F5 Config Migration Check and Help Needed

I got a orphan F5 require migration where encounter intermittent on services, the weird part is we are unsure of the services method;

As from F5 we see the following which is unsure what it used for an require assistant to understand;
- Listerner 10.160.1.42 -> What the used of this Listerner?
- Default route used Router Pool -> How can we achieve this in A10?

- VS_Router any - Vlan Internal -> How can we achieve this in A10, using ACL?
- LB Router_Pool
- Persistent Source Addr

- vs_Wildcard - Vlan ex 1 / ex 2 -> How can we achieve this in A10, using ACL?
- mem Internal
- persisten source addr


We see the configuration on LTM Module as follow;

=====
Base 01
=====
mgmt 192.168.1.245 {
netmask 255.255.255.0
}
vlan internal {
tag 4094
failsafe enable
timeout 10
failsafe failover
interfaces 1.1
}
vlan external2 {
tag 4092
interfaces 1.3
}
vlan external1 {
tag 4093
interfaces 1.2
}
stp instance 0 {
vlan external1
vlan external2
vlan internal
interface 1.1 external path cost 20000 internal path cost 20000
interface 1.2 external path cost 20000 internal path cost 20000
interface 1.3 external path cost 20000 internal path cost 20000
}
self allow { default udp domain proto ospf tcp https udp efs tcp 4353 tcp snmp udp snmp tcp ssh tcp domain udp 4353 }
self 10.160.1.33 {
netmask 255.255.255.240
vlan internal
allow all
}
self 10.160.1.8 {
netmask 255.255.255.240
vlan external1
allow all
}
self 10.160.1.26 {
netmask 255.255.255.240
vlan external2
allow all
}

=====
Base 02
=====
self 10.160.1.9 {
netmask 255.255.255.240
unit 1
floating enable
vlan external1
allow all
}
self 10.160.1.42 {
netmask 255.255.255.240
unit 1
floating enable
vlan internal
allow all
}
self 10.160.1.25 {
netmask 255.255.255.240
unit 1
floating enable
vlan external2
allow all
}
route default inet {
pool Router_Pool
}
profile fastL4 fastL4 {
reset on timeout enable
reassemble fragments disable
idle timeout 3600
tcp handshake timeout 360
tcp close timeout 360
mss override 0
pva acceleration full
tcp timestamp preserve
tcp wscale preserve
tcp generate isn disable
tcp strip sack disable
ip tos to client pass
ip tos to server pass
link qos to client pass
link qos to server pass
rtt from client disable
rtt from server disable
loose initiation disable
loose close disable
}
node 10.160.1.2 {
monitor gateway_icmp
}
node 10.160.1.4 {
monitor gateway_icmp
}
node 10.160.1.5 {
monitor gateway_icmp
}
node 10.160.1.17 {
monitor gateway_icmp
}
node 10.160.1.37 {
monitor gateway_icmp
}
node 10.160.1.1 {
monitor gateway_icmp
}
node 10.160.1.18 {
down
session disable
monitor gateway_icmp
}
node 10.160.1.20 {
monitor gateway_icmp
}
node 10.160.1.21 {
down
session disable
monitor gateway_icmp
}
node 10.160.1.35 {
}
node 10.160.1.36 {
}
pool Internal {
monitor all gateway_icmp
member 10.160.1.37:any
}
pool Router_Pool {
monitor all gateway_icmp
member 10.160.1.1:any
member 10.160.1.2:any
member 10.160.1.3:any
member 10.160.1.4:any
member 10.160.1.5:any
member 10.160.1.17:any
member 10.160.1.20:any
}
virtual address 10.160.1.40 {
}
virtual address 1.1.1.1 {
}
virtual address 10.2.10.250 {
}
virtual address any {
}
virtual VS_Router {
destination any:any
persist source_addr
pool Router_Pool
vlans internal enable
}
virtual vs_10_160_1_42_53_gtm {
destination 10.160.1.42:domain
ip protocol udp
translate address disable
translate service disable
profile dns udp_gtm_dns
}
virtual vs_Wildcard {
destination any:any
persist source_addr
pool Internal
vlans external1 external2 enable
}
virtual vs_Wildcard_FTP {
destination any:ftp
ip protocol tcp
profile ftp tcp
persist source_addr
pool Internal
vlans external1 external2 enable
}

=====
A10
=====
vlan 4091
tagged ethernet 2
router-interface ve 4091
name "External 1"
!
vlan 4093
tagged ethernet 2
router-interface ve 4093
name "External 2"
!
vlan 4094
tagged ethernet 1
router-interface ve 4094
name "Internal"
!
access-list 101 permit ip any any log
!
interface ve 4091
ip address 10.160.1.10 255.255.255.240
!
interface ve 4093
ip address 10.160.1.24 255.255.255.240
!
interface ve 4094
ip address 10.160.1.34 255.255.255.240
!
slb server RS_10.160.1.1 10.160.1.1
health-check ping
port 0 tcp
no health-check
port 0 udp
no health-check
!
slb server RS_10.160.1.2 10.160.1.2
health-check ping
port 0 tcp
no health-check
port 0 udp
no health-check
!
slb server RS_10.160.1.4 10.160.1.4
health-check ping
port 0 tcp
no health-check
port 0 udp
no health-check
!
slb server RS_10.160.1.5 10.160.1.5
health-check ping
port 0 tcp
no health-check
port 0 udp
no health-check
!
slb server RS_10.160.1.17 10.160.1.17
health-check ping
port 0 tcp
no health-check
port 0 udp
no health-check
!
slb server RS_10.160.1.37 10.160.1.37
health-check ping
port 0 tcp
no health-check
port 0 udp
no health-check
!
slb server RS_10.160.1.18 10.160.1.18
disable
health-check ping
!
slb server RS_10.160.1.20 10.160.1.20
health-check ping
port 0 tcp
no health-check
port 0 udp
no health-check
!
slb server RS_10.160.1.21 10.160.1.21
disable
health-check ping
!
slb server RS_10.160.1.35 10.160.1.35
!
slb server RS_10.160.1.36 10.160.1.36
!
slb server RS_10.160.1.3 10.160.1.3
health-check ping
port 0 tcp
no health-check
port 0 udp
no health-check
!
slb service-group Internal tcp
health-check ping
member RS_10.160.1.37:0
!
slb service-group Router_Pool_tcp tcp
member RS_10.160.1.1:0
member RS_10.160.1.2:0
member RS_10.160.1.4:0
member RS_10.160.1.5:0
member RS_10.160.1.17:0
member RS_10.160.1.20:0
member RS_10.160.1.3:0
!
slb service-group Router_Pool_udp udp
member RS_10.160.1.1:0
member RS_10.160.1.2:0
member RS_10.160.1.3:0
member RS_10.160.1.4:0
member RS_10.160.1.5:0
member RS_10.160.1.17:0
member RS_10.160.1.20:0
!
!
slb template persist source-ip Source_Address
match-type server
incl-sport
incl-dst-ip
!
slb virtual-server VS_Router_VLAN_Internal 0.0.0.0 acl 101
port 0 tcp
service-group Router_Pool_tcp
use-rcv-hop-for-resp
no-dest-nat
template persist source-ip Source_Address
port 0 udp
service-group Router_Pool_udp
use-rcv-hop-for-resp
no-dest-nat
template persist source-ip Source_Address
port 0 others
service-group Router_Pool_tcp
use-rcv-hop-for-resp
no-dest-nat
template persist source-ip Source_Address
slb virtual-server VS_Wildcard_VLAN_E1E2 0.0.0.0 acl 102
port 0 tcp
service-group Internal
use-rcv-hop-for-resp
no-dest-nat
template persist source-ip Source_Address
port 0 udp
service-group Internal_udp
use-rcv-hop-for-resp
no-dest-nat
template persist source-ip Source_Address
port 0 others
service-group Internal
use-rcv-hop-for-resp
no-dest-nat
template persist source-ip Source_Address

Comments

  • dshindshin Member
    edited February 2014
    I am very sorry to hear that you are having problems with your F5. Just by reviewing the F5 configurations that you have posted, we can definitely cover every feature.

    I would recommend that you contact your regional SE to discuss the details and I strongly suggest that if you are a customer to attend our Thunder/AX ADC training. Or if you are not a customer we can also offer A10 professional services expertise to translate your F5 configurations to A10 configuration.
Sign In or Register to comment.