-
Allow a connection based on source IP to a URI
How would I allow a connection based on source IP (or serveral source IPs) to an URI? I know in the f5 I can just create data groups and do a class match, but I am not sure how to do it on the a10.
-
SNAT and GARP-s for all IPs in the SNAT pool?
Is this by design that G-arps are sent every 30 sec from ALL IP:s in an SNAT pool from the vrrp-a master? even if the IPs are not even used?! /Christian
-
Upgrade from 2.6.1-P4 to GR1
Have aVCS. reading the AX_Series_2_6_1-GR1_RelNote-120311.pdf Page 119. Step 1 - Backup - check Step 2 - Copy off the ax device - check Step 3 - disable VCS on the blade (NOT the master) - check Step 4 - going into one partition called "Internal" changing vrrp-a vrid default to priority 150 (the other ones has 100) - check…
-
HA -active -active -ditributed trunking (LACP) and VLAN tagging
Hi everybody I am trying to achieve the following: I want to connect a pair of AX1030 in an active active confiugration. They will be connected to a pair of swithes running distributed trunking. That allows me to create trunks as depicted in the diagram. For each load balancers the same color pairs are configured as trunks…
-
SO how would you do? SLB planning...
Have the need for loadbalancing several internal systems. Systems and Clients are on the same subnet. Right now, AX is also on the same subnet. Dont like the DSR concept. Firstly dont know how to make Appliances have VIP as localhost. Also dont like that only TCP works with DSR. want to go higher up in layers.. Http / SMTP…
-
insert www
I have an aflex that inserts www if they come in without it and redirects to https://. it works fine if they come in on http, but does not work if they use https. the aflex is bound to both the 443 and the 80. http://xyzsite.com (works) https://xyzsite.com (does not work) when HTTP_REQUEST { if {[HTTP::host] starts_with…
-
Smart Flow Control limits
One of the settings on a Connection Reuse template is "Smart Flow Control", which lets you queue packets when the per-server connection limit is reached (otherwise packets that would exceed the limit are dropped). The queue depth is configurable, but then, if the queue is full, packets are dropped. I realize that if you…
-
Setting a Cookie with Secure and HTTPOnly
Posted by TODDH We are in the process of going through some compliance audits, and the cookies that the load balancers use to return packets to specific servers can contain the “secure” attribute but we don’t have a way to include the “httponly” attribute. Is there a way with an aFlex to set both? Thanks, -Todd-
-
cookie encryption
I am working on an aflex to encrypt the value of a cookie when sending it to the client, and decrypting it when sending it to the server. Is there a way to improve the b64encode security. IOW, how do I get better encryption of the cookie. Here is what I have so far: when HTTP_RESPONSE {set decrypted [HTTP::cookie…
-
Deploy HA pair with two separate gateway
I have a HA pair AX, I want to load balance for Farm servers and DMZ servers (one AX primary for Farm, standby for DMZ, the other one primary for DMZ and standby for Farm). The problem is, there's two different gateway for server in Farm and server in DMZ in this case, no VRRP in gateway router because they work…
-
Switching Service Group based on VLAN Tag
What's the best way to create an aFleX that directs users coming in on a specific VLAN to a specific service group? For example, VLAN 2 would direct to service group SG2 and VLAN 3 would direct to service group SG3, and so on. There could be quite a number of VLAN to service group matches, so the most efficient aFleX…
-
Cookie Security (HTTPOnly-/Secure-Flag)
Hi, It would be nice if it is possible to set this for the cookies (Cookie Persistence). Will this feature be available in one of the next releases? RFC 6265 (Chapter: 4.1.2.6. The HttpOnly Attribute) Regards
-
HA active-active
Hi, I have two AX3000, I want to have an HA active-active deployment. Is this possible in Large Scale NAT implementation? If that so, can you give me some example configuration. Thanks, Dannel
-
Health Monitoring
Posted by herve.schlecht@rbs.fr In EX configuration, how can I define a Monitoring check in which I check 2 IP address through ping. If one of the IP doesn't answer I need to disable th elink. BRgds
-
SNMP Monitoring
Posted by twolfe94022 We bought a pair of AX3000's they are in production running great! The problem we have is monitoring them. Aside from basic interface up and down that is all we can see. I was given the Cacti template and it seemed to connect to the box, but the graphs never update. I would like to be able to see…
-
Connection Reuse
Posted by twolfe94022 We just purchased a pair of 5200-11's to replace a set of 3000's. Within 24hrs the box was at 96%. Our Linux team enabled keep-alives which brought it down to 20% but now their boxes are loaded up. The default setting for the template is 1000/40minutes. The 40 min trigger seems long. I would like to…
-
Health Monitor - SASP, SOAP, WMI and RPC
Posted by danguijun Good day guys, Is there a way to create separate Health monitors through aFleX to monitor the following protocols on real servers? - SASP (Server/Application State Protocol); - SOAP (Simple Object Access Protocol); - WMI (Windows Management Instrumentation); - RPC (Remote Procedure Call) I don't have a…
-
URL Switching / Stripping with aFleX and Switch
Posted by mischa Code:…
-
Running Axdebug in a partition
Posted by pwidman When running Axdebug inside a partition you will only see traffic inside the partition where you are executing the command. Is this a fact? My testing shows it is but want to ensure that is the case.
-
log message Question
Posted by Han Hi. Custmer using the ADP. In all the private partition have the same log message. Oct 31 2011 15:36:00 Info [L3]:imish: trying to reconnet to imish : login VR Oct 31 2011 15:36:00 Error [L3]:(2986) login virtual-router VR1 Failed [timeout]: login virtual-router VR1 ^ Invalid input detected at '^' marker.…
-
AX working with VMWare 'View'
Posted by LynnS A customer asked if we can work with their VMWARE 'View' product. I've not had any time yet to research this, but I wanted to ask if anyone has any idea what this product is/does and if the AX is compatible with it in any way. This came up in a conversation about VMWARE VCenter working with our axAPI.…
-
url or host switching based on source-ip
Posted by pwidman I have a customer who's commercial requirement is to ensure only specific networks (clients) access a host or URL. Today they are using an IRULE with a class-list to call out the networks that should be matched for a particular host. An example IRULE of what they have is pasted below when HTTP_REQUEST {…
-
exchange 2010 aflex
Posted by brunov I would like to use a single virtual ip address for exchange access and still be able to use cookie persistence for owa and ews, rewrite the owa uri, and be able to split my services later by sending them to different service groups. Do you see any issues with the following aflex? Code: when HTTP_REQUEST…
-
ACL based on L2 or L3 headers
Posted by danguijun Good day Folks, Is there a way to create an aFleX to behave like an ACL on AX to permit/ drop / pool traffic based on the following parameters? - Source MAC address - Destination MAC address - Protocol type (e.g. TCP, GRE, etc.) The latter (protocol) i found it on aFleX manual that we could use it as a…
-
Setting the port threshold for LACP trunks
Posted by pwidman Is there such a thing? I do not see it in the administrative guide for 2.6.1. I do see it for static trunks. If you do not recall what port threshold means: By default, a trunk’s status remains UP so long as at least one of its member ports is up. You can change the ports threshold of a trunk to 2-8…
-
Node Failover
Posted by jgreen How do I configure the lb for a server failover instead of load balancing? i.e. - traffic keeps being delivered to one primary server unless it is down (then delivers to the backup server) and redelivers to the primary server once it is back online.
-
Need assistance in creating a healthcheck
Posted by pwidman I have a customer who is looking to enable a healthcheck which does the following host:7287/widmansworld-ping while using a client generated ssl certificate with PKCS12 (.p12) and a password provided for authentication. Expected response: Text containing widmansworld=running All of this can be…
-
How to limit DHCP Discover
Posted by kiriro Hi I'd like to limit frequent dhcp discover from a specific client PC's mac in thermal runaway. This dhcp client send huge DHCP discover. I tried to apply "DHCP discover packet" to following rule, It's famous irule sample used as traditional ddos protection, and I changed $srcip to $mac, for this reason, I…
-
Token-based Persistence and SCCP inspection
Posted by danguijun Good day Folks, I would need please help to validate/ confirm the following: - Can we somehow do token-based session persistence through aFleX or natively? - If required, can we inspect through aFleX a SCCP header field in order to use it as a load balancing decision? Thanks in advance,
-
VRRP and session synchronization
Posted by pwidman I have a customer who is implementing VCS along with VRRP this weekend and would like to use a dedicated port or trunk for session synchronization. After reading the 2.6.1 configuration guide section for VRRP it is not clear to me if this is possible. I recall that it was possible but I do not recall the…