F5 DevCentral
There are 31 entries for the tag F5 DevCentral
If you didn’t know, the DevCentral platform runs on DotNetNuke, the leading open source ASP.Net CMS. It’s a great development platform for turning out rich sites, and we’re excited to be hosting the next Seattle DNN User Group meeting next Wednesday, February 8th, beginning at 6pm at 401 Elliot Ave West, Seattle, WA. Agenda 6:00 - Arrive Sign in 6:10 - Tour F5 facilities 6:30 – Presentation Begins Steven – Introductions and DC/DNN Overview April...
It’s a crazy world out there. I ran (well, by “ran” I mean jogged slowly enough to pass the old ladies on the track) this morning at the YMCA, lifted weights for a little while, and then hit the elliptical for 20 minutes before heading home. My gym’s ellipticals have the Nike+ package where you can store your workouts on your iPhone/iPod, and without thinking I jacked in. Approximately 38 ms later (my internal meter is not calibrated) I facepalmed and disconnected my iPhone in shame. Have I learned nothing? Turns out, after closer inspection, the cable was a...
George posted an excellent blog on hostname nomenclature a while back, but something we haven’t discussed much in this space is a naming convention for the BIG-IP configuration objects. Last week, DevCentral community user Deon posted a question on exactly that. Sometimes there are standards just for the sake of having one, but in most cases, and particularly in this case, having standards is a very good thing. Señor Forum, hoolio, and MVP hamish weighed in with some good advice. [app name]_[protocol]_[object type] Examples: www.example.com_http_vs www.example.com_http_pool ...
No, not “us” F5, the F5 key on the keyboard. You know, the one you hit relentlessly to refresh the page (well, the one I hit relentlessly during NFL games to update my fantasy football stats). Anyway, I was perusing the forums today, trying to catch up from a week attending our very excellent annual sales conference, and I noticed a thread that had to be shared. The Question Is there a way of preventing users from using the F5 button to refresh a web page? – DevCentral user ringoseagull (nice handle, btw!) ...
Last Friday I attended my first BSides event in Missouri’s capitol (literally in the capitol building!) Jefferson City. The BSides community exists to bring fellow security practitioners together to present and participate in a small-scale environment that encourages collaboration. I’m not the outgoing sort and I generally like to fade into the background and just learn, but this environment really lends itself well to establishing relationships with others. There were quite a few St Louis based individuals and the chatter is already taking off for setting up a BSides event closer to home in the Spring. Two tracks were offered...
July was a busy month. I took the first three weeks off and drove much of what’s left of the “mother road” on Historic Route 66.with the family, our Ford Expedition, and way too many nights in our 31’ travel trailer. Great memories and stories for a lifetime out of that trip. I was home long enough to unpack, do laundry, and repack for a great week in Chicago with the DevCentral team. On Monday, we had a great time diving in to F5 technology goodness with the MVPs (and hoolio and Chris Miller!) at the Thinkubator. It was a...
Don’t get me wrong, regex is awesome, and entirely useful—sometimes it’s the only option, it’s just not the best tool of choice for wire speed applications. Often the sys-admin and network type converts to BIG-IP will find the regexp tcl command and go that route because it’s familiar. If that describes you, please let me introduce you to a couple more appropriate commands: scan string These two commands will cover a great percentage of regexp’s use cases, and will save significant resources on the system. Don’t buy it? Here’s...
DevCentral community member geffr had a problem. The BIG-IP Application Security Manager module logs to the local3 facility but he needs to send them to the local7 facility on a remote server. Before giving up entirely, he posted to this thread in the Monitoring & Management group forum, where user nitass helped him jump through the syslog-ng hoops (click here for tips & tricks on syslog-ng) to the working solution posted below. It’s pretty straight forward. Define a template, a filter, and a destination, and then put the pieces together in a log statement. ...
I’ve posted on this before (Host that Sorry Page on your BIG-IP!) but it’s been a while and there have been a few updates. Besides, narrowing the application to only sorry pages is a bit myopic—I’m sure my BIG-IP is offended that I treated it so callously. Anyway, I got an inquiry a week or so ago about the images in tables not being picked up by the script. The images in the table were referenced as such: #<table background="genericofflinebackground.gif" align="center" width="1024" height="768" >
I reached out to...
User Ralph Hoflich dropped an interesting problem off in the forums for his first post evah…he had a wireshark capture with a highly unusual header name: Yes, the header name was “:”. This is interesting as it is also the separator in headers between the field name/value pair as described in rfc 2616 section 4.2. Thankfully, it’s just another character and is parsed out as such with iRules. So the simple task of removing a header like this is completed painlessly (as Ralph suspected in his own question). I added a couple logging statements to check before/after...
Being the incredible horrible planner I am, I started to order invitations early last week for a party I’m throwing for my wife’s graduation and it turns out they wanted double the cost of the invitations in overnight shipping! So…I sent evites. It took a day, however, to actually get them out. I started the process but was interrupted by the EC2 outage. I only know that for sure because the evite site I used was very quick to tell me in their error message that the problem was with the “Amazon EC2 Datacenter.” Was Amazon down? Yes. Is it...
Two of our biggest internal contributors, Kirk Bauer and John Alam, are at it again with a handful of perl scripts aimed at easing your migration from some of the “other guys” to BIG-IP. While they aren’t going to map every nook and cranny of the configurations to a BIG-IP feature, they will get you well along the way, taking out as much of the human error element as possible. I built a few pages in the Advanced Design & Configuration wiki to host these scripts. Migrating from Cisco ACE, CSM, or CSS ...
I love ingenuity. DevCentral community member wassim asked a question a little more than a month ago that has been asked several times before: How do you build a class in GTM so you don’t have to use a hoard of if statements to account for your addresses? Well, classes (datagroups) aren’t yet supported in GTM iRules, so the options have been sparse. One option that could be utilized is to build a list that you can initialize in RULE_INIT: 1:...
Did you know that all address internal to tmm are kept in IPv6 format? If you’ve written external monitors, I’m guessing you knew this. In the external monitors, for IPv4 networks the IPv6 “header” is removed with the line: IP=`echo $1 | sed 's/::ffff://'`
IPv4 address are stored in what’s called “IPv4-mapped” format. An IPv4-mapped address has its first 80 bits set to zero and the next 16 set to one, followed by the 32 bits of the IPv4 address. The prefix looks like this:
0000:0000:0000:0000:0000:ffff: (abbreviated as ::ffff:, which looks strickingly simliar—ok, identical—to the pattern...
F5’s own John Alam sent over his latest Visio creation to share with the DevCentral community. This diagram details the workflow of the comprehensive exchange services iRule described in the Microsoft Exchange 2010 Deployment Guide. Enjoy. For visio, pdf, png, & svg versions of this image, click here. Related Articles Microsoft Exchange 2010: HELO New Architecture Webcast - Microsoft Exchange Server Availability And Scalability Exchange Persistence Duality and iRules > DevCentral > F5 ... How Microsoft deployed Exchange Server...
I got a request yesterday morning to asking if there was a way to drop HTTP requests if a certain number was referenced in the Accept-Language header. The user referenced this post on Exploring Binary. The number, 2.2250738585072012e-308, causes the Java runtime and compiler to go into an infinite loop when converting it to double-precision binary floating-point. Not good. Twitter is ablaze on the issue, and there is a good discussion thread on Hacker News as well. So how do you stop it? At first, this appeared to be a no-brainer, just copy that string and drop if found in...
I received an update to the HTTP Event Order diagram last night from the excellent F5er John Alam. Here it is, in all its glory!
Fire up the printer, the laminator, whatever, and get this on your cubicle wall pronto! For comparison, the original drawing is in the second link below. For visio, pdf, and svg versions of this image, click here.
Related Articles
iRules Event Order > DevCentral > F5 DevCentral > Tech Tips
iRules Insight - HTTP Event Order
Stacking iRules: A Modular Approach > DevCentral > F5 DevCentral...
Sad, I know. But I had Shakespeare on the brain this morning, and whereas I’m pretty sure he’ll roll over in his grave at me identifying with him in the same blog post as what’s below, well, I figured I’d tap into my (not so) creative side. An Homage to LTM Gather my packets, LTM And give to all comprising flows Careful analysis on which to Accept or deny my humble requests. ...
We’ve covered pushing images from LTM before with Kirk’s excellent perl script work on sorry pages. But that’s not the only thing you can host images for, and it’s not the only approach. DevCentral community user kevin.stewart crafted up a nifty bash script to achieve the same ends, and gobbles up every image in /var/images, b64 encodes them, then drops them into a class. The script is minimal in lines, but powerful in output: #!/bin/bash ## clear /var/class_build/images_build.class echo -n "" > /var/class/images.class; ## loop through...
A few weeks ago Lori nailed it with a post (The 2048-bit Keys to the Kingdom) on the coming forced migration to 2048-bit keys. A few days prior, I got a call from “THE” Matt Cauthorn, DevCentral resident stud contributor L4L7 about the very same issue. Not surprisingly, he was ahead of the game on this and has spent some time developing a tool that will take the mystery out of the licensing and infrastructure impact checklist items Lori mentioned. Well what does this tool do? Function ...
On last week’s podcast, we riffed for a few on the common misunderstandings of what a URL versus a URI are in terms of writing iRules and communicating said development in the forums. I had earlier in the day been looking at Prezi and got the idea that I should attempt my first Prezi on breaking down the various components of a URL and URI. Be gentle: Related Articles HTTPS Redirect for a specific URL, URI - DevCentral - F5 ... multiple url/uri rewrite w/multiple default statements ... ...
Microsoft released advisory 2416728 on Friday after researchers Thai Duong and Juliano Rizzo demonstrated the attack on ASP.NET with their Padding Oracle Exploit Tool. The attack itself preys on a bug in ASP.NET’s AES implementation, which you can read about over here at threatpost. So what’s the reward for a successful attack? It’s not going to allow the attacker to execute code or elevate rights, but it does all the attacker to read potentially sensitive data that could then be further used to compromise the system. The mitigation for this attack is to obfuscate the server errors by ensuring...
Most of the files I use in my virtual desktop environment are centrally located in a share I make accessible to the host and all the guests for ease of transfer between them. However, there is one guest I keep fairly isolated for security reasons. This is great, but when I need a file, it (has previously) required me to start that guest, wait, login, move the files I need to the share, then shutdown. It’s frequent enough to be annoying. I’d leave it up, but I prefer to keep my BIG-IP LTM VE and a couple linux guests running...
This has been a perplexing issue for many users. How do you introduce an intermediary (LTM going forward) between client and server when in the same network segment? It’s easy when the LTM sits at gateways, but within a segment, it doesn’t work that well without some help. Why? Well, with tcp-based connection-oriented protocols, a handshake (consisting of a client syn packet, a server syn-ack packet, and a server ack packet) sets up the connection. When you introduce the LTM, a problem arises: Client –> syn –> BIG-IP BIG-IP –> syn-ack –> Client...
We’re tasked with the burden of hosting the MVP Summit in the Edelweiss II conference room on the 43rd floor of the Swissotel Chicago. Here are a couple views of the Chicago landscape. The first is a shot of Navy Pier from the elevator lobby. The second is a portion of the view from Edelweiss II. Not shabby. Not shabby at all. Technorati Tags: F5 DevCentral,DevCentral MVP,DevCentral MVP Summit,Chicago,Jason Rahm
As Jeff posted this morning, we’re well into our DevCentral MVP Summit here in Chicago. During one of the challenge solution reveals, Matt Cauthorn (yes, THE Matt Cauthorn) showed a bigpipe command that I really wish I knew about years ago. Actually, the command isn’t new, but range ability within the command is what caused the jaw to hit the floor. [root@kitchensink:Active] config # b pool newPool { members 192.168.{1..2}.{1..3}:80 } [root@kitchensink:Active] config # b pool newPool list pool newPool { ...
No, not the kiddie lit favorite by Doris Buchanan Smith, I mean the smart phones. I was not a member of the smart phone club when I started at F5. In fact, my first week on the job was at our international sales conference and I remember watching Jeff and Joe scroll, click, and type like the wind and Jeff leaned over and said, “They’re addicting, you’ll see.” I got my first Blackberry, the Curve 8310, a week later. I liked having all the keys for typing, as the limited texts I’d written with the basic phones was a chore,...
There is an abundance of mature desktop virtualization solutions that are outright free or at least reasonable. From VMware’s Workstation (at cost after 30-day trial, but entirely worth it) to Oracle’s VirtualBox and Microsoft’s Virtual PC, you can get started in literally minutes. Why would you want to? Trivial backups. Tired of losing a drive and having to restore first the OS, then the applications, and finally your files? Once everything is hosted on a virtual disk, keeping that backed up frequently means a physical disk failure costs you only the time to restore the hardware...
So I guess I’m on the even days plan here at Tech Ed, today being the fourth and final day of Tech Ed… Yesterday I got the chance to walk around the exhibitor hall and collect swag take a look at the exciting offerings on the floor. Microsoft had three very large sections with breakout booths for all their product offerings. I stopped and chatted with a few experts in the Server 2008 R2 virtualization offerings, and watched a couple System Center demos as well. Speaking of System Center, did you know F5 has a management pack for System Center? ...
DevCentral has many rock star contributors. Most are not affiliated officially with F5 Networks, or DevCentral for that matter, but there are several F5ers who believe in the community, and really believe in the F5 story. One of those F5ers is Matt Cauthorn, or as you know him in the community, L4L7. You may recognize Matt as the author of pyControl. Well, not only did he provide this entrance to a better iControl experience, he has also delivered in a major way with his Vim plugin for editing iRules (utilizing pyControl of course to make those calls to BIG-IP). I...
Day two of the New DevCentral. I’m excited about the new look, but I’m especially excited about the new functionality and navigation. There are a few things that have changed that might stump the seasoned pros, and of course if you’re a newbie, well, it’s all new, right? To that end, we’ve created a page of brief video tutorials on how to get the most out of DevCentral: Getting Started. We thought about the issues most users might have with the initial jump, such as the new social features, the forum changes with a migration to groups, site navigation, etc. ...
