LTM 11.4.1 - Trying to Identify equivalent features to cisco ACE

I think this should help you: https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-concepts-11-5-0/7.html

Oversize client headers

The Oversize Client Headers setting determines the way in which the BIG-IP system passes through HTTP traffic when the Maximum Header Size value is exceeded by the client. The default is disabled, which rejects the connection. Note: This feature is only available on the HTTP profile when you set the proxy mode feature to Transparent.

Thanks. That was of real help. But looks like all the features i am looking for are available only in 11.5, reading through the link. I am still running 11.4.1, have opened a support case to see if they can suggest any similar option in 11.4.1, may be they will ask me to upgrade to 11.5. Also, the Transparent Proxy mode option in HTTP profile, in 11.5, seems to be the way to allow LTM to forward invalid HTTP traffic to the pool server, similar to the "parsing non-strict" option in Cisco ACE.

i upgraded to 11.5.1, and tried to enable http transparent proxy mode (using http-transparent profile) to a Virtual server that already has other profiles (SSL client, OneConnect, http-compression). But i get the following error, 01070734:3: Configuration error: In Virtual Server (/oracle/prod_443) HTTP is configured as a Transparent Proxy, and thus is incompatible with any other filter other than PEM. Looks like i cannot use this Transparent proxy mode in my configuration. Primarily i am looking for an equivalent to parising non-strict in Cisco. Anyone has an idea? i opened a support case and the engineer said this feature cannot be used with the VS config i have and suggessted to use iRule to implement the same. Is there a possible way to enable this using an iRule?

Hey Karthik,

I am in a same situation where I have to provide the business solution to one of my customer. Could you finalize your standards on ACE to F 5 LTM migration? My requirement as below. Could you please some inputs on this ?

parameter-map type http HTTP-Params-Maxparse-No-Strict-8192 case-insensitive persistence-rebalance set header-maxparse-length 8192 set content-maxparse-length 8192 parsing non-strict

hi Antony,

1. Persistence-rebalance -> Use a Oneconnect profile with a 255.255.255.255 mask. This is to make sure we dont use the connection reuse feature of Oneconnect, and use Oneconnect only for 'load-balancing every HTTP request inside the same TCP connection' like exactly what persistence-rebalance in Cisco ACE does.
2. header-maxparse-length -> the default 'Maximum Header Size' in F5 is 32768 bytes. You can change this to what you want using a custom HTTP profile.
3. content-maxparse-length - I could not find an exact equivalent. But i think by adding a http-compression profile, you can take care of this making the F5 to compress the http content.
4. parsing non-strict -> This feature in ACE ignores malformed cookies and still processes the other cookies. But F5 seems to just stop parsing the packet if it finds a malformed cookie that some of the legacy applications use. There is not option to alter this behavior of F5 like in ACE, unless we can write some iRule coding i believe.