Posts tagged "f5"
F5 iRule Class Match Crash
Problem: F5 iRules with "class match" crash sometimes with this message: /Common/UA_DETECT - ambiguous option "-": must be -all, -index, -element, -name, or -value while executing "class match [string tolower [HTTP::header User-Agent]] contains UA_STRINGS" Discussion: the class match command has optional parameters,...
Configure F5 TLS (SSL) Cipher String
The list of TLS ciphers is changing quite rapidly, old ciphers are considered insecure, and new ciphers are added. When you configure a virtual server on an F5 you can add a TLS client profile, which means F5 is doing TLS to the client. I think this is a bit misleading because with "SSL client profile" you are actua...
Annoyances while updating F5
I had to upgrade several F5 load balancers from 11.5 to 12.1 in the last weeks. Usually updating F5 is quiet easy, but there are bugs or annoyances you should know: Sometimes F5 asks for re-activating after the first boot into the new version. It seems that you have to install the new version in a specific order to ...
F5 Drops WebSockets
Problem: F5 LTM is used als load balancer for multiple web servers. When the client opens a websocket connection to the web server, the connection is closed. Discussion: F5 LTM version before 11.6.0 has a bug in the request_log module (profile). The "request_log" module crashes and drops the connection. The bug is a...
F5 sending packets to wrong destination?
Problem: You have a network with two upstream routers and an F5 LTM loadbalancer. Even though the default gateway points to router R1 the F5 LTM sends packets to the mac address of R2. Discussion: " This is a feature not a bug". This "Feature" is called "Auto Last Hop". Which means the F5 answers packets allways to ...
F5 data flood
Problem: A F5 load balancer LTM sends lots of data to some clients. Sometimes this fills up all the available bandwidth with 1 Gbit or more. At the same time the input traffic does not raise. The traffic charts look like if F5 is attacking some clients (reversed DDoS :-) ) Discussion: After some time of staring at t...