (qcow2), 100GB CPU: 4 sockets Memory: 8GB Network: bridge vmbr0 openvswitch with appropriate vlan tag, VirtIO, no firewall VM is created replacing just created qcow2 on remote storage with downloaded F5 qcow2 image. VM is started I am able to get prompt in Proxmox console, log in with default root account. But then mcpd keeps on restarting - constantly every few seconds. Logs show errors caused by permission errors. For some reason F5 is complaining that it cannot create "/shared/.snapshots_d/" because of permission problem. However permissions of "/shared" are OK. When I create .snapshots_d folder manually as root, mcpd no longer restarts, no more console errors... I run config utility to setup management IP/mask/gateway. As expected in single NIC mode, https port is automatically configured to 8443. I am able to reach GUI configuration utility and login as admin. Up until now everything looks fine. When trying to license the VM, I am able to generate dossier, also receive the generated license file from F5. But when I apply the license to the VM and click next, it acts as if nothing has happened. GUI keeps showing VE is not yet licensed. LTM logs says: err mcpd: License file open fails, Permission denied. "/config/bigip.license" has read permission for all and write for tomcat. Those are expected permissions for the license file. Funny though, content of /config/bigip.license is now actually populated with the correct new license. But "Registration Key" in "tmsh show sys hardware" is empty. There are several other file system related warnings or errors in logs.. so I suspect that the whole issue is with how F5 VE is accessing file system on Proxmox. But I don't know what to check or fix further. Is it even possible to run F5 VE on Proxmox? (although F5 clearly states it should be.) thx.2KViews0likes3CommentsHow to config BGP peering for F5 in HA-pair?
Hi I've setup F5 BGP peering with router and have problem due to we can't use floating IP as IP BGP neighbor address https://support.f5.com/csp/article/K62454350 . So we need to use self IP as IP BGP neighbor address. Problem is It's make router can't decide which path is correct when they send response traffic to F5. F5 active unit or standby unit. Router can't know status on F5. I try to add prepend on BGP which is standby unit and it's fine. but when standby unit takeover . it's failed again. Is there a way to deploy BGP with F5 HA-pair? Thank you2.6KViews0likes2Commentstcpdump flooded with failover packets
Hi, I often have a problem with tcpdump on clustered devices. If I e.g. start a dump like this: 'tcpdump -ni 0.0:p host 192.168.1.1' the terminal is flooded with messages like these every few microseconds: 13:20:56.003601 IP 1.1.1.2.44098 > 1.1.1.1.cap: failover_packet { failover_packet_cluster_mgmt_ip ip_address 10.10.10.10 failover_packet_slot_id uword 0 failover_packet_state ulong 5 failover_packet_sub_state ulong 0 failover_packet_monitor_fault ulong 0 failover_packet_hop_cnt uword 2 failover_packet_peer_signal ulong 0 failover_packet_version ulong 2 failover_packet_msg_bits ulong 2 failover_packet_traffic_grp_score ulong 8386 failover_packet_device_load ulong 2 failover_packet_device_capacity ulong 0 failover_packet_traffic_group_load ulong 2 failover_packet_build_num ulong 3944176344 failover_packet_next_active ulong 1 failover_packet_traffic_grp string `/Common/traffic-group-1` failover_packet_previous_active ulong 1 failover_packet_active_reason ulong 0 failover_packet_left_active_reason ulong 8 } out slot1/tmm0 lis= It's a little annoying, since with the 0.0:p I want to see the packet on client and server side (which SNAT-IP it uses, which member) - so the only possibility to get rid of it is to constantly exclude with grep -v Am I doing something wrong about TCPdump? Or is there any flag that disables these messages? Or is this due to a wrong configuration of the F5 itself? Or is it intended behavior?556Views0likes4CommentsPriority Group Activation Failback with HTTP Cookie Insert
Hello All, Can someone help me the below issue? We have a pool with 3 members. 2 members have high priority (Round Robin) and 1 member has low priority. When both the primary members go down, the low priority member should take over the traffic. We have Cookie Insert persistence enabled on the virtual server. In Cookie persistence, "Expiration: Session Cookie" enabled. When both the primary members were made down, the low priority member took over the traffic. When both the primary members came back UP, the traffic continued to go to low priority backend member. When the browser tab is closed and tried to access the URL in new tab, the traffic went to low priority backend member. When the browser window is closed and tried to access the URL in new tab, the traffic still went to low priority backend member. When the browser cookies were deleted and tried to access the URL in new tab, the traffic was taken over by the high priority members. This behavior is not desired and we need to force the LB to use high priority backend members as soon as they come UP. When user tries the connection from new browser or new tab, the traffic should go to high priority pool members. Please let me know how i can achieve the desired behavior. Regards823Views0likes4CommentsLTM - IP Fowarder Performance issues (Stateless Router config)
Hi All, Wondering if anyone else has issues with using an IP Forwarder in the manner described in this article (Specifically - Emulating stateless IP routing with BIG-IP LTM forwarding virtual servers): https://support.f5.com/kb/en-us/solutions/public/7000/500/sol7595.html. Here's the scenario.... VLAN attached behind the BIG-IP, which has the web servers on. MSSQL servers sat on a VLAN reachable through the BIG-IP. The connections all work, just if SQL traffic isn't routed through the BIG-IP, it works fine. Otherwise, behind the BIG-IP, there is severe delays. I'd suggest it be a good idea not to route this through the BIG-IP, but I wondered what the F5 communities' take on this would be. In short....Simple IP Forwarder (Stateless) for mssql traffic... Good or bad idea? Thanks, JD410Views1like4CommentsLTM Request Logging Profile: How can it log HTTP headers?
I've been looking at the "Request Logging" profile in LTM, wanting to use it to log details of each HTTP request that LTM sees. But in additional to logging standard things like timestamp, URI, etc, I want to log the value of various headers like "User-Agent" and "Referrer". This profile has pretty sparse documentation, but the very last line of this document seems to hint that logging headers is possible. Here is what the last line says with regard to what you can enter into the logging template: NULL Undelineated strings return the value of the respective header. The problem is, I don't know what the "NULL" reference means, or what "Undelineated strings" refers to. Can someone explain how to get this profile to log these headers? WHAT I AM LOOKING FOR IN AN ANSWER: I am not looking for iRule solutions that might do the same thing, so I respectfully request that you please don't post one as an answer. I know this can be done with an iRule, but to make this easy to maintain for those that come after me (who may not understand iRules), I am trying to find out if this request logging profile can do this in an out of the box way, and if so how. If you can confirm that this is definitely not possible to do with this profile, that would be a good answer. But please make sure it's confirmed for certain. If there is another out of the box way to do this that I'm missing, that would also be a good answer. But other modules like ASM, APM, etc, are not licensed or provisioned, so I can't use features specific to those modules. I only have LTM to work with.Solved1.6KViews0likes2CommentsSession Persistence based on http header value using iRule
Hello Kindly i need to apply Session Persistence based on http header : Payment application working as follow: At first request (Login) the server response with http header named "X-Token" with "fb9c2bb6-80f6-16c3-afcd-84e98976a4b7" The rest of http requests will have header name "X-Auth-Token" with the same value "fb9c2bb6-80f6-16c3-afcd-84e98976a4b7" assigned by the server I want to make sure that the client land on the same server that sent the "X-Token" I searched for iRule that match the http header, the following iRule will work or need to modify it? when HTTP_REQUEST { if { [HTTP::header exists "X-Auth-Token"]} { persist uie [HTTP::header "X-Auth-Token"] } } QSolved1.5KViews0likes5Comments