-
Logging traffic flows in syslog
Posted by mike_larue@agilent.com We are looking for a way to log traffic flows in syslog so that we can get a clear picture of the client IP/VIP and SNAT/Server IP binding. We woudl like to see: timestamp; client IP; VIP; SNAT IP; Real Server for each flow that is created. Do you have the aFlex code available for this?…
-
prevent Src IP Persistence to sorry server
Posted by kberton Attempting to create an aFlex that will set Src IP Persistence for all servers in a service group *except* for one server which is being used as a sorry server. I am setting priorities in the service group for each service and default behavior of AX is to apply the same persistence template to all member…
-
Select group based on AX system date
Posted by kyang A customer wanted his AX to direct the traffic by AX system time. Example: direct the traffic by AX date number,if the number is even then direct the traffic to sg-even,else to sg-odd. Here is how: Code: ------------------------------------- when CLIENT_ACCEPTED { set curdate [TIME::clock seconds] set…
-
Skipping Large Content Size for HTTP Collect?
Posted by TODDH How would I add an if / else to check for HTTP content-length and only perform collect when the size is smaller than 1MB / 1.2MB? when HTTP_RESPONSE { HTTP::collect } when HTTP_RESPONSE_DATA { set clen [HTTP::payload length] regsub -all "elm" [HTTP::payload] "elm" secureurls HTTP::payload replace 0 $clen…
-
Template settings, chasing the enabled value..
Posted by SvenA Hi, I am somewhat lost in the server/server port template wilderness. Any guidance would be greatly appreciated. I am trying to figure out which setting overrides the other on a server / server port. Let's try a simple example: I have a pool of servers all serving content on server port 80. I am controlling…
-
TCP Buffering
Posted by jmaddox Is there a way to customize tcp buffering parameters in AX?
-
cookie persistence for PCI audit
Posted by brunov To successfully pass a PCI compliancy test, one of my clients moved from cookie persistency to aFleX persist uie persistence. The cookie persisten uses the same cookie value for each server. The below aflex creates a random 10 character string for each user. Code:…
-
The question about the DDoS Protection
Posted by fitwate How to use the parameters(Out-of-sequence packet), Please explain the "Out-of-sequence packet",Thanks. If we open the DDoS Protection in the Global ,How to view the results after the opening DDoS Protection ? For example, if the AX2200 to prevent some of the ddos attack, how we view those elements…
-
AX CPU Number of issues
Posted by fitwate ============= Version Info ================= AX Series Advanced Traffic Manager AX2100 Copyright 2007-2010 by A10 Networks, Inc. All A10 Networks products are protected by one or more of the following US patents and patents pending: 7716378, 7675854, 7647635, 7552126, 20090049537, 20080229418,…
-
GSLB and HA
Posted by kirbini Hi, All. I have 2 working HA pairs (active/standby) of AX1000. Each pair is in a different datacenter and we would like to add GSLB between datacenters. A couple of questions come up and I was wondering if the voice of experience may be lurking about. First, are there any gotchas to watch out for when…
-
Tab in log statement using aFlex
Posted by brunov When creating a log statement using aflex, is there a way to add a <tab> so that the log could be tab separated? See example: Time: 10:31:21 <tab> ip: 192.168.1.1 <tab> request: www.example.com/index.html <tab> query: ?uejdmski89e7ks sorry, this interface does not accept white space, so see <tab> as an…
-
Change ssh AX default port 22 to another
Posted by fitwate My customer want to change ssh default port 22 to another (65534). Please advise to solve this problem Thank you very much
-
Select group based on TCP contents
Posted by a10jliu User Scenario: Need to use one VIP (same IP) for different applications. All applications run on smart phones which has its own client; choose different service group based on the the first 2 TCP Payload bytes. Code: when CLIENT_ACCEPTED { TCP::collect 2 } when CLIENT_DATA { if { [TCP::payload 2] equals…
-
aFleX for Exchange Server
Posted by a10jliu Came from a real-world deployment: Customer using Exchanger servers and need this: 1: http redirect to https: //x/owa when user tries to connect the host with no uri 2: certain directories are open to all, since these are push-mail related and user might access from Internet 3: all other directories are…
-
Manage multiple interal servers by one public IP
Posted by a10jliu One of my customers has hundred of internal servers which need to map to one public VIP, using different port to manage. We came up with this idea to use aFlex to map different servers and ports systematically : But remember the node used in aFleX still must be defined by slb server and include in a…
-
Separating HTTP from non-HTTP content on port 80
Posted by tcp-me Can an aFlex switch HTTP content to my cache servers and non-HTTP content over the same port directly out to my firewall? My cache servers throw up a lot of error messages when non-HTTP content (such as P2P or Video) runes through it. Since it can't cache it, it would be great if the AX can switch it for…
-
Is it possible to call a subroutine to share
Posted by TODDH I have a customer that is looking to have a include function in an aFlex. Most of this can be accomplished by allowing multiple aFlexes bound to the same VIP as in 2.6, but do we have any plans to support calling common code as in the customers examples below? Thanks! -Todd- ** Aflex #1 test-aflex ** -…
-
Log all HTTP headers
Posted by tcp-me I was working with someone today that needed their AX to log all HTTP request headers for security auditing purposes. They have their company employees using the AX as the gateway to get out to the Internet. Their IT staff wanted the AX to capture all HTTP request headers including any cookies being sent…
-
gateway in the nat pool
Posted by fitwate When the gateway will use nat pool? I have a question, ip nat pool ys 192.168.0.10 192.168.0.10 netmask 255.255.255.0 gateway ? When this parameter will be used gateway ? Thanks,I guess you will follow me
-
Cookie Persistency & URL Switching
Posted by mischa Is there a way that we can do cookie persistency & url switching at the same time? A customer would like to be able to provide persistency while at the same time have all the static content on a separate service-group.
-
Replace Host Header based on server selection
Posted by kberton I have a web app that's picky about the host HTTP header that it receives. The backend servers expect the web clients to hit the backend server hostname directly, so when servers reach it through the hostname assigned to the load balancer, the app gets confused. Is there any way via aFlex that I can a)…
-
aFlex to rewrite an IIS respose
Posted by TODDH Hi aFlex Wizards. I have a quick question. When using port translation (80 - 8080) standard port 80 on the frontend to a non-standard port on the backend. IIS responds with a redirect with the port# as part of the redirect which is past through to the client. this ends up as a dead link on the frontend. Is…
-
tcp payload lb and persistence for diameter
Posted by jmaddox i need an aflex that will select new server for new "session-id" and persist on session id. session id is in tcp payload. client to vip tcp connection will be long lived and multiple session-ids will be sent over same. attached is a sample wireshark capture from the wireshark forums. packet 21 is of…
-
Sorry page when all servers are down
Posted by ddesmidt I received an interesting request today. A customer wanted his AX to reply itself a sorry page when all the servers behind the VIP are down => users requests are not dropped but they receive a "sorry" web page. Here is the aFleX I shared with him: Code: when HTTP_REQUEST {# log "LB::status = [LB::status…
-
aflex for individual server cookie persist
Posted by jmaddox Do we have an aflex where individual load balanced servers could each have a unique cookie and persistence is achieved by observing that cookie, as opposed to inserting one at the load balancer level?
-
Using aFleX when service group is down
Posted by mischa A very quick way of reselecting a different service group when the primary fails. Code: when LB_FAILED {pool sg-http-backup}
-
Juniper DX (Redline Apprue) - AX aFleX conversion
Posted by ddesmidt HTTP and HTTPS web applications were front ended by Juniper DXs (acquisition of Redline Networks). In addition to load balancing, the Juniper DX was removing SSL to talk to the servers via http. To transparently remove SSL for their application, the Juniper DX utilized Apprules to rewrite some elements…
-
Basic HTTP Switching aFlex
Posted by kberton What follows is a basic aFlex that will switch HTTP requests based on three different criteria -- User-Agent, URI and Host -- to the desired Service Group. when HTTP_REQUEST { if { [HTTP::header "User-Agent"] contains "Auto Installer"} { pool sg_Auto_Installer } if { [HTTP::uri] starts_with "/en" } { pool…
-
aflex for post data load balancing and persistence
Posted by jmaddox Do we have a generic aflex somewhere that does the following? Look inside a POST for user=xxxxxxx, and load balance/persist based on name=value?
-
Aflex for PeopleSoft application
Posted by ssacchi Peoplesoft uses some special cookies / javascripts to enable session / log-in tracking. And, it appears that, those only work under secure back-end AND secure-front end. So, basically, configuring client-ssl and server-ssl with some cookie name replacement, cookie value replacement, cookie domain…