-
Interfacing SoftAx to ESX 5.1 standard vswitch
Hi all, We have two SoftAX's used as Lab devices. I can communicate with them via the management interfaces, however, no communication via the Ethernet interfaces. These need to be trunks to pass the various vlans from the VM's. The server guys are unsure how to do this as they are telling me that apply one vlan to each…
-
One Arm deployment problem aith Windos server 2010
I'm facing a problem when i use Nate IP with one arm mode so all clients reach to the servers with the same ip so the team who is responsible on these servers can not make any trace or trouble shoot for his clients as all of them reach to the server with the same nate ip So, who i can solve this problem without change the…
-
T3 protocol
i have a problem the web logic application using the T3 protocol to communicate to the BRM database , on the Weblogic im pointing the VIP of BRM im using TCP protocol but they can't communicate, do you have aflex or recommendation of this matter
-
Drop or Reject the HTTP TRACE method
Recent Customer asked for a way to drop or reject the HTTP TRACE method for PCI compliance. Thanks to JonD here is a quick aFleX to do that. when HTTP_REQUEST { if { [HTTP::method] eq "TRACE"} { reject } }
-
Is there a way to log snat transations
We just moved our LDAP service to our new A10 load balancers. Our PROD partition (which is where our LDAP virtual server is on) is running in one arm mode utilizing a snat pool. Every thing is working fine but our LDAP administrator is asking if there is a way to save a log file of the snat translations for the LDAP…
-
Search and replace
I need a way to see if a uri contains || and then replace all places it does with !!. Example: http://foo.bar.com/u?e=83||l||0||email@gmail.com||http://foo.bar.com needs to redirect to http://foo.bar.com/u?e=83!!l!!0!!email@gmail.com!!http://foo.bar.com.
-
External monitor script
Hi, I would like to create a external monitor health check that use SSH to login a linux server ,and send the command : “df -a” The answer expect contain the keyword “video” linux server ip:10.10.1.81 linux username:root linux password:whnm2013 How can I do this in script? Tks Best regards, Bon
-
Load Balance Syslog Server
Has anyone used the A10 Ax devices to load balance syslog servers? I have a request to do so, and was wondering if anyone could share their experiences. Will be using a pair of AX3200-12's (prod) and a pair of AX1030s (staging). Thanks Antony
-
Active/Standby with OSPF
Dear All, I would like to make two AX500's to work in Active/Standby mode with OSPF, where the default route is announced only by the active A10 in the pair. Is that possible? Please find the attached example topology. Thank you in advance. Best Regards, Nik
-
The website only load a blank page when use L7 "HTTP" SLB
Hi Team, I've just upgrade 3200-12 to ACOS2.7.1, One of web services (HTTP) could not be operated with old configuration: ..... slb virtual-server app_edocment_vserver 10.34.2.160 port 80 http ..... (The website only load a blank page). The website will load correctly when we change config "port 80 http" --> "port 80…
-
WAF and AAM module available
Hello, I would like to known if SoftAX release of ACOS 2.7.1 P1 with the WAF and AAM features is already available. Regards, HA
-
Transform Url to proxy squid
Hello all, I would like to implement the following configuration : Client --->SoftAX VIP--->Proxy (Squid)--->Original content server PS : Client browser CANNOT be configured with SoftAx VIP (pointing to the proxy). So, when the users request access to www.mycompany.com, the local DNS server resolves it to the SoftAX VIP.…
-
transparent caching specific content per server
hi i have a client that he wants to have a specific content per server, possible to help me what script on aflex. I have example below: server proxy1 (jp(e?g|e|2)|tiff?|bmp|gif|png) (cgi-bin) (php|jsp|cgi|asx) (php|jsp) server proxy2 (z(ip|[0-9]{2})|r(ar|[0-9]{2})|jar|bz2|gz|tar|rpm|deb|vpu) server proxy3…
-
Squid Proxy Heath Check
Hello, I'm currently evaluating A10 (so I'm a newbie !) and I have question about Health Check. I configured two Squid Servers for Load Balancing. The health check is done using a TCP session (to port 8080) and sending the command 'GET http://www.google.com\r\n". It works fine but I would like also check the Response HTTP…
-
aVCS doesn't sync to other unit
Hello, I have been struggling with aVCS with VRRP for a few hours this morning and am stuck. It appears that no matter what I do I can't get the configuration to sync to the other "blade". I should note, that I first had these systems fully configured in the traditional HA mode, but only moved to the aVCS configuration…
-
How many maximum vCPUs does softAX support ?
Hello, Can I improve SoftAX performance , especially SSL performance , by adding vCPUs ? If so , how many maximum vCPUs does softAX support ? I am looking for ways to improve SSL performance when using softAX. I am not sure if softAX supports multi vCPUs. Best Regards, Shigehiro
-
Forwarding Client IP in SMTP Header
Hey guys! I had a weird request regarding forwarding client IP's. We have our junkmail server's which currently are terminated directly to our old Cisco ACE load-balancer, and use the ACE as their default-gateway. We set them up this way because the junkmail server's need to see the IP addresses of the clients that are…
-
A10 support for websockets?
Hey All, Does anyone know if the A10 supports websockets and what specific config changes need to be in place for this to function properly? I was trying to pass the port through TCP (2) with no success.
-
Unknown unicast
I keep getting burst of log messages "The total unknown unicast packets xxxxx per second has exceeded the configured all VLAN limit of 5000" in my AX logs." The number xxxxxx ranges anywhere from 10000 to 40000. I have about 15 web sites behind my A10. Is this normal? This only started a couple months ago.
-
Conditional SNAT + aFleX rule
How to create an aFleX rule, where a connection started from a server_1 to the VIP can use the SNAT_1 IP address, and another connection started from another server_2 to the same VIP can use another SNAT_2 IP address??.. Is that possible. Thank you very much
-
DNS Delegation for GSLB
... long time listener, 1st time caller. Howdy folks! I've got 2 sites (NY and PA) with an AX cluster at each site in it's "internet" DMZ. The sites are interconnected on the LAN and I've also got a Juniper SSL VPN cluster split "behind" the A10 at each site (synchronizing over the LAN). Currently, we are only using the…
-
Weird behaviour of AX2500
I'm observing a weird behaviour on a pair of AX2500 running 2.6.1-P4: When I do a HEAD request for say http://$VIRTIP/foo.html?$UNIQID the balancer gets the content from one of the real servers and replies as expected. This works always without failures. Now when a request for the same file is being done by one of Akamai's…
-
AX Boxes Sending Email
Dears, Is there a way at which we can make the AX device sending email notifications upon failure of servers in the service group or upon negative health monitor results of the servers (server being marked down) ?? In case there is a way to do it, please share the idea and how to do it. Many thanks
-
IP Based Authentication with pbslb
When you want to allow certain IPs to specific content. The PBSLB List: ! BWList10.0.0.1/32 110.10.10.10/32 1172.16.0.0/16 1 The aFleX: when HTTP_REQUEST { if { ([HTTP::uri] starts_with "/certain_url") } { switch [POLICY::bwlist id[IP::remote_addr] BWList] { "1" { pool sg-http } default { log "Rejected ip address"…
-
dnsbl rule
Does anyone know if it is possible to apply an aflex rule to MX VIP and query a dns server and look for a specific response prior to allowing the traffic? F5 has a function that does this in irules. Bill
-
AX Box Sending Email
Dears, Is there a way at which we can make the AX device sending email notifications upon failure of servers in the service group or upon negative health monitor results of the servers (server being marked down) ?? Is it doable by aFLEX, or there is another way of doing it? Can we applt aFLEX to L4 virtual ports? In case…
-
Remove Accept-Encoding header
When you are not using compression in an HTTP template but you still want to get rid of the Accept-Encoding header. Or any other header. ;) when HTTP_REQUEST { if { [HTTP::header exists "Accept-Encoding"] } { HTTP::header remove "Accept-Encoding" }} Little more fancy: when RULE_INIT { set ::REMOVEHEADER…
-
Host based redirects with class-lists
In URI based redirect with class-lists I referred to new features in 2.7.0. The same can be done with Hostnames. The class-list: class-list cl-redirects string str a10networks.com https://a10networks.com str w3.a10networks.com https://a10networks.com str w3.customer1.tld http://shared.sample.tld/customer1 str…
-
URI based redirect with class-lists
With the release of 2.7.0 it's possible to reference class-lists in aFleX and it's possible to store strings in a class-list. This combination simplifies the required aFleX needed as the lists of redirects is kept in the class-list. The class-list: class-list cl-redirects string str /exchange…
-
Form Authentication with aFleX
Quick and dirty way of form based authenticating users for specific URLs on a VIP. ### START ###when RULE_INIT { # List of users (with passwords) that are allowed to authenticate array set ::DOTPASSWD { "randomuser1" "thiswillbeacleartextpassword" "randomuser2" "thiswillbeacleartextpassword" } set ::FORM_CONTENT…