-
aXAPI: slb.template.client_ssl.create
Hey all, I was wondering if someone could lend a hand in regards to how to properly put together a request using python over aXAPI using the slb.template.client_ssl.create method. I was trying to setup the parameters but I'm getting confused using the Url-encode options and how to properly set the array, I was doing the…
-
Draining for Maintenance
Any suggestions on the best way to drain all connections from a server so that you can perform maintenance? In a non emergency situation I'd like to let active connections continue to a server but not to allow new connections. In time that would mean that the server would no longer have any connections and the end users…
-
Health monitor Source IP addresses
Posted by jmaddox What IP is used as the source for health monitors? Are there instances where SNAT addresses are used? Examples: 1. interface or ve address but no snat involved, servers on same subnet as interface or ve address 2. same as #1 but servers a layer 3 hop away 3. Items #1 and #2, but with SNAT addresses…
-
ip nat range-list limitations in L3 partition
Hi, I have a deployment that requires the feature of range list in SLB to statically mapping of subnets. here's the scenario: I created two partitions in AX, and configure a range list in 1st parition "ip nat range-list 10.10.10.0 /24 192.168.0.0 /24 count 254. I also want to configure the same 10.10.10.0 /24 and map to…
-
axdebug shows 'Rerouting failure for forward traffic match"
While troubleshooting a new implementation with axdebug captures, I see dozens of messages pairs like this: @279485663 i( 3, 101, b4795)> ip 10.95.100.44 > 10.42.101.225 tcp 6310 > 443 PA 9b8c5dba:ee9455c7(37) @279485663 i( 3, 101, b4795)> Rerouting failure for forward traffic match And the page is 'waiting to load'. What…
-
.NET Library or XML Schema?
I remember seeing at one point in time a .NET library that was either available or being tested that would allow you to access the aXAPI interface using powershell or via compiled .NET application. I can't seem to find any reference to it on the site. If it was an idea at one point in time and scraped, is there are least…
-
Named virtual hosts like apache
Hello All, I am new to a10, my apologies if this is been answered elsewhere. I'd like to have one VIP that is public facing on eth2 interface and the eth1 is inside a private LAN with multiple iplanet web servers. On the dns side multiple fqdns are cnamed to the VIP. When a request comes to certain fqdn, I'd like to load…
-
TCS Smart LB to caches
Posted by mischa Code: when RULE_INIT {set :: CACHEURLS [list "youtube.com" "googlevideo.com" "google.com" "facebook.com" "google.de" "apple.com" "fbcdn.net" "clipfish.de" "googlesyndication.com" "337.com" "aol.com" "bigfishgames.com" "bigpoint.net" "bild.de" "chip.de" "doubleclick.net" "comput erbild.de" "dailymotion.com"…
-
LACP trunk failing in transparent mode
Hi all, I'm new to a10 stuff, and I'm trying to set up some new AX3200-12. I'm trying to set up the devices in transparent mode with a pair of data interfaces bonded to a cisco switch using LACP negotiation. I can set up the trunk interfaces fine, and the switch shows that the port-channel is build properly, but as soon as…
-
Admin and Partitions access
Hello, I'm kind of new to the A10. We have two AX2500 configured with 3 partitions and VRRP. I'm trying to acess via webgui using the default admin user that is a read write administrator. But when I try to acess any of the partitions to configure them I get this message: Error Ocurred: Current partition cannot be changed…
-
VIP is difference subnet with AX interface
Hi, We have scenario: Router->AX->Server, AX interface to upstream router (client-site router) is difference subnet with VIP (for example: AX's Interface 1 connect to client-site Router has IP address 192.168.1.1/29, but VIP ip address is 192.168.200.1) the Real Server subnet is 192.168.100.1 /24. I tried to ping from AX…
-
External monitor script
Hi, I would like to create a external monitor health check that use TCP 11277 and send the command: - "GET / ctrl_vip_acct_trrloader" The answer expect is: "VALUE ctrl_vip_acct_trrloader 0 27" How can I do this in TCL script? Tks Best regards, Alessandro
-
VCS and ve-stats enabled
Hello, is it possible to active "ve-stats enabled" in a VCS, so that is saved in the startup and running config? I tried it, but got this message in the logfile. Ve stats are counted on the vcs master, but not on the vcs blade. Vcs master and vrrp-a active are the same system at the moment.…
-
Anyone have luck with using database external monitors?
I'm attempting to setup a simple external monitor to check on a couple of Oracle instances. After using the example script provided in the documentation and tailoring it to my environment I've yet to get it to work correctly. Unfortunately, debugging a script on the AX is difficult it not impossible to do from that I've…
-
Collect different info from different Webmail clients
My goal is to log different information from Webmail clients than from ActiveSync clients. It seems the most obvious way to distinguish the two clients is from the HTTP::URI. So I've written the following script, which sadly has an error somewhere in it; line 19 according to the A10. when HTTP_REQUEST { if { [HTTP::method]…
-
URL Hash Persistence synced to standby HA node?
Hi, We recently implemented URL Hash Persistence on a rather large Varnish cache server farm on an AX3000 cluster running 2.4.3-p7. Everything looks fine, and the cache hit-ratio on the cache-servers increased significantly. But I wonder if the url hash persistence is synchronized to the standby node in the cluster? I…
-
Create functional wildcard port VIP?
I'm trying to set up a virtual server such that, when it receives traffic for a port on the VIP that does not match any other VIP, it a) processes the traffic, and b) preserves the original client destination port when relaying the request to the backend servers. It looks like I want a wildcard VIP, but I couldn't get…
-
Persistence for http host url
Hello, I am new on the aFlex world, I have created a few rules myselft, but I might need some help on this next rule... basically what I want is to force persistence when visiting a particular site, for example s1.domain.com I want it to go to the same back end where it last was, so I think the aflex rule would look like…
-
LAN can not access to Internet
Hi all, I am new here. I just deploy AX with WAN and LAN Interface. And I already make a default route and make a SLB, it is running when access the VIP with HTTP service. But users on LAN can not access to the Internet. Please can help how is it? (Prefer by GUI). Thanks.
-
Geolocated redirect aFlex
Hi team, Just a quick message to advertise about a specific aFlex adaptation I had to do. The actual iR**le is defined as following: when HTTP_REQUEST { set url [string tolower [HTTP::host]] if {$url ne "es.sites.xxx.com"} { switch [whereis [IP::client_addr] country] { ES { HTTP::redirect http://es.xxx.com } IT {…
-
Conditional SNAT
I'd like to SNAT only one subnet of source IP addresses and have the remaining (0.0.0.0) IP addresses SLB as normal. Using an ACL I can nat to different pools however I have not found a combination or pool that will SNAT one network and SLB the rest of the traffic. Ideas - pointers? clients ---- AX ---- servers All clients…
-
Allow a connection based on source IP to a URI
How would I allow a connection based on source IP (or serveral source IPs) to an URI? I know in the f5 I can just create data groups and do a class match, but I am not sure how to do it on the a10.
-
SNAT and GARP-s for all IPs in the SNAT pool?
Is this by design that G-arps are sent every 30 sec from ALL IP:s in an SNAT pool from the vrrp-a master? even if the IPs are not even used?! /Christian
-
Upgrade from 2.6.1-P4 to GR1
Have aVCS. reading the AX_Series_2_6_1-GR1_RelNote-120311.pdf Page 119. Step 1 - Backup - check Step 2 - Copy off the ax device - check Step 3 - disable VCS on the blade (NOT the master) - check Step 4 - going into one partition called "Internal" changing vrrp-a vrid default to priority 150 (the other ones has 100) - check…
-
HA -active -active -ditributed trunking (LACP) and VLAN tagging
Hi everybody I am trying to achieve the following: I want to connect a pair of AX1030 in an active active confiugration. They will be connected to a pair of swithes running distributed trunking. That allows me to create trunks as depicted in the diagram. For each load balancers the same color pairs are configured as trunks…
-
SO how would you do? SLB planning...
Have the need for loadbalancing several internal systems. Systems and Clients are on the same subnet. Right now, AX is also on the same subnet. Dont like the DSR concept. Firstly dont know how to make Appliances have VIP as localhost. Also dont like that only TCP works with DSR. want to go higher up in layers.. Http / SMTP…
-
insert www
I have an aflex that inserts www if they come in without it and redirects to https://. it works fine if they come in on http, but does not work if they use https. the aflex is bound to both the 443 and the 80. http://xyzsite.com (works) https://xyzsite.com (does not work) when HTTP_REQUEST { if {[HTTP::host] starts_with…
-
Smart Flow Control limits
One of the settings on a Connection Reuse template is "Smart Flow Control", which lets you queue packets when the per-server connection limit is reached (otherwise packets that would exceed the limit are dropped). The queue depth is configurable, but then, if the queue is full, packets are dropped. I realize that if you…
-
Setting a Cookie with Secure and HTTPOnly
Posted by TODDH We are in the process of going through some compliance audits, and the cookies that the load balancers use to return packets to specific servers can contain the “secure” attribute but we don’t have a way to include the “httponly” attribute. Is there a way with an aFlex to set both? Thanks, -Todd-
-
cookie encryption
I am working on an aflex to encrypt the value of a cookie when sending it to the client, and decrypting it when sending it to the server. Is there a way to improve the b64encode security. IOW, how do I get better encryption of the cookie. Here is what I have so far: when HTTP_RESPONSE {set decrypted [HTTP::cookie…