CirrusHi Experts,
If I have a BIG-IP provisioned with LTM/ASM/APM/AFM what would be the sequence in which each of these modules would trigger. I am unable to find sufficient documentation correlating the order of operation when all the above modules are active on a box
CumulonimbusNot that simple I’m afraid but generally AFM would be first as network level filter then LTM then depends on the Virtual Server configuration what is triggered next.
However, traffic after ASM and APM will be returned to LTM to be forwarded.
Generally LTM controls traffic just hands off to other modules and the configuration will dictate the order traffic is processed.
Finally there are some flow diagrams about but think you will need to talk with F5 to get hold of them.
NacreousThe answer is, it depends.. and it isn't linear.
AFM will generally be processed first as Global rules occur before a VS is serviced. (if you have global rules configured)
Once the VIP is processed it will side step and assess ASM and APM policies if configured, before continuing to process the rest of the VS (assuming ASM and APM policies have permitted the flow) I can't comment on which gets processed first out of ASM and APM.
As to seeing a document to explain this, I've not seen one either so not sure if this information is useful to you.
Related to this and quite useful is the iRule processing order. This is not an exhaustive list of all events but useful nonetheless:
iRule Event Order - HTTPS/SSL - Client & Server Side