Issue Starting in BIG-IP 11.5.0, you can associate multiple SSL certificate/key pair types with a single SSL profile. This configuration allows the virtual server to accept SSL connections from clients supporting newer cryptographic algorithms (such as ECC), while continuing to accept connections from clients supporting traditional algorithms[1]. However, with this new feature you are cannot … Read more
In order to adjust the MSS of your traffic on a vRouter, also known as MSS clamping, a policy route is defined. Once the policy route is created it is then assigned to the outside interface. MSS Clamping is typically used for IPSEC based traffic to ensure that traffic does not exceed the MTU of … Read more
Within this article we will show you how to create an IPSEC site to site VPN from a Vyatta vRouter into the AWS cloud. Due to the nature of AWS VPNs, explained further on a tunnel based VPN will be created. The main difference with a route based VPN is that a tunnel interface (VTI) … Read more
Issues with Layer2 across DCs Ideally, data centers do not share fate. But extending L2 creates a common broadcast domain in 2 data center. Now, we are sharing fate Traffic patterns become sub-optimal Where does the default-gateway live? In the local DC? Or remote? Traffic to load balancer to pool member, but pool member lives … Read more
EtherChannel is a port link aggregation technology or port-channel architecture used primarily on Cisco switches. It allows grouping of several physical Ethernet links to create one logical Ethernet link for the purpose of providing fault-tolerance and high-speed links between switches, routers and servers[1]. All member ports within the bundle must have the same physical settings … Read more
Port Aggregation Protocol (PAgP) is a Cisco priority standard that allows multiple physical interfaces to be aggregated into one logical link. Each logical link can contain up-to 8 physical members. All member ports within the bundle must have the same physical settings such as port type, speed and duplex. Modes Within PAgP there are 2 modes … Read more
LACP (Link Aggregation Control Protocol) is an open standards protocol (IEEE802.3ad) that allows multiple physical interfaces to be aggregated into one logical link. Each logical link can contain up-to 8 physical members. All member ports within the bundle must have the same physical settings such as port type, speed and duplex. Modes Within LACP there … Read more
The VLAN database is used to store vlan data, such as the VLAN ID, name and MTU. The default location of the VLAN database is in the local vlan.dat file, this is stored in non-volatile memory. Modify VLANDB Location In order to change the location of where the VLAN information is stored the following command … Read more
Uni-Directional Link Detection detects links where either the transmit or receive path has failed. Used to monitor fibre-optic or twisted pair cabling for unidirectional links. UDLD used periodic hello packets and uses the concept of echos to ensure neighbors are receiving UDLD the UDLD hellos. Supports 2 modes of operations, Normal – Port is placed … Read more
Unlike CDP, LLDP is a, non Cisco propriety, discovery protocol. LLDP is disabled by default. Global R1(config)# lldp run Timer/Holdtime lldp timer 5 lldp holdtime 15 Show R1(config)# do show lldp neigh
Issue When remote authentication is configured it is not possible (out of the box) to configure local user accounts. Other then the default admin and root accounts provided. This is also stated within the TMOS Management Guide for BIG-IP Systems, which says: “Excluding the admin account, the entire set of standard user accounts that you … Read more
Now lets consider the following scenario. The client has multiple domains. Traffic is going to all domains on HTTP. However, these domains are under a single virtual server and each domain requires a separate health-check. In order to achieve this configuration port-aliasing is used. What is port-aliasing, you may ask ? Within the ADX various … Read more
In order to interact with the F5 via Python the best option available is bigsuds. This is a Python module that allows you to interact with the F5 API iControl via a set of Python classes. Typically you will normally find all the methods you need to interact with your F5 without issues. However, there … Read more
Introduction Within this article we will show you the steps needed to configure cookie persistence (insert) based on URI. i.e cookie persistence is only performed for a single URI. Cookie Insert When cookie insert persistence is configured the loadbalancer selects a server to the send the traffic to. The server id of the server is … Read more
If you want to perform any form of packet analysis/reporting there is, really, only one program to use. Yep you guessed it, Wireshark. However as Wireshark is a GUI based program, it raised the question, How do you build a packet analysis report via the commandline ? Within this article we will show you 2 … Read more
Problem You may observe both devices, within an F5 HA pair, going into a standby-standby when, VLAN Failsafe is enabled on a segment Route Domains are configured There is no server present on the given segment The F5 version is lower then 11.2.0 Reason The reason for this is based around bug id 388270 and also … Read more
Within this article we will look at a simple network design and the various caveats and considerations involved. Initial Design The initial design (shown below) is simple – a pair of network devices (in this instance Cisco ASAs) connected to a pair of Nexus 3k’s switches. Each firewall is connected to both switches via the … Read more
Issue When updating the parent profile on a client SSL profile the cert-key-chain settings are inherited from the new parent profile. Even though the cert-key-chain is explicitly configured within the child profile. Consider the following, You have a client SSL profile ‘CLIENTSSL’ with the cert, key and chain configured along with a parent profile set … Read more
What is AAM ? BIGIPs AAM (Application Acceleration Manager) is a set of modules used to optimize web traffic. The modules include : Web Optimization WAN Optimization Profiles – this includes profiles used to deploy various optimization techniques such as SPDY, HTTP compression, OneConnect etc. Bandwidth Controller Rate Shaping Core vs Full AAM comes in … Read more
The other day I was reading about the benefits and new features within HTTP 2.0. One of the key features to HTTP2.0 is the ability to interleave (i.e multiplex) multiple requests and responses across a single TCP connection. Resulting in Domain Sharding being considered counterproductive. However, based on how Domain Sharding and HTTP Pipelining can … Read more
