(SOL8084) The BIG-IP system does not allow a health monitor that has a wildcard destination service (*All Ports) to be associated with a pool containing one or more member with a wildcard destination service. If you attempt to associate a BIG-IP health monitor configured with a wildcard destination service with a pool containing one or more members with a wildcard destination service, the configuration is not updated with the new monitor instance, and an error message that appears similar to the following
↧
Error Message: Error Message: 01070622:3: The monitor has a wildcard destination service and cannot be associated with a node that has a zero service
↧
Informational: BIG-IP 11.3.0 cumulative hotfix
(SOL14175) F5 has recently discovered and corrected a number of issues that affect customers running BIG-IP 11.3.0. F5 recommends that all customers currently running BIG-IP 11.3.0 install the latest cumulative rollup hotfix.
The following table lists the rollup hotfixes released for BIG-IP 11.3.0. The table lists each hotfix, along with the ID numbers of issues that the corresponding hotfix resolves, and a description of each issue. If an article exists for the issue, the ID number contains a link to a co
↧
↧
Informational: Treatment of long VLAN names by the Linux host subsystem
(SOL11954) The Linux kernel defines the maximum buffer size needed to hold a network interface name. In both 2.4 and 2.6 kernel versions, the maximum buffer size is set to 16 bytes (or characters). However, the BIG-IP system allows for much longer Virtual Local Area Network (VLAN) names.This article describes how the system maps long VLAN names to interface names that the kernel understands. It is important to know how the Linux host subsystem refers to long VLAN names when you work with certain command li
↧
Known Issue: The BIG-IP Configuration utility may incorrectly enable you to assign certain health monitors to pools and server objects that are configured with a wildcard service port
(SOL12400)
Description
The BIG-IP Configuration utility erroneously enables you to assign a health monitor that is configured with a wildcard Alias Service Port (*All Ports) to the following BIG-IP LTM and BIG-IP GTM objects:
BIG-IP LTM pools that comprise pool members that are configured with a wildcard service port (*All Services)
BIG-IP GTM servers that comprise virtual servers that are configured with a wildcard service port
When the health monitor is configured with an Alias Service Port setting of
↧
Error Message: Error Message: Per-invocation log rate exceeded
(SOL10524) The log files of BIG-IP systems may include error messages that appear similar to the following example:
Note: These particular error messages are from the /var/log/ltm file.
mcpd[2239]: 01070727:6: Per-invocation log rate exceeded; throttling.
mcpd[2239]: 01070638:6: Resuming log processing at this invocation; held 22 messages.
These error messages are informative; theyindicate that the system is regulating logging for a particular error message.
The first error messageindicates that one or mo
↧
↧
Informational: BIG-IP TCP/IP stack fingerprinting
(SOL9491) TCP/IP fingerprinting is a method of determining the targethostoperating system (OS) of a target host by capturing network traffic from the host, and comparing the traffic to a database of TCP signatures. This behavior allows the fingerprinting software to distinguish between different implementations of TCP/IP, andattempt to determinethe host OS of the target system.
The two types of TCP/IP fingerprinting are passive and active monitoring:
Passive fingerprintingPassive fingerprinting is a meth
↧
Overview: Overview of the End User Diagnostics software
(SOL7172) The End User Diagnostics (EUD) software is a set of diagnostic tests that provide reports about various components in the hardware unit. The EUD is pre-installed on each BIG-IP system beginning with BIG-IP 9.1.2.
There are different EUD packages depending on the platform:
Field Testing BIG-IP and BIG-IQ Hardware: BIG-IP 2000, 4000, 5000, 7000, 10000, and BIG-IQ 7000
Field Testing BIG-IP Hardware: 800, 1600, 3600, 3900, 6900, 8900, 8950, 11000, 11050, EM4000
EUD 11.4.0 Field Testing BIG-IP Hardw
↧
How-To: Synchronizing DNS Express zones using a Sync-Only device group
(SOL13567)
Purpose
You should consider using this procedure under the following condition:
You want to synchronize DNS Express zones using a Sync-Only device group.
Prerequisites
You must meet the following prerequisites to use this procedure:
You must have access to the tmsh utility.
Network connectivity is established between device group members.
NTP is configured on device group members.
DNS zones are configured on a BIG-IP GTM system or remote BIND server. If the zones reside on a remote BIND ser
↧
Informational: BIG-IP ASM daemons (11.x)
(SOL14020) When the BIG-IP system is licensed with BIG-IP ASM, a separate set of processes is initiated in addition to the standard set of BIG-IP processes. The following table lists the core BIG-IP ASM services, and indicates the impact to the BIG-IP ASM system operation if the service is not running:
Daemon
Description
Impact if not running
Logs to
asm_start
11.6.0 and later. Starts the BIG-IP ASM daemons in their proper order, restarts daemons when watchdogs report daemon failures, and
↧
↧
Informational: A local virtual server IP address cannot be used as a pool member
(SOL10379) In BIG-IP 9.0.0 and later, you can create a pool member using a local virtual server IP address.However,the BIG-IP does not respond to its own ARP requests for locally-hosted virtual server addresses, and thus is unable toestablisha network connection toa locally-hosted virtual server.As a result, if you add a locally-hosted virtual server toa BIG-IP load balancing pool,no traffic will ever be sent to that pool member, as it is not possible for the system to monitor or load balance traffic to th
↧
How-To: Working with Evasion technique detected violations
(SOL7929) Purpose
You should consider using this procedure under the following condition:
You would like to view evasion technique violations logged by the BIG-IP ASM system.
You would like to configure the BIG-IP APM system to handle URL-encoded evasion techniques.
Prerequisites
You must meet the following prerequisite to use this procedure:
Have a general understanding of the BIG-IP ASM Configuration utility.
Description
The Evasion technique detected violation is triggered when the BIG-IP ASM syst
↧
Error Message: Error Message: Unable to discover the device to be managed, reason(Duplicate item. Key already exists: deviceUri: https://<IP-Address>:443)
(SOL15938) Error Message
Unable to discover the device to be managed, reason(Duplicate item. Key already exists: deviceUri: https://<IP-Address>:443)
In this error message, note the following:
<IP-Address> is the IP address of the BIG-IP device that the system is attempting to discover.
Message Location
You may encounter this message in the following locations:
In the BIG-IQ system user interface
In the BIG-IQ system restjavad log file, /var/log/restjavad.0.log
Description
This message oc
↧
How-To: Configuring the BIG-IP system to use an alternate server if pool members are unavailable
(SOL7065) You can configure the BIG-IP system to use an alternate server if pool members are unavailable. To do so, you can use one of the following methods:
Pool member priority groups
iRules
Pool member priority groups
You can use pool member priority groups to configure a pool with an alternate server or group of servers using a lower priority value than the primary server's priority values. To do so, set the Priority Group Activation setting to Less than..., and type the number of members below whic
↧
↧
How-To: Implementing TCP Keep-Alives for server-client communication using TCP profiles
(SOL8049) When the BIG-IP LTM is deployed in an environment where it load-balances or forwards long-lived TCP connections, it is necessary that you have an understanding of how the BIG-IP system manages long-lived TCP connections, and how you can fine-tune the TCP profile settings to optimize the TCP connection state.
Some server applications use TCP Keep-Alives to maintain long-lived TCP communication with a client, and to prevent the client from timing out or disconnecting for lack of response within a
↧
How-To: Configuring the BIG-IP system to log to a remote syslog server (11.x)
(SOL13080) This article applies to BIG-IP 11.x. For information about other versions, refer to the following article:
SOL5527: Configuring the BIG-IP system to log to a remote syslog server (9.x - 10.x)
Purpose
You should consider using this procedure under the following condition:
You want to configure remote syslog servers on the BIG-IP system.
Prerequisites
You must meet the following prerequisites to use this procedure:
Your system runs BIG-IP 11.x software.
The remote syslog server is accessible
↧
How-To: Configuring the BIG-IP ASM to send SNMP traps to communicate a blocked request and request violation
(SOL7738) You can configure the BIG-IP ASM system to communicate a blocked request and request violation to a management station by using an SNMP trap.
Specified in the F5-BIGIP-COMMON-MIB.txt file, the system uses the following predefined SNMP trap OIDs to communicate blocked requests and request violations:
Note: For information about MIB files, refer to SOL503: Overview of BIG-IP MIB files (9.x).
BIG-IP ASM 10.2.0 and later
bigipAsmDosAttackDetected - DoS attack detected by Application Security Module
↧
Informational: Support for Teredo tunneling
(SOL13070) The Teredo protocol provides hosts that are behind an IPv4 network address translation (NAT) device to communicate on the IPv6 Internet over the existing IPv4 Internet. Teredo clients that are connected to the IPv4 Internet send IPv6 packets encapsulated in UDP packets (or tunneling) to the Teredo servers or relays, which act as a gateway between Teredo clients on the IPv4 Internet and IPv6-only hosts. The Teredo server or relay listens on UDP port 3544 for Teredo traffic.
Note: For more informa
↧
↧
How-To: Configuring the BIG-IP ASM to use TCP Keep-Alive probes to manage idle connections to remote syslog servers
(SOL13291) Purpose
You should consider using this procedure under the following conditions:
The BIG-IP ASM is configured with a remote logging profile
Connections to the remote syslog server are routed via the management interface
You want to prevent connections to the syslog server from remaining in the TCP CLOSE_WAIT state.
Prerequisites
You must meet the following prerequisite to use this procedure:
The BIG-IP ASM must be running one of the following versions of software or later:
BIG-IP 11.1.0 an
↧
How-To: Configuring CIDR Network Addresses for the BIG-IP packet filter
(SOL13383) Note: F5 Support does not provide assistance in writingBIG-IP packet filter rules, but will provide their best effort to assist customers in troubleshooting these rules.
Purpose
You should consider using this procedure under the following condition:
You need to configure packet filtering to block Classless Inter Domain Routing (CIDR) network blockaddresses.
Prerequisites
You must meet the following prerequisites to use this procedure:
You have command line access to the BIG-IP system.
You a
↧
Overview: Overview of SNMPv3 agent access
(SOL13625)
Summary
The Simple Network Management Protocol (SNMP) is typically used for managing devices on the IP network. SNMP has evolved from version 1, to version 2c, to version 3. This article provides information about SNMP version 3 (SNMPv3) agent access on the BIG-IP system.
Description
SNMPv3 introduces security and administrative framework features that previous versions of SNMP were lacking. For example, previous SNMP versions use a community string that is sent in clear text for authenticatin
↧