-
Node Failover
Posted by jgreen How do I configure the lb for a server failover instead of load balancing? i.e. - traffic keeps being delivered to one primary server unless it is down (then delivers to the backup server) and redelivers to the primary server once it is back online.
-
Need assistance in creating a healthcheck
Posted by pwidman I have a customer who is looking to enable a healthcheck which does the following host:7287/widmansworld-ping while using a client generated ssl certificate with PKCS12 (.p12) and a password provided for authentication. Expected response: Text containing widmansworld=running All of this can be…
-
How to limit DHCP Discover
Posted by kiriro Hi I'd like to limit frequent dhcp discover from a specific client PC's mac in thermal runaway. This dhcp client send huge DHCP discover. I tried to apply "DHCP discover packet" to following rule, It's famous irule sample used as traditional ddos protection, and I changed $srcip to $mac, for this reason, I…
-
Token-based Persistence and SCCP inspection
Posted by danguijun Good day Folks, I would need please help to validate/ confirm the following: - Can we somehow do token-based session persistence through aFleX or natively? - If required, can we inspect through aFleX a SCCP header field in order to use it as a load balancing decision? Thanks in advance,
-
VRRP and session synchronization
Posted by pwidman I have a customer who is implementing VCS along with VRRP this weekend and would like to use a dedicated port or trunk for session synchronization. After reading the 2.6.1 configuration guide section for VRRP it is not clear to me if this is possible. I recall that it was possible but I do not recall the…
-
insert the client SSL certificate into a header
Posted by brunov How can I use aflex to capture the client ssl Certificate and insert in into an HTTP header. This can be used by the server to validate certain information about the client. Pre-requisite: • You must have 2.6.1-P2 ([X509::whole $session_data] is only available from that release forward) Code: when…
-
Persistance based on SIP Session ID
Posted by kmcewen@a10networks.com I have a potential customer that requires to achive IP Source (port based) pesrsistance based on the SIP Session ID. I.e that the client will persist if the connection is from the same session.
-
DNS TTL priority: Zone or Policy or Other?
Posted by kirbini Hello, We've a customer who is asking for a TTL increase on many of their GLSB zones. One of our engineers changed it in the GLSB policy for that client but nothing changed. I changed the TTL for one of the zones and that seemed to work. I should mention that the AX1000 is the DNS server, not a proxy.…
-
GSLB DNS response when all service IPs are down?
Posted by kirbini How should the non-proxy DNS respond in a GSLB config when all service IPs fail their heath checks? I have two service IPs in a GLSB zone config. Both servers show down in the service-ip status page but I still get a valid DNS response containing at least one of the external IPs when I query the load…
-
aFleX to drop persistent connections
Posted by TODDH I needed to drop persistent connections immediately when a health check fails. I used the below aFleX to check the status of the node and if it is anything other than "up" the connection is reset. Thanks, -Todd- when CLIENT_ACCEPTED { } when CLIENT_DATA { if {$s_ip equals "10.12.12.230"} { # Check if server…
-
aFleX Policy to Redirect a Specific SNMP OID
Posted by bmeckley I am looking for an aFleX example that can redirect an SNMP OID of ".1.3.6.1.9.9.41.2.0.1" to a specific server. This particular OID will contain syslog messages that will be sent to a Syslog server. All other SNMP traps will be directed to specific SNMP servers using a PBSLB policy. Thank-you
-
VMWare working with A10 for Dynamic Provisioning
Posted by wfigueiredo Hi Everyone, Im looking for help for Dynamic Provisioning. I´ve followed all steps in A10 documentation, but without success. My vSphere and vCenter are later than 4.0 and the documentation refers 2.5 vCenter version. Can anyone help me with this? Thanks
-
Using lsearch with host list
Posted by jay Hi, Would like a secondary/tertiary eyes on the following aFlex regarding using lsearch to find a match in a host list: Code:…
-
Send reset on server select fail
Posted by jmaddox At what point is the reset sent to the client? Would this be during a persistent existing connection where a server is marked down and the next packet from the client is reset by ax at that time? or, is this only so narrow as to the initial lb selection of server? ex: tcp vip, client sends syn, ax opens…
-
Max number of GSLB zones on AX1000
Posted by kirbini We have a client who would like to globally load balance more than 500 different domains. Is there a maximum number of GSLB zones that the AX1000 can handle? On a related note, does anyone have any advice on easily importing and/or consolidating 500 GSLB setups? Does GSLB have any wildcard options like…
-
RAM cache and prefetch
Posted by jmaddox What is AX behavior in the case of expired object in RAM cache? Does AX proactivley request object from server? Or doe it wait for the next request for that object? There are pros and cons to each behavior.
-
Apache Killer DDoS attack blocked by AX!!!
Posted by ddesmidt A recent Apache vulnerability has been found using the "HTTP Range" option. www.hacklabs.com/home/2011/8/24/research...partial-content.html This one can be easily prevented with your A10 Possible protection: AX could simply drop all requests with a "Range header". But the requests with a "Range header"…
-
HA interface synchronization
Posted by jmaddox According to the Configuration guide, items that are not backed up are vlans and trunks, "interface settings". does interface settings = speed/duplex or ip configuration, or both do interfaces in this context = also VEs or just physical interfaces? If i configure a VE on a standby unit, but do not have…
-
promiscuous vip settings physical vs VE
Posted by jmaddox What is the difference in setting promiscuous vip on a physical interface and a VE? are both required in the case that you have a VE? what are the ramifications of only setting it on VE? on physical and not VE?
-
aVCS and floating IP'S
Posted by kmcewen@a10networks.com Can some one please explain the traffic flow through the VCS. I am working on an op where I cannot use SNAT and therefore reliying on the floating IP which is the default gateway for the servers. How do we ensure that the traffic flows back via the incomming blade? Ta Ken
-
ELECTION HASH
Posted by ivanm@a10networks.com Hi guys, We can do a similar aFlex? # MD5 calculation of Server + HOST + URI # Rule selects Server that scores highest # # S = Current high score # N = Node being evaluated # W = Winning node # # Set "myPool" to your pool name. # when HTTP_REQUEST { set S "" set myPool pool_name foreach N…
-
App switching and cookie persistency
Posted by jmaddox question from a customer. Aflex is likely not needed here: The domain is www.domain.com<http://www.domain.com> with a URI of www.domain.com/sf<http://www.domain/sf>, www.in-drive.com/sf-register<http://w...com/sf-register>, etc... I have 2 Service Groups: Service Group 1: Windows Server 1 Windows Server 2…
-
Filter DNS requests using Aflex
Posted by brunov I have the following aflex that will allow you to filter the DNS requests by hostname, and limit what will be load balanced to your DNS servers. Code:…
-
Default Path in Exchange 2010 (Shared VIP)
Posted by kmcewen@a10networks.com In the deploymant guide we say that we can not insert the /owa if it has been missed when using a shared vip for exchange services. As this was a requirement by a customer I have developped the following that worked with a bit of help (thanks all) when HTTP_REQUEST { if {[HTTP::uri] equals…
-
disable chunking client side?
Posted by jmaddox HTTP::version "1.0" should turn off chunking on the server. Is there a way to turn off http chunking for the client side connection?
-
unknown command "elseif"
Posted by jmaddox What is the correct syntax to prevent the error indicating that "elseif" is unknown command? when RULE_INIT { # List of "part of URL" not autho "redacted"] set cookie_name "ua_lbdev_node_forced" } when HTTP_REQUEST { # Get node number from URL ending in /?node1, /?node2, etc. set node_forced [findstr…
-
Redirect HTTP based on client browser
Posted by patricko0317 I have a need for an Aflex script. I need it to redirect the browser to a different page based on the browser the client is using. If it is IE 9, I need it redirected. Will the following script accomplish this? Also, can I add this to the script you gave me for logging? when HTTP_REQUEST { if {…
-
Finding hostname.tld in FQDN
Posted by mischa This will find the hostname + tld from the FQDN. Basically removing "www." from the average request. www.a10networks.com becomes a10networks.com Code:…
-
Getting around Data Groups
Posted by mischa IHAC that is looking to replace their current LBs with A10 and they are using Data Groups. Code: class exampleClass {"string1""string2""string3"}rule exampleRule {when HTTP_REQUEST {if {[matchclass [HTTP::uri] contains exampleClass]}{log local0. "Using uri-match pool - [HTTP::uri]"pool pool-uri-match} else…
-
Persistence aFlex based on UIE from real server
Posted by aanchev This script was written for a home grown web application that sets a UIE when a client establishes a connection to the server. If a client has no UIE, it is load balanced normally. If the client has a UIE, the script provides stickiness to the server the client received it from. when HTTP_REQUEST { set…