F5 Config Migration Check and Help Needed

Product Discussions ADC - Application Delivery
1

I got a orphan F5 require migration where encounter intermittent on services, the weird part is we are unsure of the services method;

As from F5 we see the following which is unsure what it used for an require assistant to understand; - Listerner 10.160.1.42 → What the used of this Listerner? - Default route used Router Pool → How can we achieve this in A10?

  • VS_Router any - Vlan Internal → How can we achieve this in A10, using ACL? - LB Router_Pool - Persistent Source Addr

  • vs_Wildcard - Vlan ex 1 / ex 2 → How can we achieve this in A10, using ACL? - mem Internal - persisten source addr

We see the configuration on LTM Module as follow;

===== Base 01 ===== mgmt 192.168.1.245 { netmask 255.255.255.0 } vlan internal { tag 4094 failsafe enable timeout 10 failsafe failover interfaces 1.1 } vlan external2 { tag 4092 interfaces 1.3 } vlan external1 { tag 4093 interfaces 1.2 } stp instance 0 { vlan external1 vlan external2 vlan internal interface 1.1 external path cost 20000 internal path cost 20000 interface 1.2 external path cost 20000 internal path cost 20000 interface 1.3 external path cost 20000 internal path cost 20000 } self allow { default udp domain proto ospf tcp https udp efs tcp 4353 tcp snmp udp snmp tcp ssh tcp domain udp 4353 } self 10.160.1.33 { netmask 255.255.255.240 vlan internal allow all } self 10.160.1.8 { netmask 255.255.255.240 vlan external1 allow all } self 10.160.1.26 { netmask 255.255.255.240 vlan external2 allow all }

===== Base 02 ===== self 10.160.1.9 { netmask 255.255.255.240 unit 1 floating enable vlan external1 allow all } self 10.160.1.42 { netmask 255.255.255.240 unit 1 floating enable vlan internal allow all } self 10.160.1.25 { netmask 255.255.255.240 unit 1 floating enable vlan external2 allow all } route default inet { pool Router_Pool } profile fastL4 fastL4 { reset on timeout enable reassemble fragments disable idle timeout 3600 tcp handshake timeout 360 tcp close timeout 360 mss override 0 pva acceleration full tcp timestamp preserve tcp wscale preserve tcp generate isn disable tcp strip sack disable ip tos to client pass ip tos to server pass link qos to client pass link qos to server pass rtt from client disable rtt from server disable loose initiation disable loose close disable } node 10.160.1.2 { monitor gateway_icmp } node 10.160.1.4 { monitor gateway_icmp } node 10.160.1.5 { monitor gateway_icmp } node 10.160.1.17 { monitor gateway_icmp } node 10.160.1.37 { monitor gateway_icmp } node 10.160.1.1 { monitor gateway_icmp } node 10.160.1.18 { down session disable monitor gateway_icmp } node 10.160.1.20 { monitor gateway_icmp } node 10.160.1.21 { down session disable monitor gateway_icmp } node 10.160.1.35 { } node 10.160.1.36 { } pool Internal { monitor all gateway_icmp member 10.160.1.37:any } pool Router_Pool { monitor all gateway_icmp member 10.160.1.1:any member 10.160.1.2:any member 10.160.1.3:any member 10.160.1.4:any member 10.160.1.5:any member 10.160.1.17:any member 10.160.1.20:any } virtual address 10.160.1.40 { } virtual address 1.1.1.1 { } virtual address 10.2.10.250 { } virtual address any { } virtual VS_Router { destination any:any persist source_addr pool Router_Pool vlans internal enable } virtual vs_10_160_1_42_53_gtm { destination 10.160.1.42:domain ip protocol udp translate address disable translate service disable profile dns udp_gtm_dns } virtual vs_Wildcard { destination any:any persist source_addr pool Internal vlans external1 external2 enable } virtual vs_Wildcard_FTP { destination any:ftp ip protocol tcp profile ftp tcp persist source_addr pool Internal vlans external1 external2 enable }

===== A10 ===== vlan 4091 tagged ethernet 2 router-interface ve 4091 name “External 1” ! vlan 4093 tagged ethernet 2 router-interface ve 4093 name “External 2” ! vlan 4094 tagged ethernet 1 router-interface ve 4094 name “Internal” ! access-list 101 permit ip any any log ! interface ve 4091 ip address 10.160.1.10 255.255.255.240 ! interface ve 4093 ip address 10.160.1.24 255.255.255.240 ! interface ve 4094 ip address 10.160.1.34 255.255.255.240 ! slb server RS_10.160.1.1 10.160.1.1 health-check ping port 0 tcp no health-check port 0 udp no health-check ! slb server RS_10.160.1.2 10.160.1.2 health-check ping port 0 tcp no health-check port 0 udp no health-check ! slb server RS_10.160.1.4 10.160.1.4 health-check ping port 0 tcp no health-check port 0 udp no health-check ! slb server RS_10.160.1.5 10.160.1.5 health-check ping port 0 tcp no health-check port 0 udp no health-check ! slb server RS_10.160.1.17 10.160.1.17 health-check ping port 0 tcp no health-check port 0 udp no health-check ! slb server RS_10.160.1.37 10.160.1.37 health-check ping port 0 tcp no health-check port 0 udp no health-check ! slb server RS_10.160.1.18 10.160.1.18 disable health-check ping ! slb server RS_10.160.1.20 10.160.1.20 health-check ping port 0 tcp no health-check port 0 udp no health-check ! slb server RS_10.160.1.21 10.160.1.21 disable health-check ping ! slb server RS_10.160.1.35 10.160.1.35 ! slb server RS_10.160.1.36 10.160.1.36 ! slb server RS_10.160.1.3 10.160.1.3 health-check ping port 0 tcp no health-check port 0 udp no health-check ! slb service-group Internal tcp health-check ping member RS_10.160.1.37:0 ! slb service-group Router_Pool_tcp tcp member RS_10.160.1.1:0 member RS_10.160.1.2:0 member RS_10.160.1.4:0 member RS_10.160.1.5:0 member RS_10.160.1.17:0 member RS_10.160.1.20:0 member RS_10.160.1.3:0 ! slb service-group Router_Pool_udp udp member RS_10.160.1.1:0 member RS_10.160.1.2:0 member RS_10.160.1.3:0 member RS_10.160.1.4:0 member RS_10.160.1.5:0 member RS_10.160.1.17:0 member RS_10.160.1.20:0 ! ! slb template persist source-ip Source_Address match-type server incl-sport incl-dst-ip ! slb virtual-server VS_Router_VLAN_Internal 0.0.0.0 acl 101 port 0 tcp service-group Router_Pool_tcp use-rcv-hop-for-resp no-dest-nat template persist source-ip Source_Address port 0 udp service-group Router_Pool_udp use-rcv-hop-for-resp no-dest-nat template persist source-ip Source_Address port 0 others service-group Router_Pool_tcp use-rcv-hop-for-resp no-dest-nat template persist source-ip Source_Address slb virtual-server VS_Wildcard_VLAN_E1E2 0.0.0.0 acl 102 port 0 tcp service-group Internal use-rcv-hop-for-resp no-dest-nat template persist source-ip Source_Address port 0 udp service-group Internal_udp use-rcv-hop-for-resp no-dest-nat template persist source-ip Source_Address port 0 others service-group Internal use-rcv-hop-for-resp no-dest-nat template persist source-ip Source_Address

2

I am very sorry to hear that you are having problems with your F5. Just by reviewing the F5 configurations that you have posted, we can definitely cover every feature.

I would recommend that you contact your regional SE to discuss the details and I strongly suggest that if you are a customer to attend our Thunder/AX ADC training. Or if you are not a customer we can also offer A10 professional services expertise to translate your F5 configurations to A10 configuration.