-
SMTP STARTTLS offload
I set up SMTP STARTTLS offload when I started loadbalancing Exchange 2010 a couple of years ago, and I could swear it worked when I tested it then. Recently we've gotten reports that it doesn't work, and testing with 'openssl s_client -connect webmail:587 -starttls smtp' shows the certificate chain and seems to get through…
-
(LSN)Increase Number LSN pool addresses over 10000 (Outsite address)
Hi Brothers I have a question relating to "Maximum numbers of LSN Pool IP Addresses" By default, the AX models that support LSN can support up to the following maximum numbers of LSN pool addresses (outside addresses) per system: • AX 5200 – 10,000 outside IPs, Can we change Maximum numbers of LSN pool addresses (outside…
-
SMPP Proto TCP interuption
Hi, Using Aflex script how to interrupt SMPP Proto TCP. Regards, Kiran
-
Unequal Load on Cache Servers
Dears, We have the followings being deployed: 1- Round Robin LB Algorithm to Balance the Load Among Cache Flow Servers. 2- Destination IP Persistence Option Enabled at the Virtual Server Port. 3- No HTTP Template Options are Enabled ! The problem is that the load and traffic at the cache servers is not spread equally, any…
-
Upgrade from 2.4.x to 2.6.x how-to?
Looking at the release notes etc everything looks fine and dandy - But the more advanced paths are not that well documented IMHO. So. Does anyone have experience with transitioning from HA to VRRP-A. How did that go? What to REALLY not forget? And also in the same fashion. Have an running system -> migrating it into an…
-
HA-mode
Hi, Trying to set up two Ax 1030 in HA-mode (Active/standby) Config on AX1: -Standby#show running-config ha ha id 1 set-id 1 ha group 1 priority 100 ha interface ethernet 1 ha preemption-enable ha conn-mirror ip 172.16.1.152 ! 1-Standby#show running-config interfaces ethernet 1 interface ethernet 1 ip address 172.16.1.151…
-
automating config backup with Rancid
Has anyone configured Rancid with A10? I wasn't able to use clogin to logon since my A10 is not set with enable password and clogin did not like it -- kept on asking for password. Any idea on this? Thank you
-
aFlex and server-for-server backups
Posted by kberton I have 3 primary app servers and 3 backup servers in a SLB Service Group. Let's call them A1/B1/C1 and A2/B2/C2. In normal operations, all traffic will be LB'd to A1/B1/C1 and A2/B2/C2 are backup servers that will only receive live traffic when there is a failure on any of the 3 primary servers. Service…
-
IP Source NAT
Hello, I have two AX2500 (active/active). Servers (172.10.10.0/24) need to access other servers (192.168.1.0/24) and Internet, using NAT... The "IP Source NAT" works only for icmp. Why? vlan 1 --- AX --- vlan 2 --- Internet vlan 1: 172.10.10.0/24 (Servers) vlan 2: 192.168.1.0/24 (VIP) access-list 110 permit ip 172.10.10.0…
-
Role privilage required to export axdebug file
Platform is AX1030 with version 2.6.1-GR1-P3(build: 29) I'm trying to create a role that read-only but has the ability to create and then export axdebug capture files. I have a role that can create them (basically ReadOnlyAdmin), but when I go to export the file I get "Insufficient privilege". I have not been able to find…
-
Wordpress SSL Issue
Good morning! I had a question regarding an issue our web developer team was having at our university. Apparently, they are having trouble with SSL when they require users to connect to their Wordpress Server. Their server is behind our load-balancer doing SSL offloading, and as such they've now requested that our AX-3030…
-
aXAPI upload a certificate, key via slb.ssl.upload
Hello, I had to upload about 50 certificates and keys into a box running version 2.6.1-P4. I read the AX_aXAPI_Ref_v2_6_1-P3-20111130.pdf document and found in chapter 6.31.4 “slb.ssl.upload” Method. There are these three parameter session_id, method and type. I am missing the information which file will be uploaded. What…
-
Get the VRRP-A Status via SNMP or aXAPI
Hello, I would like to get the vrrp-a status from some ax devices running2.6.1-GR1-P2 . So I am able to login to the active vrrp-a unit without trying to connect to both to get the active one. Is there a way to monitor the vrrp-a status ( active / standby ) via snmp or aXAPI? I did not find a snmp OID or the REST Api path…
-
append to URI
I'd like to add ?A10 to a specific URI. The intent may appear below but of course I am posting here as it clearly does not do what I want :) When I get a request how do I change the request (uri) before sending to the server side? It is Sunday and I have been on an 11 hour conf call and my brain will not function - I hope…
-
aXAPI: slb.template.client_ssl.create
Hey all, I was wondering if someone could lend a hand in regards to how to properly put together a request using python over aXAPI using the slb.template.client_ssl.create method. I was trying to setup the parameters but I'm getting confused using the Url-encode options and how to properly set the array, I was doing the…
-
Draining for Maintenance
Any suggestions on the best way to drain all connections from a server so that you can perform maintenance? In a non emergency situation I'd like to let active connections continue to a server but not to allow new connections. In time that would mean that the server would no longer have any connections and the end users…
-
Health monitor Source IP addresses
Posted by jmaddox What IP is used as the source for health monitors? Are there instances where SNAT addresses are used? Examples: 1. interface or ve address but no snat involved, servers on same subnet as interface or ve address 2. same as #1 but servers a layer 3 hop away 3. Items #1 and #2, but with SNAT addresses…
-
ip nat range-list limitations in L3 partition
Hi, I have a deployment that requires the feature of range list in SLB to statically mapping of subnets. here's the scenario: I created two partitions in AX, and configure a range list in 1st parition "ip nat range-list 10.10.10.0 /24 192.168.0.0 /24 count 254. I also want to configure the same 10.10.10.0 /24 and map to…
-
axdebug shows 'Rerouting failure for forward traffic match"
While troubleshooting a new implementation with axdebug captures, I see dozens of messages pairs like this: @279485663 i( 3, 101, b4795)> ip 10.95.100.44 > 10.42.101.225 tcp 6310 > 443 PA 9b8c5dba:ee9455c7(37) @279485663 i( 3, 101, b4795)> Rerouting failure for forward traffic match And the page is 'waiting to load'. What…
-
.NET Library or XML Schema?
I remember seeing at one point in time a .NET library that was either available or being tested that would allow you to access the aXAPI interface using powershell or via compiled .NET application. I can't seem to find any reference to it on the site. If it was an idea at one point in time and scraped, is there are least…
-
Named virtual hosts like apache
Hello All, I am new to a10, my apologies if this is been answered elsewhere. I'd like to have one VIP that is public facing on eth2 interface and the eth1 is inside a private LAN with multiple iplanet web servers. On the dns side multiple fqdns are cnamed to the VIP. When a request comes to certain fqdn, I'd like to load…
-
TCS Smart LB to caches
Posted by mischa Code: when RULE_INIT {set :: CACHEURLS [list "youtube.com" "googlevideo.com" "google.com" "facebook.com" "google.de" "apple.com" "fbcdn.net" "clipfish.de" "googlesyndication.com" "337.com" "aol.com" "bigfishgames.com" "bigpoint.net" "bild.de" "chip.de" "doubleclick.net" "comput erbild.de" "dailymotion.com"…
-
LACP trunk failing in transparent mode
Hi all, I'm new to a10 stuff, and I'm trying to set up some new AX3200-12. I'm trying to set up the devices in transparent mode with a pair of data interfaces bonded to a cisco switch using LACP negotiation. I can set up the trunk interfaces fine, and the switch shows that the port-channel is build properly, but as soon as…
-
Admin and Partitions access
Hello, I'm kind of new to the A10. We have two AX2500 configured with 3 partitions and VRRP. I'm trying to acess via webgui using the default admin user that is a read write administrator. But when I try to acess any of the partitions to configure them I get this message: Error Ocurred: Current partition cannot be changed…
-
VIP is difference subnet with AX interface
Hi, We have scenario: Router->AX->Server, AX interface to upstream router (client-site router) is difference subnet with VIP (for example: AX's Interface 1 connect to client-site Router has IP address 192.168.1.1/29, but VIP ip address is 192.168.200.1) the Real Server subnet is 192.168.100.1 /24. I tried to ping from AX…
-
External monitor script
Hi, I would like to create a external monitor health check that use TCP 11277 and send the command: - "GET / ctrl_vip_acct_trrloader" The answer expect is: "VALUE ctrl_vip_acct_trrloader 0 27" How can I do this in TCL script? Tks Best regards, Alessandro
-
VCS and ve-stats enabled
Hello, is it possible to active "ve-stats enabled" in a VCS, so that is saved in the startup and running config? I tried it, but got this message in the logfile. Ve stats are counted on the vcs master, but not on the vcs blade. Vcs master and vrrp-a active are the same system at the moment.…
-
Anyone have luck with using database external monitors?
I'm attempting to setup a simple external monitor to check on a couple of Oracle instances. After using the example script provided in the documentation and tailoring it to my environment I've yet to get it to work correctly. Unfortunately, debugging a script on the AX is difficult it not impossible to do from that I've…
-
Collect different info from different Webmail clients
My goal is to log different information from Webmail clients than from ActiveSync clients. It seems the most obvious way to distinguish the two clients is from the HTTP::URI. So I've written the following script, which sadly has an error somewhere in it; line 19 according to the A10. when HTTP_REQUEST { if { [HTTP::method]…
-
URL Hash Persistence synced to standby HA node?
Hi, We recently implemented URL Hash Persistence on a rather large Varnish cache server farm on an AX3000 cluster running 2.4.3-p7. Everything looks fine, and the cache hit-ratio on the cache-servers increased significantly. But I wonder if the url hash persistence is synchronized to the standby node in the cluster? I…