-
Weird behaviour of AX2500
I'm observing a weird behaviour on a pair of AX2500 running 2.6.1-P4: When I do a HEAD request for say http://$VIRTIP/foo.html?$UNIQID the balancer gets the content from one of the real servers and replies as expected. This works always without failures. Now when a request for the same file is being done by one of Akamai's…
-
AX Boxes Sending Email
Dears, Is there a way at which we can make the AX device sending email notifications upon failure of servers in the service group or upon negative health monitor results of the servers (server being marked down) ?? In case there is a way to do it, please share the idea and how to do it. Many thanks
-
IP Based Authentication with pbslb
When you want to allow certain IPs to specific content. The PBSLB List: ! BWList10.0.0.1/32 110.10.10.10/32 1172.16.0.0/16 1 The aFleX: when HTTP_REQUEST { if { ([HTTP::uri] starts_with "/certain_url") } { switch [POLICY::bwlist id[IP::remote_addr] BWList] { "1" { pool sg-http } default { log "Rejected ip address"…
-
dnsbl rule
Does anyone know if it is possible to apply an aflex rule to MX VIP and query a dns server and look for a specific response prior to allowing the traffic? F5 has a function that does this in irules. Bill
-
AX Box Sending Email
Dears, Is there a way at which we can make the AX device sending email notifications upon failure of servers in the service group or upon negative health monitor results of the servers (server being marked down) ?? Is it doable by aFLEX, or there is another way of doing it? Can we applt aFLEX to L4 virtual ports? In case…
-
Remove Accept-Encoding header
When you are not using compression in an HTTP template but you still want to get rid of the Accept-Encoding header. Or any other header. ;) when HTTP_REQUEST { if { [HTTP::header exists "Accept-Encoding"] } { HTTP::header remove "Accept-Encoding" }} Little more fancy: when RULE_INIT { set ::REMOVEHEADER…
-
Host based redirects with class-lists
In URI based redirect with class-lists I referred to new features in 2.7.0. The same can be done with Hostnames. The class-list: class-list cl-redirects string str a10networks.com https://a10networks.com str w3.a10networks.com https://a10networks.com str w3.customer1.tld http://shared.sample.tld/customer1 str…
-
URI based redirect with class-lists
With the release of 2.7.0 it's possible to reference class-lists in aFleX and it's possible to store strings in a class-list. This combination simplifies the required aFleX needed as the lists of redirects is kept in the class-list. The class-list: class-list cl-redirects string str /exchange…
-
Form Authentication with aFleX
Quick and dirty way of form based authenticating users for specific URLs on a VIP. ### START ###when RULE_INIT { # List of users (with passwords) that are allowed to authenticate array set ::DOTPASSWD { "randomuser1" "thiswillbeacleartextpassword" "randomuser2" "thiswillbeacleartextpassword" } set ::FORM_CONTENT…
-
Basic Authentication with aFleX
Quick and dirty way of authenticating users for specific URLs on a VIP. ### START ### when RULE_INIT { # Set the REALM set ::REALM "Password Required" # List of URLs you need to authenticate for array set ::LISTURL { "/exchange" "1" "/exchange/" "1" "/sharepoint" "1" "/sharepoint/" "1" } # List of users (with passwords)…
-
SMTP STARTTLS offload
I set up SMTP STARTTLS offload when I started loadbalancing Exchange 2010 a couple of years ago, and I could swear it worked when I tested it then. Recently we've gotten reports that it doesn't work, and testing with 'openssl s_client -connect webmail:587 -starttls smtp' shows the certificate chain and seems to get through…
-
(LSN)Increase Number LSN pool addresses over 10000 (Outsite address)
Hi Brothers I have a question relating to "Maximum numbers of LSN Pool IP Addresses" By default, the AX models that support LSN can support up to the following maximum numbers of LSN pool addresses (outside addresses) per system: • AX 5200 – 10,000 outside IPs, Can we change Maximum numbers of LSN pool addresses (outside…
-
SMPP Proto TCP interuption
Hi, Using Aflex script how to interrupt SMPP Proto TCP. Regards, Kiran
-
Unequal Load on Cache Servers
Dears, We have the followings being deployed: 1- Round Robin LB Algorithm to Balance the Load Among Cache Flow Servers. 2- Destination IP Persistence Option Enabled at the Virtual Server Port. 3- No HTTP Template Options are Enabled ! The problem is that the load and traffic at the cache servers is not spread equally, any…
-
Upgrade from 2.4.x to 2.6.x how-to?
Looking at the release notes etc everything looks fine and dandy - But the more advanced paths are not that well documented IMHO. So. Does anyone have experience with transitioning from HA to VRRP-A. How did that go? What to REALLY not forget? And also in the same fashion. Have an running system -> migrating it into an…
-
HA-mode
Hi, Trying to set up two Ax 1030 in HA-mode (Active/standby) Config on AX1: -Standby#show running-config ha ha id 1 set-id 1 ha group 1 priority 100 ha interface ethernet 1 ha preemption-enable ha conn-mirror ip 172.16.1.152 ! 1-Standby#show running-config interfaces ethernet 1 interface ethernet 1 ip address 172.16.1.151…
-
automating config backup with Rancid
Has anyone configured Rancid with A10? I wasn't able to use clogin to logon since my A10 is not set with enable password and clogin did not like it -- kept on asking for password. Any idea on this? Thank you
-
aFlex and server-for-server backups
Posted by kberton I have 3 primary app servers and 3 backup servers in a SLB Service Group. Let's call them A1/B1/C1 and A2/B2/C2. In normal operations, all traffic will be LB'd to A1/B1/C1 and A2/B2/C2 are backup servers that will only receive live traffic when there is a failure on any of the 3 primary servers. Service…
-
IP Source NAT
Hello, I have two AX2500 (active/active). Servers (172.10.10.0/24) need to access other servers (192.168.1.0/24) and Internet, using NAT... The "IP Source NAT" works only for icmp. Why? vlan 1 --- AX --- vlan 2 --- Internet vlan 1: 172.10.10.0/24 (Servers) vlan 2: 192.168.1.0/24 (VIP) access-list 110 permit ip 172.10.10.0…
-
Role privilage required to export axdebug file
Platform is AX1030 with version 2.6.1-GR1-P3(build: 29) I'm trying to create a role that read-only but has the ability to create and then export axdebug capture files. I have a role that can create them (basically ReadOnlyAdmin), but when I go to export the file I get "Insufficient privilege". I have not been able to find…
-
Wordpress SSL Issue
Good morning! I had a question regarding an issue our web developer team was having at our university. Apparently, they are having trouble with SSL when they require users to connect to their Wordpress Server. Their server is behind our load-balancer doing SSL offloading, and as such they've now requested that our AX-3030…
-
aXAPI upload a certificate, key via slb.ssl.upload
Hello, I had to upload about 50 certificates and keys into a box running version 2.6.1-P4. I read the AX_aXAPI_Ref_v2_6_1-P3-20111130.pdf document and found in chapter 6.31.4 “slb.ssl.upload” Method. There are these three parameter session_id, method and type. I am missing the information which file will be uploaded. What…
-
Get the VRRP-A Status via SNMP or aXAPI
Hello, I would like to get the vrrp-a status from some ax devices running2.6.1-GR1-P2 . So I am able to login to the active vrrp-a unit without trying to connect to both to get the active one. Is there a way to monitor the vrrp-a status ( active / standby ) via snmp or aXAPI? I did not find a snmp OID or the REST Api path…
-
append to URI
I'd like to add ?A10 to a specific URI. The intent may appear below but of course I am posting here as it clearly does not do what I want :) When I get a request how do I change the request (uri) before sending to the server side? It is Sunday and I have been on an 11 hour conf call and my brain will not function - I hope…
-
aXAPI: slb.template.client_ssl.create
Hey all, I was wondering if someone could lend a hand in regards to how to properly put together a request using python over aXAPI using the slb.template.client_ssl.create method. I was trying to setup the parameters but I'm getting confused using the Url-encode options and how to properly set the array, I was doing the…
-
Draining for Maintenance
Any suggestions on the best way to drain all connections from a server so that you can perform maintenance? In a non emergency situation I'd like to let active connections continue to a server but not to allow new connections. In time that would mean that the server would no longer have any connections and the end users…
-
Health monitor Source IP addresses
Posted by jmaddox What IP is used as the source for health monitors? Are there instances where SNAT addresses are used? Examples: 1. interface or ve address but no snat involved, servers on same subnet as interface or ve address 2. same as #1 but servers a layer 3 hop away 3. Items #1 and #2, but with SNAT addresses…
-
ip nat range-list limitations in L3 partition
Hi, I have a deployment that requires the feature of range list in SLB to statically mapping of subnets. here's the scenario: I created two partitions in AX, and configure a range list in 1st parition "ip nat range-list 10.10.10.0 /24 192.168.0.0 /24 count 254. I also want to configure the same 10.10.10.0 /24 and map to…
-
axdebug shows 'Rerouting failure for forward traffic match"
While troubleshooting a new implementation with axdebug captures, I see dozens of messages pairs like this: @279485663 i( 3, 101, b4795)> ip 10.95.100.44 > 10.42.101.225 tcp 6310 > 443 PA 9b8c5dba:ee9455c7(37) @279485663 i( 3, 101, b4795)> Rerouting failure for forward traffic match And the page is 'waiting to load'. What…
-
.NET Library or XML Schema?
I remember seeing at one point in time a .NET library that was either available or being tested that would allow you to access the aXAPI interface using powershell or via compiled .NET application. I can't seem to find any reference to it on the site. If it was an idea at one point in time and scraped, is there are least…