-
HTTP line too long (len is 31415)
Hi ! Since few days i see in the system log the line: "HTTP line too long (len is 31415)" Its is class of an attack? I can't to determine what IP try to use Long HTTP. How i can troubleshoot this issue? Thanks !!
-
Is there any workround to: VE number in partition can not be greater than 32
We have a: Model = A10 THUNDER TH5430-110 Número de série = TH54453015380057 64-bit Advanced Core OS (ACOS) version 2.7.2-P7-SP3, build 3 Dec-21-2015, 13:08 When We tried the follwing configuration: vlan 1/127 tagged ethernet 1 to 2 router-interface ve 127 We received the follwing message: "VE number in partition can not…
-
[T&C] Example of using SNI with aFleX
In an SSL/TLS handshake, the name of the server being accessed is sent using the SNI extension in the Client Hello message. For example, suppose you access the site https://intranet.a10tests.com, it will show up in the SNI extension as follows: Starting from ACOS 5.1.0, this SNI field can be captured using the aFleX…
-
[T&C] Using DNS over HTTPS (DoH) while preserving Client IP
Thunder CFW enables you to provide DNS over HTTPS (DoH) service to end-users without having to upgrade the DNS infrastructure itself. Here is a sample setup: The client browser (in this case Firefox browser) is configured with a custom DoH URI, which resolves to a VIP on the Thunder CFW: The Thunder CFW configuration is as…
-
[T&C] DNS over HTTPS (DoH) and DNS services on the same VIP
DNS over HTTPS (DoH) is a protocol for securing DNS communication by sending DNS queries and getting DNS responses over HTTPS. In DoH, each DNS query-response pair is mapped into an HTTP exchange. For details, refer to RFC 8484 (https://tools.ietf.org/html/rfc8484). Thunder CFW enables you to provide DoH service to…
-
How to deploy Thunder Container ?
This article provides you the steps on how to deploy A10 Thunder in the cloud native environment. What is Thunder Container ? Thunder Container is a containerized ACOS image that is deployed by using Docker on a host operating system. It can be configured to operate as an Application Delivery Controller (ADC), Convergent…
-
Ansible Playbook Examples for ADC Features
This article provides some Ansible playbook examples for application acceleration and optimization features for Thunder ADC shown below. Each playbook uses the respective acos_axapi module for that feature. A10 acos_axapi module set consists of more than 1,600 modules. Module set can be downloaded from GitHub Repository:…
-
How to automate basic Thunder ADC config using Ansible ?
Ansible is an open-source software tool facilitating configuration management, application deployment, IT, and infrastructure automation. The playbook used in this article provides the steps on how to configure basic Layer 4 VIP (virtual server) on Thunder ADC using Ansible. The playbook contains four “tasks” and uses…
-
Automated Service Discovery using HashiCorp Consul
This article describes how to use the Thunder ADC integration with HashiCorp Consul for automated application delivery. Thunder ADC directly polls associated services catalog from Consul periodically while serving user traffic for load balancing and application security. When service status changes are detected on the…
-
A10 throughput limit enforcement behavior
I'm considering switching to A10 from F5. I have a question on A10 throughput limit enforcement. Does the licensed throughput limit only apply only to load balanced traffic? Or does this also include passthrough traffic that's only being layer 3 forwarded through the appliance?
-
Help to factory reset my AX1000-11
Hi, I bought a used AX1000-11 and the previous owner of the equipment doesn't remember the login for accessing the device. Is there any way that I can restore it to default, like a reset button? I didn't find any information about that anywhere and the support can't help because the serial expired. Thanks!
-
CGN + ADC
Hi, We have a 1040S that we use primarily for CG Nat. We also have 3 HTTP video servers that have high demand on our network, and are currently statically load balanced. Can I load balance them using SLB with my Thunder, while maintaining CGNAT funcionality? Many thanks!
-
Active Directory ADC
Hi, Does A10 ADC support for active directory load balancing via layer 7 protocol? Is there any use-case for active directory slb from A10 networks guide? Appreciate it in advance. Regards, Shawn
-
error after upgrade ADC to ACOS 5.2.0
After of upgrade from 4.1.1P13 to 5.2.0 firmware version, i have the follow errors and the device seems to reload ( conmute to slave node ), with previous version don't have issues Oct 06 2020 16:10:11 Error [Fail Safe]:Failed in thread LWP 12227 Oct 06 2020 16:10:11 Error [Fail Safe]:Failed in thread LWP 12609 Oct 06 2020…
-
Disable RC4 in A10
How can we disable rc4 in A10? There is no option of RC4 in cipher template. Can I do something like this? DEFAULT:!RC4:!SSLv3:!SSLv2:!TLSv1 If yes, where to add this? Thanks in advance!
-
ADC health monitor and SSL cipher
Trying to config health monitor to use tls1.1/tls 1.2 level ssl ciphers. I've tried something like DEFAULT:!SSLv3:!SSLv2:!TLSv1, or even just TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256:TLS1_ECDHE_RSA_AES_128_GCM_SHA256 in the cli for ssl-cipher. I'm debugging this with openssl s_server(so that health-monitor talks to this debug…
-
Difference in UDP-Other and ANY-UDP for TPS Services
Hi team Can you, please tell me to understand the main difference between the services Protocol: UDP; Port/Protocol Num: Other and Any-UDP (the same for TCP) in TPS Solution? In the below image from the Galaxy I can choose the two options, but I'm not sure what is the main difference: Thanks
-
IPv6 tools
I am facing an client how wants view how TPS works against DDoS attacks. I know tools to emulate attacks for IPv4, but I do not know tools to emulate the same for IPv6. Where can I find a guidelines to make the tests? Regards,
-
How to clear RAM cache on A10 via AXAPI?
I don't see a way to do this, I only know of the SSH way. How to clear cache during our DevOps auto-deploys using AXAPI? We have V3 AXAPI on our A10.
-
How to do a graceful shutdown on a per virtual server basis?
I only see graceful shutdown settings at ADC -- SLB -- Global Where is the settings to do this at a virtual server level? On some of our websites we need graceful shutdowns to let the sessions flush out, but on others we do not. I don't see a way to accomplish that on the A10.
-
SNAT-ON-VIP
Can someone explain to me what SNAT-ON-VIP is and what it does. I can't find a great deal of information about it. Many thanks
-
Advance Traffic Replication on SLB
Hi, currently my setup is round robin (active/standby) with mirror traffic replication. I tried to duplicate port udp 9000 and supposedly both server receive the packet but only active server will reply. But right now the problem is the other server doesn't receive any duplicate packet udp port 9000. Can someone help thanks
-
TPS Escalation Levels
Hi team I have some doubts related to TPS escalation levels: if I have configured 5 levels (0-4 )of mitigation. Is it possible to escale immediatly from level 0 to level 4 when a ddos attack is detected instead of pass for each level, even if each zone has its own set of mitigation techniques and policies? And there is a…
-
Preserve Port on HTTP Redirect
Hi Everyone: We have an interesting issue we're trying to tackle. We have a Virtual Server with multiple virtual ports (http:80, https:443, https:4444, https:4445, etc). We currently have a working redirect script (similar to a lot of posts on here) for 80 to 443 and it is working fine for several of our virtual servers:…
-
3030S lost admin password
I have two A10 Thunder 3030s systems. I do not have the admin password to access the systems. I have followed the documented process by logging into the reset account and entering the unit serial number. This appears tp be resetting the system to defaults. However, when I reboot the system and try and login to the admin…
-
Add Licensing when replacing an intermediate cert?
DigiCert revoked the intermediate cert that was being used on our Thunder 930 load balancer. I created a new csr on our unit and requested that DigiCert re-issue the cert with the new intermediate cert. I uploaded both the new intermediate cert and the new re-issued cert. When I went to switch over to the new certs on the…
-
can`t configure the interface at transparent mode
Hi Guys I have ADC thunder 3030S I try to configure ADC at transparent mode, but each time i try to put ip address and gateway for the interface i can`t create it and find this 2 error messages 1- Object specified does not exist (object: 10.10.20.1 ( ip of gateway)) 2- Can not perform operation. Please remove all L3…
-
DS-Lite, CGNAT and Gaming Consoles
We do still have customers that cannot use their consoles. Primarily playstations but also others like x-boxes, with an DS-Lite / CGNAT connection that we provide as ISP. SInce we do not know a better soltution we migrate them back to dual-stack. Anyone here who knows these issues and maybe even a solution. We do use…
-
CORS and other errors appearing with caching module enabled...
Hello, We are currently using A10 Thunder for load balancing, but we also have the caching module enabled for our in-house web applications. Fairly recently, we began creating Angular (8) applications that call .NET CORE 3.x APIs. We develop these locally and things work fine, but when we ported them to our development…
-
A10 ADP (Application Delivery Partitions) access via SNMP or REST API.
Hello, I'm trying to understand how can access data specific to particular partition via SNMP or REST API. Imagine that I have partition "MyPartition1" with SLB configured on it (servers, server groups, virtual servers). How can get the SLB details from this partition ? From what I understand community string need to be…