Category: Application Delivery Controller
-
F5 Failover in AWS
F5 requires IMDSv1 in order to initiate failover between two F5 devices. IMDSv1 is susceptible to SSRF vulnerabilities as indicated in the AWS document. If IMDSv1 is disabled in AWS environment for security reasons, F5 failover will not be seamless and the F5 logs will have errors like this: err logger[15542]: /usr/libexec/aws/aws-failover-tgactive.sh (traffic-group-1): Instance sanity […]
-
Serial Number – Viprion Blades and Chassis
# clsh tmsh show sys hardware | grep ‘Host Board Serial’ The above command is run from bash shell on the F5 in order to identify the serial number of all the blades in an F5 Viprion device. # tmsh show sys hardware | grep ‘Chassis Serial’ The above command is run from bash shell […]
-
F5 – RST or ICMP Packet Rate
You can follow SOL13151 in order to increase the packets/sec value. However, I would caution against doing it or at least recommend keeping the value smaller. The default setting is in place to prevent the F5 from overwhelming its resources by sending out RST. This could potentially end up being a self-inflicted DoS. So, either don’t change […]
-
GTM Code Upgrade
These are a few quick checks as part of the GTM code upgrade maintenance that will be useful. As part of the maintenance preparatory work, check the license “service check date” as per K7727 Before starting the code upgrade and after the code upgrade, the following can be utilized to check the status of the […]
-
F5 GTM – DNS Query Processing Order
When a DNS query arrives at a F5 GTM/DNS, this is the processing order for the DNS query. 1 – DNS Query is processed by the Listener. 2- If Recursion Desired (RD) flag is set in the incoming query and if the DNS Profile associated with the Listener has “Process Recursion Desired” enabled, the following […]
-
F5 Logs
F5 logs are available under /var/log/ directory. If you are looking for LTM traffic related logs, look under /var/log/ltm If you are looking for GTM traffic related logs, look under /var/log/gtm GTM has been renamed as DNS from 12.x code version. The logs are rotated every 24 hours. There will be one ltm file that […]
-
Thoughts on F5 Deployment
This is a simplified check list for GTM & LTM deployment based on my experience. Don’t deploy GTM in HA pair in a single DC: GTM devices work in a synchronization group across geographic regions. If you deploy GTM-1 in DC-1 and GTM-2 in DC-2, these 2 GTM devices will serve as Active-Active HA Pair […]
-
F5 TMM Crash
We were using a DNS VS listening on port 53 but configured to handle TCP protocol as shown here: ltm virtual /Common/VS_DNS { destination /Common/10.10.10.10:53 ip-protocol tcp mask 255.255.255.255 pool /Common/pool_dns profiles { /Common/tcp { } } source 0.0.0.0/0 source-address-translation { pool /Common/SNAT-10.10.10.10 type snat } translate-address enabled translate-port enabled } An iRule was using […]