-
traceroute error
I login to AX1000 console. And then, I traceroute 8.8.8.8 But, reply to me : AX1000-11#traceroute 8.8.8.8 traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 40 byte packets 1 google-public-dns-a.google.com (8.8.8.8) 6.098 ms 6.022 ms 6.012 ms 2 google-public-dns-a.google.com (8.8.8.8) 2.015 ms 1.959 ms 1.950 ms 3…
-
Passing Multicast Traffic
Does anyone have any experience passing multicast traffic through an A10? I need to establish PIM neighbor relationships and subsequently pass native multicast traffic through the device. Any help would be appreciated. My SE told me the devices don't participate, but that it's possible to pass the traffic through. He's…
-
Routing in one-arm mode?
Hi folks. I have a couple of AX3200s in HA active-passive mode, with several partitions. In one partition "test" I want it to have a connection to two different VLANs - EG. VLAN1 10.0.1.0 and VLAN2 10.0.2.0. I added a default route for 0.0.0.0/0.0.0.0 to VLAN1 gateway 10.0.1.1. Should I add other specific routes for both…
-
Clearing sessions
Does anybody know how to clear sessions for a specific port on a server with in a service group?
-
CPU Monitoring with Collectd
Here is my collectd cfg to get cpu data of an ax. You can use it to graph it with graphite. my_types.db: a10_cpu lambda:GAUGE:0:100 a10-snmp.conf: # A10 CPU SNMP Checks # Type "cpu" Table false Instance "mgmt" Values "iso.3.6.1.4.1.22610.2.4.1.3.6.1.3.0.5" Type "cpu" Table false Instance "data_1" Values…
-
Bash Hacking – F5 Nodes to A10
Here is my little script which is used to migrate a few hundred server from our f5 bigip's to a10. It's really simple and not very smart but it works for us. It doesn't care about the health check and just uses ping and it can't handle multiple ports... It also assumes that every server has a reverse lookup. If you don't…
-
Observium Module
One of our customers was kind enough to create an Observium module. You can find it at: http://jira.observium.org/browse/OBSERVIUM-452
-
One Arm deployment problem aith Windos server 2010
I'm facing a problem when i use Nate IP with one arm mode so all clients reach to the servers with the same ip so the team who is responsible on these servers can not make any trace or trouble shoot for his clients as all of them reach to the server with the same nate ip So, who i can solve this problem without change the…
-
Is there a way to log snat transations
We just moved our LDAP service to our new A10 load balancers. Our PROD partition (which is where our LDAP virtual server is on) is running in one arm mode utilizing a snat pool. Every thing is working fine but our LDAP administrator is asking if there is a way to save a log file of the snat translations for the LDAP…
-
External monitor script
Hi, I would like to create a external monitor health check that use SSH to login a linux server ,and send the command : “df -a” The answer expect contain the keyword “video” linux server ip:10.10.1.81 linux username:root linux password:whnm2013 How can I do this in script? Tks Best regards, Bon
-
Active/Standby with OSPF
Dear All, I would like to make two AX500's to work in Active/Standby mode with OSPF, where the default route is announced only by the active A10 in the pair. Is that possible? Please find the attached example topology. Thank you in advance. Best Regards, Nik
-
Transform Url to proxy squid
Hello all, I would like to implement the following configuration : Client --->SoftAX VIP--->Proxy (Squid)--->Original content server PS : Client browser CANNOT be configured with SoftAx VIP (pointing to the proxy). So, when the users request access to www.mycompany.com, the local DNS server resolves it to the SoftAX VIP.…
-
Squid Proxy Heath Check
Hello, I'm currently evaluating A10 (so I'm a newbie !) and I have question about Health Check. I configured two Squid Servers for Load Balancing. The health check is done using a TCP session (to port 8080) and sending the command 'GET http://www.google.com\r\n". It works fine but I would like also check the Response HTTP…
-
aVCS doesn't sync to other unit
Hello, I have been struggling with aVCS with VRRP for a few hours this morning and am stuck. It appears that no matter what I do I can't get the configuration to sync to the other "blade". I should note, that I first had these systems fully configured in the traditional HA mode, but only moved to the aVCS configuration…
-
How many maximum vCPUs does softAX support ?
Hello, Can I improve SoftAX performance , especially SSL performance , by adding vCPUs ? If so , how many maximum vCPUs does softAX support ? I am looking for ways to improve SSL performance when using softAX. I am not sure if softAX supports multi vCPUs. Best Regards, Shigehiro
-
A10 support for websockets?
Hey All, Does anyone know if the A10 supports websockets and what specific config changes need to be in place for this to function properly? I was trying to pass the port through TCP (2) with no success.
-
Unknown unicast
I keep getting burst of log messages "The total unknown unicast packets xxxxx per second has exceeded the configured all VLAN limit of 5000" in my AX logs." The number xxxxxx ranges anywhere from 10000 to 40000. I have about 15 web sites behind my A10. Is this normal? This only started a couple months ago.
-
DNS Delegation for GSLB
... long time listener, 1st time caller. Howdy folks! I've got 2 sites (NY and PA) with an AX cluster at each site in it's "internet" DMZ. The sites are interconnected on the LAN and I've also got a Juniper SSL VPN cluster split "behind" the A10 at each site (synchronizing over the LAN). Currently, we are only using the…
-
Weird behaviour of AX2500
I'm observing a weird behaviour on a pair of AX2500 running 2.6.1-P4: When I do a HEAD request for say http://$VIRTIP/foo.html?$UNIQID the balancer gets the content from one of the real servers and replies as expected. This works always without failures. Now when a request for the same file is being done by one of Akamai's…
-
SMTP STARTTLS offload
I set up SMTP STARTTLS offload when I started loadbalancing Exchange 2010 a couple of years ago, and I could swear it worked when I tested it then. Recently we've gotten reports that it doesn't work, and testing with 'openssl s_client -connect webmail:587 -starttls smtp' shows the certificate chain and seems to get through…
-
Unequal Load on Cache Servers
Dears, We have the followings being deployed: 1- Round Robin LB Algorithm to Balance the Load Among Cache Flow Servers. 2- Destination IP Persistence Option Enabled at the Virtual Server Port. 3- No HTTP Template Options are Enabled ! The problem is that the load and traffic at the cache servers is not spread equally, any…
-
Upgrade from 2.4.x to 2.6.x how-to?
Looking at the release notes etc everything looks fine and dandy - But the more advanced paths are not that well documented IMHO. So. Does anyone have experience with transitioning from HA to VRRP-A. How did that go? What to REALLY not forget? And also in the same fashion. Have an running system -> migrating it into an…
-
HA-mode
Hi, Trying to set up two Ax 1030 in HA-mode (Active/standby) Config on AX1: -Standby#show running-config ha ha id 1 set-id 1 ha group 1 priority 100 ha interface ethernet 1 ha preemption-enable ha conn-mirror ip 172.16.1.152 ! 1-Standby#show running-config interfaces ethernet 1 interface ethernet 1 ip address 172.16.1.151…
-
automating config backup with Rancid
Has anyone configured Rancid with A10? I wasn't able to use clogin to logon since my A10 is not set with enable password and clogin did not like it -- kept on asking for password. Any idea on this? Thank you
-
IP Source NAT
Hello, I have two AX2500 (active/active). Servers (172.10.10.0/24) need to access other servers (192.168.1.0/24) and Internet, using NAT... The "IP Source NAT" works only for icmp. Why? vlan 1 --- AX --- vlan 2 --- Internet vlan 1: 172.10.10.0/24 (Servers) vlan 2: 192.168.1.0/24 (VIP) access-list 110 permit ip 172.10.10.0…
-
Role privilage required to export axdebug file
Platform is AX1030 with version 2.6.1-GR1-P3(build: 29) I'm trying to create a role that read-only but has the ability to create and then export axdebug capture files. I have a role that can create them (basically ReadOnlyAdmin), but when I go to export the file I get "Insufficient privilege". I have not been able to find…
-
Get the VRRP-A Status via SNMP or aXAPI
Hello, I would like to get the vrrp-a status from some ax devices running2.6.1-GR1-P2 . So I am able to login to the active vrrp-a unit without trying to connect to both to get the active one. Is there a way to monitor the vrrp-a status ( active / standby ) via snmp or aXAPI? I did not find a snmp OID or the REST Api path…
-
Draining for Maintenance
Any suggestions on the best way to drain all connections from a server so that you can perform maintenance? In a non emergency situation I'd like to let active connections continue to a server but not to allow new connections. In time that would mean that the server would no longer have any connections and the end users…
-
Health monitor Source IP addresses
Posted by jmaddox What IP is used as the source for health monitors? Are there instances where SNAT addresses are used? Examples: 1. interface or ve address but no snat involved, servers on same subnet as interface or ve address 2. same as #1 but servers a layer 3 hop away 3. Items #1 and #2, but with SNAT addresses…
-
ip nat range-list limitations in L3 partition
Hi, I have a deployment that requires the feature of range list in SLB to statically mapping of subnets. here's the scenario: I created two partitions in AX, and configure a range list in 1st parition "ip nat range-list 10.10.10.0 /24 192.168.0.0 /24 count 254. I also want to configure the same 10.10.10.0 /24 and map to…