-
How many maximum vCPUs does softAX support ?
Hello, Can I improve SoftAX performance , especially SSL performance , by adding vCPUs ? If so , how many maximum vCPUs does softAX support ? I am looking for ways to improve SSL performance when using softAX. I am not sure if softAX supports multi vCPUs. Best Regards, Shigehiro
-
Forwarding Client IP in SMTP Header
Hey guys! I had a weird request regarding forwarding client IP's. We have our junkmail server's which currently are terminated directly to our old Cisco ACE load-balancer, and use the ACE as their default-gateway. We set them up this way because the junkmail server's need to see the IP addresses of the clients that are…
-
A10 support for websockets?
Hey All, Does anyone know if the A10 supports websockets and what specific config changes need to be in place for this to function properly? I was trying to pass the port through TCP (2) with no success.
-
Unknown unicast
I keep getting burst of log messages "The total unknown unicast packets xxxxx per second has exceeded the configured all VLAN limit of 5000" in my AX logs." The number xxxxxx ranges anywhere from 10000 to 40000. I have about 15 web sites behind my A10. Is this normal? This only started a couple months ago.
-
Conditional SNAT + aFleX rule
How to create an aFleX rule, where a connection started from a server_1 to the VIP can use the SNAT_1 IP address, and another connection started from another server_2 to the same VIP can use another SNAT_2 IP address??.. Is that possible. Thank you very much
-
DNS Delegation for GSLB
... long time listener, 1st time caller. Howdy folks! I've got 2 sites (NY and PA) with an AX cluster at each site in it's "internet" DMZ. The sites are interconnected on the LAN and I've also got a Juniper SSL VPN cluster split "behind" the A10 at each site (synchronizing over the LAN). Currently, we are only using the…
-
Weird behaviour of AX2500
I'm observing a weird behaviour on a pair of AX2500 running 2.6.1-P4: When I do a HEAD request for say http://$VIRTIP/foo.html?$UNIQID the balancer gets the content from one of the real servers and replies as expected. This works always without failures. Now when a request for the same file is being done by one of Akamai's…
-
AX Boxes Sending Email
Dears, Is there a way at which we can make the AX device sending email notifications upon failure of servers in the service group or upon negative health monitor results of the servers (server being marked down) ?? In case there is a way to do it, please share the idea and how to do it. Many thanks
-
IP Based Authentication with pbslb
When you want to allow certain IPs to specific content. The PBSLB List: ! BWList10.0.0.1/32 110.10.10.10/32 1172.16.0.0/16 1 The aFleX: when HTTP_REQUEST { if { ([HTTP::uri] starts_with "/certain_url") } { switch [POLICY::bwlist id[IP::remote_addr] BWList] { "1" { pool sg-http } default { log "Rejected ip address"…
-
dnsbl rule
Does anyone know if it is possible to apply an aflex rule to MX VIP and query a dns server and look for a specific response prior to allowing the traffic? F5 has a function that does this in irules. Bill
-
AX Box Sending Email
Dears, Is there a way at which we can make the AX device sending email notifications upon failure of servers in the service group or upon negative health monitor results of the servers (server being marked down) ?? Is it doable by aFLEX, or there is another way of doing it? Can we applt aFLEX to L4 virtual ports? In case…
-
Remove Accept-Encoding header
When you are not using compression in an HTTP template but you still want to get rid of the Accept-Encoding header. Or any other header. ;) when HTTP_REQUEST { if { [HTTP::header exists "Accept-Encoding"] } { HTTP::header remove "Accept-Encoding" }} Little more fancy: when RULE_INIT { set ::REMOVEHEADER…
-
Host based redirects with class-lists
In URI based redirect with class-lists I referred to new features in 2.7.0. The same can be done with Hostnames. The class-list: class-list cl-redirects string str a10networks.com https://a10networks.com str w3.a10networks.com https://a10networks.com str w3.customer1.tld http://shared.sample.tld/customer1 str…
-
URI based redirect with class-lists
With the release of 2.7.0 it's possible to reference class-lists in aFleX and it's possible to store strings in a class-list. This combination simplifies the required aFleX needed as the lists of redirects is kept in the class-list. The class-list: class-list cl-redirects string str /exchange…
-
Form Authentication with aFleX
Quick and dirty way of form based authenticating users for specific URLs on a VIP. ### START ###when RULE_INIT { # List of users (with passwords) that are allowed to authenticate array set ::DOTPASSWD { "randomuser1" "thiswillbeacleartextpassword" "randomuser2" "thiswillbeacleartextpassword" } set ::FORM_CONTENT…
-
Basic Authentication with aFleX
Quick and dirty way of authenticating users for specific URLs on a VIP. ### START ### when RULE_INIT { # Set the REALM set ::REALM "Password Required" # List of URLs you need to authenticate for array set ::LISTURL { "/exchange" "1" "/exchange/" "1" "/sharepoint" "1" "/sharepoint/" "1" } # List of users (with passwords)…
-
SMTP STARTTLS offload
I set up SMTP STARTTLS offload when I started loadbalancing Exchange 2010 a couple of years ago, and I could swear it worked when I tested it then. Recently we've gotten reports that it doesn't work, and testing with 'openssl s_client -connect webmail:587 -starttls smtp' shows the certificate chain and seems to get through…
-
(LSN)Increase Number LSN pool addresses over 10000 (Outsite address)
Hi Brothers I have a question relating to "Maximum numbers of LSN Pool IP Addresses" By default, the AX models that support LSN can support up to the following maximum numbers of LSN pool addresses (outside addresses) per system: • AX 5200 – 10,000 outside IPs, Can we change Maximum numbers of LSN pool addresses (outside…
-
SMPP Proto TCP interuption
Hi, Using Aflex script how to interrupt SMPP Proto TCP. Regards, Kiran
-
Unequal Load on Cache Servers
Dears, We have the followings being deployed: 1- Round Robin LB Algorithm to Balance the Load Among Cache Flow Servers. 2- Destination IP Persistence Option Enabled at the Virtual Server Port. 3- No HTTP Template Options are Enabled ! The problem is that the load and traffic at the cache servers is not spread equally, any…
-
Upgrade from 2.4.x to 2.6.x how-to?
Looking at the release notes etc everything looks fine and dandy - But the more advanced paths are not that well documented IMHO. So. Does anyone have experience with transitioning from HA to VRRP-A. How did that go? What to REALLY not forget? And also in the same fashion. Have an running system -> migrating it into an…
-
HA-mode
Hi, Trying to set up two Ax 1030 in HA-mode (Active/standby) Config on AX1: -Standby#show running-config ha ha id 1 set-id 1 ha group 1 priority 100 ha interface ethernet 1 ha preemption-enable ha conn-mirror ip 172.16.1.152 ! 1-Standby#show running-config interfaces ethernet 1 interface ethernet 1 ip address 172.16.1.151…
-
automating config backup with Rancid
Has anyone configured Rancid with A10? I wasn't able to use clogin to logon since my A10 is not set with enable password and clogin did not like it -- kept on asking for password. Any idea on this? Thank you
-
aFlex and server-for-server backups
Posted by kberton I have 3 primary app servers and 3 backup servers in a SLB Service Group. Let's call them A1/B1/C1 and A2/B2/C2. In normal operations, all traffic will be LB'd to A1/B1/C1 and A2/B2/C2 are backup servers that will only receive live traffic when there is a failure on any of the 3 primary servers. Service…
-
IP Source NAT
Hello, I have two AX2500 (active/active). Servers (172.10.10.0/24) need to access other servers (192.168.1.0/24) and Internet, using NAT... The "IP Source NAT" works only for icmp. Why? vlan 1 --- AX --- vlan 2 --- Internet vlan 1: 172.10.10.0/24 (Servers) vlan 2: 192.168.1.0/24 (VIP) access-list 110 permit ip 172.10.10.0…
-
Role privilage required to export axdebug file
Platform is AX1030 with version 2.6.1-GR1-P3(build: 29) I'm trying to create a role that read-only but has the ability to create and then export axdebug capture files. I have a role that can create them (basically ReadOnlyAdmin), but when I go to export the file I get "Insufficient privilege". I have not been able to find…
-
Wordpress SSL Issue
Good morning! I had a question regarding an issue our web developer team was having at our university. Apparently, they are having trouble with SSL when they require users to connect to their Wordpress Server. Their server is behind our load-balancer doing SSL offloading, and as such they've now requested that our AX-3030…
-
aXAPI upload a certificate, key via slb.ssl.upload
Hello, I had to upload about 50 certificates and keys into a box running version 2.6.1-P4. I read the AX_aXAPI_Ref_v2_6_1-P3-20111130.pdf document and found in chapter 6.31.4 “slb.ssl.upload” Method. There are these three parameter session_id, method and type. I am missing the information which file will be uploaded. What…
-
Get the VRRP-A Status via SNMP or aXAPI
Hello, I would like to get the vrrp-a status from some ax devices running2.6.1-GR1-P2 . So I am able to login to the active vrrp-a unit without trying to connect to both to get the active one. Is there a way to monitor the vrrp-a status ( active / standby ) via snmp or aXAPI? I did not find a snmp OID or the REST Api path…
-
append to URI
I'd like to add ?A10 to a specific URI. The intent may appear below but of course I am posting here as it clearly does not do what I want :) When I get a request how do I change the request (uri) before sending to the server side? It is Sunday and I have been on an 11 hour conf call and my brain will not function - I hope…
