-
SNAT from Health Monitor
Hello First time posting here and new to A10..... hopefully I'm within guidelines :-) I'm currently trialing the 4.1.4 P10 software in our lab and can't get the real servers to come up. The reason is, the real servers are UAT servers in the prod network but the ADC is in our lab, where the IP's are not routable from prod.…
-
IPv6 Dual-stack
Hi team I'm wondering if some of you have an example for a dual-stack implementation (IPv4 and IPv6) for CGN, ADC or Both. For me this deployment seems to be simple, but the end customer wants to see a general topology/example made before with other clients, Thanks,
-
nslookup shown request timed-out
Hi Friends, I've been recently deployed GSLB setup in both DC & DR and dns delegation is working fine with the health checks. But when I try to trace the sites which I'm hosting it will show time-out waiting response. Any thoughts what cause this?
-
Troubleshooting high CPU issues
We are looking for tips on troubleshooting high CPU usage on a pair of 5440s. We reach 95% CPU (as indicated by "show cpu overall" in the shared partition). We do run quite a few AFLEX scripts, but even after simplifying them we're still running into 90%+ CPU regularly when doing around 95K requests/sec (HTTP +-55K,…
-
Multiple head in template
Hi All, its possible to use multiple header in the same template. ACOS-TH####(config)#slb template http add-HSTS ACOS-TH####(config-http)#response-header-insert "Strict-Transport-Security: max-age=31536000; includeSubDomains; preload" insert-if-not-exist
-
Problem with WinSCP Windows Client
Hi, I would like to know if this problem has happened to someone when entering the appliance with the WinSCP client, it throws the following message: Cannot initialize SFTP protocol. Is the host running an SFTP server? If someone knows how to correct the problem to access, thank you.
-
2.7.2-P17 server cert/key replace procedure
We have a problem of replacing server cert and key after upgrading ACOS version from 2.7.2-P8 to 2.7.2-P17. The symptom is as follows: key <new-key> ... (error) Key parsing failed cert <new-cert> ... (error) Key parsing failed I assume that 2.7.2-P17 verifies public/private keys and mismatch was found. But, I can't find…
-
API for 'show backup' command
I am looking for an API to find if last backup has been successful or not for A10 Load Balancer. It should be equivalent to "show backup" command.
-
[T&C] Thunder ADC with Thunder Kubernetes Connector (TKC) using CRDs
In an earlier article, we saw how you can use the Thunder Kubernetes Connector (TKC) to dynamically configure the Thunder ADC for load-balancing traffic to a Kubernetes cluster. In that article, we specified the SLB configuration using annotations in an Ingress resource. Starting from TKC v1.11, Thunder Kubernetes…
-
Why does A10 device send ARP attack?
Our switch received an ARP attack alarm from A10 device.And the SourceAttackIP 202.104.30.228 is deployed on our A10. What is the original cause of this? Aug 8 2022 19:09:34+08:00 GDSD-BDC-INT-CR01 %%01SECE/4/SPECIFY_SIP_ATTACK(l)[12]:The specified source IP address attack occurred. (Slot=MPU,…
-
Need help to config DNS static entry on GSLB.
From the ADC datasheet ACOS ADC support DNS RPZ (response policy zone). We have a10 thunder boxes acting as GSLB controller/device and would like to move few thousands static dns entries from the old dns server to A10. For now each static entry is a GSLB service-ip with health-check disable, attach to a site name PRIVATE…
-
F5 automap feature
Hi, I have one F5 with irule contain "automap snat", this functionality allows changing the IP when the destination is local to one of the F5 in order to prevent asymmetric routing. The automap options tells to BIG-IP to decide what source ip to use to reach the destination network. I rule like this when CLIENT_ACCEPTED {…
-
Changing the IP address of the management interface in the VCS.
Hello! There are 2 A1030S, VCS is enabled. You need to change the address of the management interface. How to do it correctly? Through the CLI? What is the sequence?
-
Balance HTTPS traffic(without decryption)
Hi all! The task is to balance HTTPS traffic to 2 servers (TLS1 + TLS2), without decryption. How to configure the virtual server correctly in this case? The TLS|SSL processing itself will continue on TLS1+TLS2, i.e. you only need to do balancing 1.slb virtual-server VIP_HTTPS 192.168.195.2 port 443 https source-nat pool…
-
"Address already used for an interface" when changing IP address VIP
Hello, I need to change the address of the virtual server, it gives such an error. Reboot does not help.
-
Service IP unknown
Hello, I would like you to guide me a little. I have configured a site with GSLB and regarding the Service IP, when the configuration is finished the IP shows it in unknown state in the GUI, but it does respond to the ping. What can be happening? Is it missing to add something in the GSLB configuration? Thank you
-
Configure 3 sites with HTTPS and Wildcard Certificate
Hello, I need your help. We are setting up 3 GSLB websites which are set up with a wildcard certificate. So far only 2 websites work and one does not work since it throws an unsafe site. Added Client SSL and Server SSL, but a pool that has a real server with HTTP port 8080 appears as a non-secure site. If I remove the SSL…
-
Thunder A1040s - load balancer
Does Thunder A1040s supports reverse proxy? thanks.
-
Reverse Proxy Incoming connection - distribute to different servers
Hi everyone, Is it possible to achieve this, as per my Title? A reverse proxy for an incoming connection and distribute or assign to different servers? The outgoing connection for the servers will be proxied before being forwarded to the internet. And it can be done using Python? Thanks in advance.
-
Upgrade 1030S - 2.7 to 4.1
Hello. I trying to update TH1030S running 2.7.1 to 4.1.1 but this error: "Please ensure enough space left in disk, a file system error was detected on the ACOS Web Server." PS: I tried via CLI/tftp and WEB. Any idea?
-
Inter partition Routing
Hello I am trying to do a Inter partition Routing, i did two lv3 partitions, one partition has 1 port with the network 10.0.0.0/24 and the other partition has other port with the network 11.0.0.0/24 but when i do a ping it says network unreachable ! partition P_IPSEC-1 id 5 application-type adc ! partition P_VXLAN-1 id 6…
-
Retrieve the highest number of requests
If I want to add one more rule which is to black list the highest number of DNS query when the total number of DNS queries exceed the threshold value (i.e. $totalcount). How can I retrieve the IP address which has the highest number of DNS query? set totalcount [table incr tmp_table [IP::client_addr]] if { $totalcount >…
-
What should be the format of class list for IPv4 and FQDNs
I've have been trying to create class lists for IPv4 and FQDNs by importing files hosted on a separate web server. What should be the format of the data in the files? I tried the following but keep getting the error "invalid format at line 1". Is the format below correct for FQDNs What should be the format for IPv4? str…
-
total connections
I want to see the total number of connections per VS server in a period of time in A10, how to view ?(for example, what is the total number of connections per IP in the past month)
-
Routing Traffic Via Inactive VRRP-A Machine
Hello everyone, since we're seeing weird timeouts to external services with any of the more recent versions greater than 5.2.1-p2, support suggested to set up some sort of debug environment for them to check. Is it possible to route traffic from physical servers via a virtual ethernet interface on the inactive machine…
-
Redirect 302 with aFlex
Hello, I need your help and knowledge on A10 with aFlex. I am trying to create a 302 redirect for a site that is published on the internet but when testing the redirect it does not execute it, this is my code so that you can guide me: when HTTP_REQUEST { if {[HTTP::host] == "https://recargaweb.imperial.com/" } {…
-
Block harmful traffic or attack via Websocket traffic
Hi Experts, We have a web server is running some services via Websocket traffic. Now we want to block harmful traffic, attacks like SQL Injection, XSS... like the WAF template works with HTTP traffic, but now is WebSocket traffic. Could you give me a detail aflex script or WAF template to do that. (One more point, we…
-
CGNAT + VRRP-A
Hi everyone, I have a new challenge and it is the following I have a CGNAT solution already implemented in datacenter #1 but they bought another appliance and they are going to put it in datacenter #2 which is several kilometers away. So I was assigned the task of configuring the VRRP-A solution between the two appliances…
-
Control CPU reaches 100 percent
Dear All, I m using A10 Thunder 1040. I observed that Control CPU is reaching 100 %. Please define What is control cpu? what is data cpu? How do I limit Control CPU for reaching 100 %. Would there be any impact on ADC functionality in case of 100% control CPU? Waiting for reply.
-
[T&C] Deploy NAT64 and DNS64 with Thunder CGN/CFW
In this article, we will see how you can deploy NAT64 with DNS64 using Thunder CGN/CFW to enable IPv6 clients to access IPv4 resources. Setup Here is an overview of the setup and the overall functionality (DNS64 and NAT64): Base configuration Here we have the following base configuration on the Thunder device: ip dns…