Best Of
Re: CGN + ADC
Hello - the CGN and ADC functions cannot run within the same partition. You will need to create a second partition to handle your ADC configuration. Aside from that, both functions can be performed on the same device.
Hope that clears it up!
mdunn
Re: TPS Escalation Levels
If a level has reached its threshold score, it will escalate up to the next level. if that level's threshold score has also been reached, it will immediately escalate up again. It will keep doing this until it either reaches a level where the score value has not yet been reached, or hits the last defined level for that zone. There are no "waits" between levels.
Now, de-escalation DOES have a waiting period once the all the mitigations defined for that level stop being hit. I think the default is something like five minutes, but i can't remember off the top of my head.
Re: A10 ADP (Application Delivery Partitions) access via SNMP or REST API.
Regarding aXAPI you need to use "active-partition" method to jump into determined partition:
A10Spain:etc jserrano$curl -k https://172.16.1.4/axapi/v3/active-partition/cust1 -H "Content-Type:application/json" -H "authorization: A10 aff2fb862f71d49c918f0b1e7b1db4" -d "{ }"
{
"response": {
"status": "OK"
}
}
A10Spain:etc jserrano$~$ curl -k https://172.16.1.4/axapi/v3/active-partition -H "Content-Type:application/json" -H "authoriation: A10 aff2fb862f71d49c918f0b1e7b1db4"
{
"active-partition": {
"partition-name": "cust1"
}
}
jserrano
Re: A10 ADP (Application Delivery Partitions) access via SNMP or REST API.
Hi,
Regarding SNMP you can access to partition specific OID´s by appending @<partition_name> to the community:
Shared:
vThunder-vMaster[1/1](config:1)#sh run snmp-server
!Section configuration: 357 bytes
!
snmp-server enable service
!
snmp-server SNMPv1-v2c user admin
community read encrypted xmlx6dh/gZc8EIy41dsA5zwQjLjV2wDnPBCMuNXbAOc8EIy41dsA5zwQjLjV2wDn
oid .
!
snmp-server SNMPv1-v2c user public
community read encrypted 37O48xvi8uY8EIy41dsA5zwQjLjV2wDnPBCMuNXbAOc8EIy41dsA5zwQjLjV2wDn
oid 1.
!
snmp-server view allOID 172.16.1.4 included
!
vThunder-vMaster[1/1](config:1)#sh run ip nat pool
!Section configuration: 64 bytes
!
ip nat pool pool.nav 172.16.109.11 172.16.109.11 netmask /24
!
Partition cust1
vThunder-vMaster[1/1][cust1](config:1)#sh run
!Current configuration: 78 bytes
!Configuration last updated at 16:43:46 IST Thu Apr 30 2020
!Configuration last saved at 16:22:52 IST Thu Apr 2 2020
!
active-partition cust1
!
!
!
ip nat pool testpool 4.5.6.7 4.5.6.7 netmask /30
!
slb server testsrv 5.5.6.7
!
end
You can consult object specific OID´s using this command under determined partition:
vThunder-vMaster[1/1][cust1](config:1)#sh snmp oid server testsrv
OID for axServerStatTable
testsrv
==========================================================================
axServerStatAddress:
1.3.6.1.4.1.22610.2.4.3.2.2.2.1.1.7.53.46.53.46.54.46.55
axServerStatName:
1.3.6.1.4.1.22610.2.4.3.2.2.2.1.2.7.53.46.53.46.54.46.55
axServerStatServerPktsIn:
1.3.6.1.4.1.22610.2.4.3.2.2.2.1.3.7.53.46.53.46.54.46.55
axServerStatServerBytesIn:
1.3.6.1.4.1.22610.2.4.3.2.2.2.1.4.7.53.46.53.46.54.46.55
axServerStatServerPktsOut:
1.3.6.1.4.1.22610.2.4.3.2.2.2.1.5.7.53.46.53.46.54.46.55
axServerStatServerBytesOut:
1.3.6.1.4.1.22610.2.4.3.2.2.2.1.6.7.53.46.53.46.54.46.55
axServerStatServerTotalConns:
1.3.6.1.4.1.22610.2.4.3.2.2.2.1.7.7.53.46.53.46.54.46.55
axServerStatServerCurConns:
1.3.6.1.4.1.22610.2.4.3.2.2.2.1.8.7.53.46.53.46.54.46.55
axServerStatServerPersistConns:
1.3.6.1.4.1.22610.2.4.3.2.2.2.1.9.7.53.46.53.46.54.46.55
axServerStatServerStatus:
1.3.6.1.4.1.22610.2.4.3.2.2.2.1.10.7.53.46.53.46.54.46.55
axServerStatServerTotalL7Reqs:
1.3.6.1.4.1.22610.2.4.3.2.2.2.1.11.7.53.46.53.46.54.46.55
axServerStatServerTotalCurrL7Reqs:
1.3.6.1.4.1.22610.2.4.3.2.2.2.1.12.7.53.46.53.46.54.46.55
axServerStatServerTotalSuccL7Reqs:
1.3.6.1.4.1.22610.2.4.3.2.2.2.1.13.7.53.46.53.46.54.46.55
axServerStatServerPeakConns:
1.3.6.1.4.1.22610.2.4.3.2.2.2.1.14.7.53.46.53.46.54.46.55
A10Spain:etc jserrano$ snmpwalk -v 2c -c a10@cust1 172.16.1.4 1.3.6.1.4.1.22610.2.4.3.18.100.1
SNMPv2-SMI::enterprises.22610.2.4.3.18.100.1.1.1.8.116.101.115.116.112.111.111.108 = STRING: "testpool"
SNMPv2-SMI::enterprises.22610.2.4.3.18.100.1.1.2.8.116.101.115.116.112.111.111.108 = STRING: "4.5.6.7"
SNMPv2-SMI::enterprises.22610.2.4.3.18.100.1.1.3.8.116.101.115.116.112.111.111.108 = STRING: "4.5.6.7"
SNMPv2-SMI::enterprises.22610.2.4.3.18.100.1.1.4.8.116.101.115.116.112.111.111.108 = INTEGER: 0
SNMPv2-SMI::enterprises.22610.2.4.3.18.100.1.1.5.8.116.101.115.116.112.111.111.108 = INTEGER: 0
SNMPv2-SMI::enterprises.22610.2.4.3.18.100.1.1.6.8.116.101.115.116.112.111.111.108 = INTEGER: 0
SNMPv2-SMI::enterprises.22610.2.4.3.18.100.1.1.7.8.116.101.115.116.112.111.111.108 = INTEGER: 0
A10Spain:etc jserrano$ snmpwalk -v 2c -c a10 172.16.1.4 1.3.6.1.4.1.22610.2.4.3.18.100.1
SNMPv2-SMI::enterprises.22610.2.4.3.18.100.1.1.1.8.112.111.111.108.46.110.97.118 = STRING: "pool.nav"
SNMPv2-SMI::enterprises.22610.2.4.3.18.100.1.1.1.16.34.99.117.115.116.49.34.58.116.101.115.116.112.111.111.108 = STRING: "\"cust1\":testpool"
SNMPv2-SMI::enterprises.22610.2.4.3.18.100.1.1.2.8.112.111.111.108.46.110.97.118 = STRING: "172.16.109.11"
SNMPv2-SMI::enterprises.22610.2.4.3.18.100.1.1.2.16.34.99.117.115.116.49.34.58.116.101.115.116.112.111.111.108 = STRING: "4.5.6.7"
SNMPv2-SMI::enterprises.22610.2.4.3.18.100.1.1.3.8.112.111.111.108.46.110.97.118 = STRING: "172.16.109.11"
SNMPv2-SMI::enterprises.22610.2.4.3.18.100.1.1.3.16.34.99.117.115.116.49.34.58.116.101.115.116.112.111.111.108 = STRING: "4.5.6.7"
SNMPv2-SMI::enterprises.22610.2.4.3.18.100.1.1.4.8.112.111.111.108.46.110.97.118 = INTEGER: 0
SNMPv2-SMI::enterprises.22610.2.4.3.18.100.1.1.4.16.34.99.117.115.116.49.34.58.116.101.115.116.112.111.111.108 = INTEGER: 0
SNMPv2-SMI::enterprises.22610.2.4.3.18.100.1.1.5.8.112.111.111.108.46.110.97.118 = INTEGER: 0
SNMPv2-SMI::enterprises.22610.2.4.3.18.100.1.1.5.16.34.99.117.115.116.49.34.58.116.101.115.116.112.111.111.108 = INTEGER: 0
SNMPv2-SMI::enterprises.22610.2.4.3.18.100.1.1.6.8.112.111.111.108.46.110.97.118 = INTEGER: 0
SNMPv2-SMI::enterprises.22610.2.4.3.18.100.1.1.6.16.34.99.117.115.116.49.34.58.116.101.115.116.112.111.111.108 = INTEGER: 0
SNMPv2-SMI::enterprises.22610.2.4.3.18.100.1.1.7.8.112.111.111.108.46.110.97.118 = INTEGER: 0
SNMPv2-SMI::enterprises.22610.2.4.3.18.100.1.1.7.16.34.99.117.115.116.49.34.58.116.101.115.116.112.111.111.108 = INTEGER: 0
A10Spain:etc jserrano$ snmpwalk -v 2c -c a10 172.16.1.4 1.3.6.1.4.1.22610.2.4.3.2.2.2.1.2.7.53.46.53.46.54.46.55
SNMPv2-SMI::enterprises.22610.2.4.3.2.2.2.1.2.7.53.46.53.46.54.46.55 = No Such Instance currently exists at this OID
A10Spain:etc jserrano$ snmpwalk -v 2c -c a10@cust1 172.16.1.4 1.3.6.1.4.1.22610.2.4.3.2.2.2.1.2.7.53.46.53.46.54.46.55
SNMPv2-SMI::enterprises.22610.2.4.3.2.2.2.1.2.7.53.46.53.46.54.46.55 = STRING: "testsrv"
jserrano
Re: What is the reason of "FAN 3A FAILED"?
Hi,
My customer's device (TH940 / 4.1.4-GR1-P1) has the same issue.
Apr 15 2019 01:55:56 Info [SYSTEM]:Fan 3A is OK. Current value is 5640
Apr 15 2019 01:43:58 Critical [SYSTEM]:Fan 3A failed. Current value is 22080.
TAC confirmed a HW RMA process at the time.
But, personally I cannot completely rule out the possibility of SW bug on monitoring the fans because I experienced the bug of monitoring the fans on 2.7.1-GR1 & TH930 for 3 years. That was a bug at the time and We are a problem on the same fan!.
I think it worth opening a case to investigate this.
Regards,
escgate
Re: an example of a DNS external health monitor
Hi,
Please try this:
File name: hmdns
#!/bin/sh
domain=$1
IP=$2
check=`dig $domain @$HM_SRV_IPADDR | grep "$IP" | awk ' { print $5} '`
echo "check is $check; IP is $IP"
if [ $IP = $check ]; then
exit 0
fi
exit 1
ADC config for health monitor
health monitor hmdns method external program checkdns arguments "aaa.bbb.ccc 1.1.1.1"
Send request (TYPE A) for FQDN aaa.bbb.ccc to DNS server and expect to see 1.1.1.1 is in the response
Re: Same mac-address for each vip on same partition
Hi ivdouden,
Yes, it should work like that way by default.
Here is the example:
I have 2 VIPs (.14 and .15) on the eth2/ ve56 (MAC: 000c.2953.20b9).
vThunderADC#sh run | incl slb vir slb virtual-server Web14 10.0.56.14 slb virtual-server Web15 10.0.56.15
vThunderADC#sh int br Port Link Dupl Speed Trunk Vlan MAC IP Address IPs Name ------------------------------------------------------------------------------------ mgmt Up Full 1000 N/A N/A 000c.2953.20af 172.20.15.101/16 1 1 Up Full 10000 none 56 000c.2953.20b9 0.0.0.0/0 0 2 Up Full 10000 none 1 000c.2953.20c3 10.0.255.101/24 1 ve56 Up N/A N/A N/A 56 000c.2953.20b9 10.0.56.101/24 1
On my upstream router, i see both VIP with the same MAC address:
GW>sh arp Address Age (min) Hardware Addr Interface 10.0.56.14 N/A 000c.2953.20b9 Vlan10, Ethernet46 10.0.56.15 N/A 000c.2953.20b9 Vlan10, Ethernet46 10.0.56.101 N/A 000c.2953.20b9 Vlan10, Ethernet46
Hope it helps.
Re: axAPIv3 TPS DDoS Dst Entry tutorial?
You may want to try "show json-config" command on the CLI to confirm the JSON format.
A10-TPS.113#sh json-config?
json-config Displays config in json format
json-config-detail Displays config in json format with details
json-config-with-default Displays config in json format with default values
The "show json-config ddos dst entry TEST_1.2.3.4" will give you the confg in JSON format like you see in scheme file .
Hope this helps.