Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral


F5er Harry Kleinbourg came up with a great solution for monitoring the availability of BIG-IP APM targets not just based on the availability of the virtual service but also on its ability to handle service based on the licensed session limits. Goals The goal of this solution is for BIG-IP GTM to redirect SSL VPN users to an available BIG-IP APM. The BIG-IP APM must be considered down if the number of users reaches the license limit. However, there is not an existing built-in monitor that allow...
Everyone has surely (don’t call me Shirley!) at least been exposed to THE CLOUD by now.  Whether it’s the—I’ll go with interesting—“to the cloud!” commercials or down in the nuts and bolts of hypervisors and programmatic interfaces for automation, the buzz has been around for a while. One of F5’s own, cloud computing expert and blogger extraordinaire (among many other talents) Lori MacVittie, weighs in consistently on the happenings and positi...
articlednsmanagementadnnewstechtip October 04, 2012 by Ben Cuthbert
DNS is inherently insecure and exposed. F5 customers have been seeing a spate of DNS attacks and DNS denial of service lately, and I thought it would be a good idea to analyze a few of the common attack vectors, and ways F5s GTM, or LTM DNS Services helps mitigate these attacks, and protect your DNS infrastructure. For many years we’ve commonly deployed GTM in delegated mode, where we create a CNAME for the GTM, and then redirect specific hostnames that require global load balancing to ...
Back in October, I attended a Security B-Sides event in Jefferson City (review here). One of the presenters (@bethayoung) talked about poisoning the internal DNS intentionally for known purveyors of all things bad. I indicated in my write-up that I’d be detailing an F5-based solution, and whereas a few weeks has turned into a couple months, well, here we are. As much as I had hoped to get it all together on my own, F5er Hugh O’Donnell beat me to it, and did a fantastic job. F5er Lee Orrick also ...
articlednsmanagementnewstechtip December 16, 2011 by Jason Rahm
F5 has been in the DNS business for quite some time, beginning with the 3-DNS GSLB product introduced in 1998. While steadily growing the GSLB market through product advances, the platform is incredibly feature rich now, offering far more than GSLB services. Some of the other services added over the years (articles written on services in parentheses): Standard name services via BIND, as a fallback or as primary domain auth Local SLB for DNS DNSSEC (Configuring GTM’s DNS Security ...
There are so many things that you can do with iRules that it can be pretty staggering to narrow down what the "most useful" commands are, but if I were given that task and absolutely had to, I would say that DNS resolution ranks up there pretty high on the most powerful list. Perhaps not as widely used as the HTTP or string commands, but the times that it does get used it solves problems that simply couldn't be solved any other way, often times. Whether it's querying an address before routing tr...
  Introduction This article highlights the F5 ARX Disaster Recovery process via the configuration-replication feature (DMOS 5.2 and above) and Big-IP (v10.2.1) Global Traffic Manager (GTM). A new ARX global-config mode option enables as well as facilitates simple Disaster Recovery fail-over of all or part of a file virtualization environment from one ARX cluster to another assuming that files are being replicated using file server replication technology (i.e SnapMirror; VNX Replication; ...
articlednsmanagementadnnewstechtip October 18, 2011 by George Watkins
Introduction In our last Tech Tip, v11: DNS Express – Part 1, we discussed configuring DNS Express as an authoritative slave DNS server. We also discussed the advantages of using DNS Express in place of a pool of BIND servers. In this part of the series we will be discussing using a Transactional SIGnatures (TSIG) to secure zone transfers form our BIND server to the GTM. By implementing TSIGs for our zone transfers, we can ensure that no one could potentially poison the zone date of our DNS Ex...
articlednsmanagementnewstechtip October 06, 2011 by George Watkins
Introduction Among the many features released with GTM version 11, DNS Express has to be near the top of the list for many DNS administrators. DNS Express is a high performance in-memory authoritative DNS server. GTM has always been able to serve DNS records from its local BIND instance, but this left it subject to many of the same performance limitations as other BIND servers. In addition to its ability to far outperform most any DNS server (125k queries per second per core), DNS Express als...
Anyone utilizing IP network comparisons in iRules is probably familiar with this syntax: 1: if { [IP::addr [IP::client_addr]/24 equals 10.10.20.0] } { 2: ##Do this 3: } In fact, there are several methods for doing a comparison.  Here are three functional equivalents that include the most common form shown above: [IP::addr [IP::remote_addr]/24 equals 10.10.20.0] [IP::addr [IP::remote_addr]/255.255.255.0 equals 10.10.20.0] [IP::addr "[IP::remo...
Page 1 of 3First   Previous   [1]  2  3  Next   Last