network failover/serial cable for HA
for HA configurations, there are 3 options network failover in network failover the heartbeat is the network packet serial failover serial cable failover is just checking a voltage heartbeat between the two systems. network and Serial failover I not sure does it mean failover only take place when network and serial both are failed or ? if use both, how to test if it is working?Solved1.3KViews0likes14CommentsSharing same VLAN between vCMP guest
Hello, This question is regarding to sharing same VLAN between vCMP guest for F5 viprion platform. lets say, I have a VLAN 10 which is tagged to interface 1.1 at vCMP host level and propagated to Guest A in common partition. -For the guest B can I use same VLAN? -What would be the recommend way to share VLANs between guests? -Can we tag VLAN 10 to 1.2 interface at vCMP host level and share it with Guest B?538Views0likes2CommentsBIG-IP to Cisco via 10Gb SFP+ Direct Attach Copper
Hi, Anybody using Cisco DAC 10G transceiver/copper cables (TwinAx) to connect from a Cisco switch to a BIG-IP? Can't seem to find an answer, suspect it is not supported which is always an issue for DACs between vendors. Cheers1.4KViews0likes14CommentsOCSP With CRL Fallback
Hi all, I've been trying to get my head around OCSP and CRL in a rush. My requirement is relatively simple but without APM (not an option) I'm trying to do this via an iRule. Anyway, the requirement is this; -Use OCSP as the primary method of verifying client certificates (requires an OCSP profile) -Use CRL (not CRLDP) as a fallback should the OCSP responders be unavailable for any reason (requires an SSL profile) According to this, if both are applied (via profiles) then both checks must 'pass' not just one or the other, hence the iRule. I've found examples of using OCSP in an iRule here, here and here (thanks Hoolio) but litle around CRL checking. So, my questions are; -Can I use an iRule to perform the OCSP check and then, if OCSP fails for some reason, switch to an SSL profile that has CRL checking enabled so that CRL checking is performed? -If not, does anyone has any example code for performing a CRL check? -Would it simply be better to use a Pool (or something along these lines) and check it's up rather than do the OCSP check 'manually' in the iRule?891Views0likes6CommentsLDAPS Monitor with Certificate Expiration
Hi Team, I have been working with my AD team trying to resolve a problem where they forget to update a Domain Controller certificate and it expires and ADLDAPS queries fail since they dont bind to expired certificates. They have requested to see if we can drop a member out of the pool if the certificate is expired ( ie, not a valid SSL cert ) I have been messing with the LDAP Health monitor, turning on the Security settings, but I dont believe this would actually check that a certificate is valid or not. I know with server side SSL configuration you can enable SSL authentication but would just stop traffic from flow, not actually drop a member out of the pool. Any ideas ?690Views0likes4CommentsSetting BIG-IP LTM Virtual Server for two SQL Servers nodes
I've created BIG-IP Virtual Edition instance in Amazon EC2 using this tutorial. I've followed this tutorial to configure BIG-IP System as an MS SQL Database Proxy. There were couple things that I didn't get in "Creating a database proxy virtual server" section: For the Destination setting, in the Address field, type the IP address you want to use for the virtual server. The IP address you type must be available and not in the loopback network. In the Service Port field, type 1443. Which IP address should I use in destination field? Public IP, which I use to connect to BIG-IP WEB UI? Why it says set service port to 1443, not 1433, which is default to SQL Server? For now I set public IP and 1443 port and tried to verify connection using UDL file I have two DB nodes and when trying to verify connection directly to their IP addresses - connection succeeds. But when I try BIG-IP public IP - connection fails with the following error message: Test connection failed because of an error in initializing provider. [DBNETLIB][ConnectionOpen (Connect()).]SQL Server does not exist or access denied. Both nodes are enabled and available in LTM (Local Traffic Manager). Any ideas what I'm doing wrong?633Views0likes3Comments