-
Max number of GSLB zones on AX1000
Posted by kirbini We have a client who would like to globally load balance more than 500 different domains. Is there a maximum number of GSLB zones that the AX1000 can handle? On a related note, does anyone have any advice on easily importing and/or consolidating 500 GSLB setups? Does GSLB have any wildcard options like…
-
RAM cache and prefetch
Posted by jmaddox What is AX behavior in the case of expired object in RAM cache? Does AX proactivley request object from server? Or doe it wait for the next request for that object? There are pros and cons to each behavior.
-
Apache Killer DDoS attack blocked by AX!!!
Posted by ddesmidt A recent Apache vulnerability has been found using the "HTTP Range" option. www.hacklabs.com/home/2011/8/24/research...partial-content.html This one can be easily prevented with your A10 Possible protection: AX could simply drop all requests with a "Range header". But the requests with a "Range header"…
-
HA interface synchronization
Posted by jmaddox According to the Configuration guide, items that are not backed up are vlans and trunks, "interface settings". does interface settings = speed/duplex or ip configuration, or both do interfaces in this context = also VEs or just physical interfaces? If i configure a VE on a standby unit, but do not have…
-
promiscuous vip settings physical vs VE
Posted by jmaddox What is the difference in setting promiscuous vip on a physical interface and a VE? are both required in the case that you have a VE? what are the ramifications of only setting it on VE? on physical and not VE?
-
aVCS and floating IP'S
Posted by kmcewen@a10networks.com Can some one please explain the traffic flow through the VCS. I am working on an op where I cannot use SNAT and therefore reliying on the floating IP which is the default gateway for the servers. How do we ensure that the traffic flows back via the incomming blade? Ta Ken
-
ELECTION HASH
Posted by ivanm@a10networks.com Hi guys, We can do a similar aFlex? # MD5 calculation of Server + HOST + URI # Rule selects Server that scores highest # # S = Current high score # N = Node being evaluated # W = Winning node # # Set "myPool" to your pool name. # when HTTP_REQUEST { set S "" set myPool pool_name foreach N…
-
App switching and cookie persistency
Posted by jmaddox question from a customer. Aflex is likely not needed here: The domain is www.domain.com<http://www.domain.com> with a URI of www.domain.com/sf<http://www.domain/sf>, www.in-drive.com/sf-register<http://w...com/sf-register>, etc... I have 2 Service Groups: Service Group 1: Windows Server 1 Windows Server 2…
-
Filter DNS requests using Aflex
Posted by brunov I have the following aflex that will allow you to filter the DNS requests by hostname, and limit what will be load balanced to your DNS servers. Code:…
-
Default Path in Exchange 2010 (Shared VIP)
Posted by kmcewen@a10networks.com In the deploymant guide we say that we can not insert the /owa if it has been missed when using a shared vip for exchange services. As this was a requirement by a customer I have developped the following that worked with a bit of help (thanks all) when HTTP_REQUEST { if {[HTTP::uri] equals…
-
disable chunking client side?
Posted by jmaddox HTTP::version "1.0" should turn off chunking on the server. Is there a way to turn off http chunking for the client side connection?
-
unknown command "elseif"
Posted by jmaddox What is the correct syntax to prevent the error indicating that "elseif" is unknown command? when RULE_INIT { # List of "part of URL" not autho "redacted"] set cookie_name "ua_lbdev_node_forced" } when HTTP_REQUEST { # Get node number from URL ending in /?node1, /?node2, etc. set node_forced [findstr…
-
Redirect HTTP based on client browser
Posted by patricko0317 I have a need for an Aflex script. I need it to redirect the browser to a different page based on the browser the client is using. If it is IE 9, I need it redirected. Will the following script accomplish this? Also, can I add this to the script you gave me for logging? when HTTP_REQUEST { if {…
-
Finding hostname.tld in FQDN
Posted by mischa This will find the hostname + tld from the FQDN. Basically removing "www." from the average request. www.a10networks.com becomes a10networks.com Code:…
-
Getting around Data Groups
Posted by mischa IHAC that is looking to replace their current LBs with A10 and they are using Data Groups. Code: class exampleClass {"string1""string2""string3"}rule exampleRule {when HTTP_REQUEST {if {[matchclass [HTTP::uri] contains exampleClass]}{log local0. "Using uri-match pool - [HTTP::uri]"pool pool-uri-match} else…
-
Persistence aFlex based on UIE from real server
Posted by aanchev This script was written for a home grown web application that sets a UIE when a client establishes a connection to the server. If a client has no UIE, it is load balanced normally. If the client has a UIE, the script provides stickiness to the server the client received it from. when HTTP_REQUEST { set…
-
Health monitor timing
Posted by shakedown1979 Background: I have several Apache hosts (~60) on a single instance -- all of which need basic http/https monitors. I have matched the interval/retry/timeout values close to what our previous load balancers used. Here is an example of one of the new monitors: health monitor M-HTTP interval 10 retry 1…
-
Custom Roles and Radius
Posted by jgreen When using preconfigured roles in radius, a vendor assigned attribute of 2, and a decimal value of 1-12 it works; however, when I create a custom role what value should be used for the attribute format and value?
-
RAM Cache Security
Posted by patricko0317 A question has arisen as to the security of the RAM Cache. Some of the objects we are caching containg personal, private information. We need to make sure that the RAM Cache is secure and that this data cannot be accessed inadvertently or maliciously.
-
The Official World IPv6 Day Thread
Posted by pnicholcon Any thoughts, observations or comments on World IPv6 Day? We'd love to hear them. Post away.
-
aFlex to Selectively Insert /owa for Exchange 2010
Posted by kberton A10's Deployment Guide for Exchange 2010 provides the following aflex script to insert /owa into the path of any request where it doesn't already exist. However, this seems to break the Exchange Control Panel (ECP) which is accessed under /ecp. Any advice on editing this script to accommodate requests to…
-
aFlex to Change URI Case in a certain location
Posted by TODDH We have a very simple aflex that we currently us to convert the entire uri to lower case: when HTTP_REQUEST { HTTP::uri [string tolower [HTTP::uri] ] } We need to modify that aflex so that it only executes the “tolower” to a portion of the uri. The portion of the uri that we need to convert to lower case is…
-
ICMP6 Type 2 (packet too big) messages ignored?
Posted by kirbini I've been told, and and am trying to confirm (here and through testing) that the AX series (all of them) do not honor IPv6 ICMP Type 2 messages. These messages indicate that fragmentation is needed but when we use the AX1000 as an IPv6 VIP in front of an IPv4 server group the AX does not properly fragment…
-
How to respond with a 301 permanent redirect?
Posted by TODDH Guys, Do we have any way of responding with a 301 (permanent redirect)? I need a way to inform the search engines that my customers location is permanently moved. Thanks, -Todd-
-
xAPI getstatus- PHP
Posted by JackofallTrades Below is a sample of code for accessing the xAPI via PHP. I am using xPath and pear HTTP/REQUEST2. I am not a coder so ignore my slop. First I define the login information and the xAPI path. The code snippet is ax_main.php Code: <?php//pear install HTTP_Request2require 'HTTP/Request2.php';//define…
-
Persistence Across VIPs
Posted by jpearcy I have persistence working with no issue one most of our VIPs. The problem we are running into right now is that one of our apps makes calls between two VIPs. We need to keep persistence between those two VIPs. The kicker here is we are already using an aflex script on one of the VIPs SSL port so we have…
-
How to use " in my output?
Posted by tcp-me Sorry for the newbie questions, but how do I print “ in my output? For example when LB_FAILED { HTTP::respond 200 content "<html><head><title>Apology Page</title></head><body>We are sorry, but the site you are looking for is temporarily out of service<br></body></html>" But if I put in a link, it requires…
-
Switch sites to insert cookie
Posted by tcp-me I'm wondering if anyone has a good idea on how to do this. My company's site is say... abc.com My customers who use our service get customer1.abc.com. We've been inserting our cookie for abc.com to track usage and session. Now my customers want survey.customer1.com to be the domain, but they'll resolve the…
-
Server selection based on URI
Posted by ddesmidt One of our customers had a special request and I want to share it with you so you can enjoy our solution if you have similar needs They have 20 servers named S1 to S20. In the URL they give to their customers, each unique URL has to go to a specific server. Example: www.xyz.com/work/S2/etc/index.html.…
-
Adding "HttpOnly" to Cookie
Posted by mischa If you need to add "HttpOnly" to a cookie: Code: when HTTP_RESPONSE {if { [HTTP::header exists "Set-Cookie"] } {set cookie_value [HTTP::cookie "TestCookie"]HTTP::cookie remove "TestCookie"HTTP::header insert "Set-Cookie" "TestCookie=$cookie_value; HttpOnly"}} I found that this works very well.
