-
Deploy HA pair with two separate gateway
I have a HA pair AX, I want to load balance for Farm servers and DMZ servers (one AX primary for Farm, standby for DMZ, the other one primary for DMZ and standby for Farm). The problem is, there's two different gateway for server in Farm and server in DMZ in this case, no VRRP in gateway router because they work…
-
Switching Service Group based on VLAN Tag
What's the best way to create an aFleX that directs users coming in on a specific VLAN to a specific service group? For example, VLAN 2 would direct to service group SG2 and VLAN 3 would direct to service group SG3, and so on. There could be quite a number of VLAN to service group matches, so the most efficient aFleX…
-
Cookie Security (HTTPOnly-/Secure-Flag)
Hi, It would be nice if it is possible to set this for the cookies (Cookie Persistence). Will this feature be available in one of the next releases? RFC 6265 (Chapter: 4.1.2.6. The HttpOnly Attribute) Regards
-
HA active-active
Hi, I have two AX3000, I want to have an HA active-active deployment. Is this possible in Large Scale NAT implementation? If that so, can you give me some example configuration. Thanks, Dannel
-
Health Monitoring
Posted by herve.schlecht@rbs.fr In EX configuration, how can I define a Monitoring check in which I check 2 IP address through ping. If one of the IP doesn't answer I need to disable th elink. BRgds
-
SNMP Monitoring
Posted by twolfe94022 We bought a pair of AX3000's they are in production running great! The problem we have is monitoring them. Aside from basic interface up and down that is all we can see. I was given the Cacti template and it seemed to connect to the box, but the graphs never update. I would like to be able to see…
-
Connection Reuse
Posted by twolfe94022 We just purchased a pair of 5200-11's to replace a set of 3000's. Within 24hrs the box was at 96%. Our Linux team enabled keep-alives which brought it down to 20% but now their boxes are loaded up. The default setting for the template is 1000/40minutes. The 40 min trigger seems long. I would like to…
-
Health Monitor - SASP, SOAP, WMI and RPC
Posted by danguijun Good day guys, Is there a way to create separate Health monitors through aFleX to monitor the following protocols on real servers? - SASP (Server/Application State Protocol); - SOAP (Simple Object Access Protocol); - WMI (Windows Management Instrumentation); - RPC (Remote Procedure Call) I don't have a…
-
URL Switching / Stripping with aFleX and Switch
Posted by mischa Code:…
-
Running Axdebug in a partition
Posted by pwidman When running Axdebug inside a partition you will only see traffic inside the partition where you are executing the command. Is this a fact? My testing shows it is but want to ensure that is the case.
-
log message Question
Posted by Han Hi. Custmer using the ADP. In all the private partition have the same log message. Oct 31 2011 15:36:00 Info [L3]:imish: trying to reconnet to imish : login VR Oct 31 2011 15:36:00 Error [L3]:(2986) login virtual-router VR1 Failed [timeout]: login virtual-router VR1 ^ Invalid input detected at '^' marker.…
-
AX working with VMWare 'View'
Posted by LynnS A customer asked if we can work with their VMWARE 'View' product. I've not had any time yet to research this, but I wanted to ask if anyone has any idea what this product is/does and if the AX is compatible with it in any way. This came up in a conversation about VMWARE VCenter working with our axAPI.…
-
url or host switching based on source-ip
Posted by pwidman I have a customer who's commercial requirement is to ensure only specific networks (clients) access a host or URL. Today they are using an IRULE with a class-list to call out the networks that should be matched for a particular host. An example IRULE of what they have is pasted below when HTTP_REQUEST {…
-
exchange 2010 aflex
Posted by brunov I would like to use a single virtual ip address for exchange access and still be able to use cookie persistence for owa and ews, rewrite the owa uri, and be able to split my services later by sending them to different service groups. Do you see any issues with the following aflex? Code: when HTTP_REQUEST…
-
ACL based on L2 or L3 headers
Posted by danguijun Good day Folks, Is there a way to create an aFleX to behave like an ACL on AX to permit/ drop / pool traffic based on the following parameters? - Source MAC address - Destination MAC address - Protocol type (e.g. TCP, GRE, etc.) The latter (protocol) i found it on aFleX manual that we could use it as a…
-
Setting the port threshold for LACP trunks
Posted by pwidman Is there such a thing? I do not see it in the administrative guide for 2.6.1. I do see it for static trunks. If you do not recall what port threshold means: By default, a trunk’s status remains UP so long as at least one of its member ports is up. You can change the ports threshold of a trunk to 2-8…
-
Node Failover
Posted by jgreen How do I configure the lb for a server failover instead of load balancing? i.e. - traffic keeps being delivered to one primary server unless it is down (then delivers to the backup server) and redelivers to the primary server once it is back online.
-
Need assistance in creating a healthcheck
Posted by pwidman I have a customer who is looking to enable a healthcheck which does the following host:7287/widmansworld-ping while using a client generated ssl certificate with PKCS12 (.p12) and a password provided for authentication. Expected response: Text containing widmansworld=running All of this can be…
-
How to limit DHCP Discover
Posted by kiriro Hi I'd like to limit frequent dhcp discover from a specific client PC's mac in thermal runaway. This dhcp client send huge DHCP discover. I tried to apply "DHCP discover packet" to following rule, It's famous irule sample used as traditional ddos protection, and I changed $srcip to $mac, for this reason, I…
-
Token-based Persistence and SCCP inspection
Posted by danguijun Good day Folks, I would need please help to validate/ confirm the following: - Can we somehow do token-based session persistence through aFleX or natively? - If required, can we inspect through aFleX a SCCP header field in order to use it as a load balancing decision? Thanks in advance,
-
VRRP and session synchronization
Posted by pwidman I have a customer who is implementing VCS along with VRRP this weekend and would like to use a dedicated port or trunk for session synchronization. After reading the 2.6.1 configuration guide section for VRRP it is not clear to me if this is possible. I recall that it was possible but I do not recall the…
-
insert the client SSL certificate into a header
Posted by brunov How can I use aflex to capture the client ssl Certificate and insert in into an HTTP header. This can be used by the server to validate certain information about the client. Pre-requisite: • You must have 2.6.1-P2 ([X509::whole $session_data] is only available from that release forward) Code: when…
-
Persistance based on SIP Session ID
Posted by kmcewen@a10networks.com I have a potential customer that requires to achive IP Source (port based) pesrsistance based on the SIP Session ID. I.e that the client will persist if the connection is from the same session.
-
DNS TTL priority: Zone or Policy or Other?
Posted by kirbini Hello, We've a customer who is asking for a TTL increase on many of their GLSB zones. One of our engineers changed it in the GLSB policy for that client but nothing changed. I changed the TTL for one of the zones and that seemed to work. I should mention that the AX1000 is the DNS server, not a proxy.…
-
GSLB DNS response when all service IPs are down?
Posted by kirbini How should the non-proxy DNS respond in a GSLB config when all service IPs fail their heath checks? I have two service IPs in a GLSB zone config. Both servers show down in the service-ip status page but I still get a valid DNS response containing at least one of the external IPs when I query the load…
-
aFleX to drop persistent connections
Posted by TODDH I needed to drop persistent connections immediately when a health check fails. I used the below aFleX to check the status of the node and if it is anything other than "up" the connection is reset. Thanks, -Todd- when CLIENT_ACCEPTED { } when CLIENT_DATA { if {$s_ip equals "10.12.12.230"} { # Check if server…
-
aFleX Policy to Redirect a Specific SNMP OID
Posted by bmeckley I am looking for an aFleX example that can redirect an SNMP OID of ".1.3.6.1.9.9.41.2.0.1" to a specific server. This particular OID will contain syslog messages that will be sent to a Syslog server. All other SNMP traps will be directed to specific SNMP servers using a PBSLB policy. Thank-you
-
VMWare working with A10 for Dynamic Provisioning
Posted by wfigueiredo Hi Everyone, Im looking for help for Dynamic Provisioning. I´ve followed all steps in A10 documentation, but without success. My vSphere and vCenter are later than 4.0 and the documentation refers 2.5 vCenter version. Can anyone help me with this? Thanks
-
Using lsearch with host list
Posted by jay Hi, Would like a secondary/tertiary eyes on the following aFlex regarding using lsearch to find a match in a host list: Code:…
-
Send reset on server select fail
Posted by jmaddox At what point is the reset sent to the client? Would this be during a persistent existing connection where a server is marked down and the next packet from the client is reset by ax at that time? or, is this only so narrow as to the initial lb selection of server? ex: tcp vip, client sends syn, ax opens…