Wednesday, November 2, 2011

F5 Big-IP Decrypting a private key

1. Transfer key file to directory /config/ssl/ssl.key/myfile.key
2. Change directory on CLI. Command: cd /config/ssl/ssl.key
3. Use the OpenSSL utility to open or decrypt the key file. Apply the command:
openssl rsa -in myencryptedkeyfile.key -out mydecryptedkeyfile.key
4. You will be prompted to enter the Passphrase originally used to encrypt the key:
Enter pass phrase for myencryptedkeyfile.key:
writing RSA key
5. The following output appears if you have entered the wrong Passphrase:
Enter pass phrase for myencryptedkeyfile.key:
unable to load Private Key
21566:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:325:
21566:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:425:
Posted by at No comments:

Saturday, July 9, 2011

F5 Big-IP - Cookies, Persistence, and SSL.

Cookies provide a way to make http requests stateful. When a HTTP request is made from a client to a server, each request is independant of the previous, that is the server does not keep track of what happened in the previous request. To make http requests stateful and relate them Cookies can be used. Cookies provide a means for the server to record which http requests belong to the same client.

On an F5 Big-IP LTM, there are options to apply Cookie persistence profile to a Virtual Server. The Cookie profile can be customised and hence there are a number of options which administrators can select to meet their requirements. Of these options the main one is the Mode. Cookies can applied in one of four Modes - Hash, Insert, Rewrite, and Passive.

* Hash mode: In Hash mode, the Original Web Server (OWS) generates the Cookie. You can specify in Hash mode the name of the Cookie Name, Offset (The number of bytes in the cookie to skip before calculating the hash value), and Length (This is the number of bytes to use when calculating the hash value). The Timeout option does not apply in Hash mode.

* Insert mode: In Insert mode, as the name implies the Big-IP with this Cookie mode inserts a cookie into the HTTP response from the server that contains information about the OWS. The expiration time of the cookie is determined by the timeout configured on the Big-IP. You can set the expiration to an explicit amount of time or with a value of "session". A session cookie is a cookie which is set without an expiration date. Session cookies are generally stored in volatile memory by clients and expire when the user session expires (i.e. when the browser is shut down

* Rewrite mode: If you specify Rewrite mode, the Big-IP Controller intercepts a cookie, named BIGipCookie (the server must name its cookie BIGipCookie), sent from the server to the client and rewrites the name of the cookie to BIGipServer. When the BIG/ip Controller rewrites the cookie, the server information and time-out value are reset.

Rewrite mode requires you to set up the cookie created by the server. In order for Rewrite mode to work, there needs to be a blank cookie coming from the web server for BIG/ip to rewrite. With Apache variants, the cookie can be added to every web page header by adding an entry in the httpd.conf file:

Header add Set-Cookie
BIGipCookie=0000000000000000000000000000000000
00000000...
(The cookie should contain a total of 75 zeros.)

* Passive mode: In Passive mode the Big-IP does not search or insert cookies into the HTTP header of responses from the server. The server is expected to create a cookie add the encoding representing the node and port information. A sample http with a cookie and encoding may look as follows:

Header add Set-Cookie:
BIGipServer=184658624.20480.000; expires=Sat,
19-Aug-2000 19:35:45 GMT; path=/
In this example, 184658624 is the encoded node address and 20480 is the encoded port.

The equation for an address (a.b.c.d) is:

d*256^3 + c*256^2 + b*256 +a.

The way to encode the port is to take the two bytes that store the port and reverse them. So, port 80 becomes 80 * 256 + 0 = 20480. Port 1433 (instead of 5 * 256 + 153) becomes 153 * 256 + 5 = 39173.
Posted by at No comments:

Thursday, June 30, 2011

DNS Notes

A domain level name server may contain a list of DNS servers where a name record is kept. It then informs the resolver of the IP address(es) or location of these DNS servers. The resolver then attempts to query the ADNS servers. It attempts to resolve against the first server (ns1.x.x.x.x), if query fails then it attempts the to query the second (ns2.x.x.x.x) and so forth.

A DNS server may contain multiple addresses for a domain name. When requests are made to the DNS server from the resolver, the server shuffles the multiple IP addresses associated with the domain name then selects one to return to the client.

A name record is constant in a DNS server. For example, if a web server hosting domain www.mywebserver.com which a name record points to is no longer available the name record will continue to point to that server. A GTM device is useful in monitoring servers in a redundant setup and returning an IP address associated with a server which is reachable.




References:

http://support.f5.com/kb/en-us/solutions/public/9000/600/sol9619.html

http://www.wight-hat.com/guides/hosting/round-robin-dns-configuration/

http://support.citrix.com/article/CTX122619

http://www.networkcomputing.com/wan-optimization-and-application-acceleration/a-gslb-reality-check.php

http://support.f5.com/kb/en-us/solutions/public/0000/100/sol159.html
Posted by at No comments:

Saturday, June 25, 2011

F5 Big-IP: Performing a clean install or rebuild

Recently I have been trying to apply a hotfix to a Big-IP without any luck. Numerous attempts have resulted in failed installations. I have tried both earlier and later hotfixes without any success. This suggested to me the Big-IP volumes were either corrupted or something went terribly wrong during the previous upgrade. To resolve the problem I decided the only way forward was to rebuild the device or set it back to its factory defaults and then install the new image.

The steps are detailed in the F5 Solution document SOL10819. However I will try to provide here the steps I took and some of the issues I encountered along the way.

1. Download the installation image: For my rebuild I selected version 10.2.0 1707.0 to match up with our device in production.

2. Verify the integrity of the files. In my case I used the File Checksum Integrity Verifier utility from Microsoft. You can download it for Windows here:
http://support.microsoft.com/kb/841290

Set the path of where you extracted the FCIV files at the cmd prompt:

set path=%path%;c:\fciv

Sample output:

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\me>cd /fciv

C:\fciv>set path=%path%;c:\fciv

C:\fciv>fciv BIGIP-10.0.1.283.0.iso
//
// File Checksum Integrity Verifier version 2.05.
//
ef9fdbf673d6355a74c2bae7980127f3 bigip-10.0.1.283.0.iso

C:\fciv>

Ensure ef9fdbf673d6355a74c2bae7980127f3 value equals that found in the corresponding md5 file downloaded from F5.

3. Installation method. For this step I chose to use an external USB drive. Since I am trying to rebuild on a 6400 series hardware the following utilities will be needed on a Linux device to make a bootable USB drive. See "Creating a Bootable USB Thumb Drive" in the Big-IP Gettint Started Guide.

"For BIG-IP platforms 1500, 3400, 3410, 6400, 6800, 8400, and 8800, the workstation must have the following utilities:
sfdisk: changes disk partitioning.
mke2fs: creates a Linux (ext2) file system.
extlinux: represents a lightweight bootloader that starts up computers with the Linux kernel."

Since Linux is not my forte :) and I have a spare F5 lying around, I decide to use the F5 to make my bootable USB stick. If you don't like reading, I found this great video on Youtube that shows you how to do it:
http://www.youtube.com/watch?v=-KQ7MMWlwp4

Below are the steps I used to create the bootable USB:

a) Login into the Big-IP as root. Copy the iso file to the /tmp directory of the Big-IP:

cp /mnt/usb/myisofilename.iso /shared/images

b) Create the directory /mnt/cd to mount the iso file to:

mkdir /mnt/cd

c) Mount the iso file to the /mnt/cd directory:

cd /shared/images
mount -o loop BIGIP-10.2.0.1707.0.iso /mnt/cd
mount

I had many issues when trying to mount the USB drive. Some of the error messages included:
[root@BIGIP-6400:Active] cd # ./mkdisk
..cpio: write error: No space left on device
./mkdisk: line 18: /tmp/mkdisk.CVn667/usr/lib/install/umdinstall: No such file or directory

To resolve the problem I unmounted and removed the /mnt/cd path. I also removed the the /mnt/usb mount I originally made from a previous attempt. The when I applied the mount command I ensured the following line showed:
/shared/images/BIGIP-10.2.0.1707.0.iso on /mnt/cd type iso9660 (rw,loop=/dev/loop1)


d) Run the mkdisk utility in the /mnt/cd directory:

cd /mnt/cd
./mkdisk

e) The Big-IP will then prompt you to answer a series of questions. This will assist it to create a bootable USB drive relevant to your hardware platform.

Below is a sample output:

[root@BIGIP-6400:Active] / # cd /shared/images
[root@BIGIP-6400:Active] images # ls
BIGIP-10.2.0.1707.0.iso BIGIP-10.2.1.297.0.iso Hotfix-BIGIP-10.2.0-1755.1-HF1.iso Hotfix-BIGIP-10.2.0-1789.0-HF2.iso
BIGIP-10.2.0.1707.0.iso.md5 BIGIP-10.2.1.297.0.iso.md5 Hotfix-BIGIP-10.2.0-1755.1-HF1.iso.md5 Hotfix-BIGIP-10.2.0-1789.0-HF2.iso.md5
[root@BIGIP-6400:Active] images # mkdir /mnt/cd
[root@BIGIP-6400:Active] images # mount -o loop BIGIP-10.2.0.1707.0.iso /mnt/cd
[root@BIGIP-6400:Active] images # mount
/dev/mapper/vg--db--sda-set.1.root on / type ext3 (rw,noatime)
none on /proc type proc (rw)
devpts on /dev/pts type devpts (rw)
/dev/mapper/vg--db--sda-set.1._config on /config type ext3 (rw,noatime)
/dev/mapper/vg--db--sda-set.1._usr on /usr type ext3 (ro,noatime)
/dev/mapper/vg--db--sda-set.1._var on /var type ext3 (rw,noexec,noatime)
/dev/mapper/vg--db--sda-dat.share.1 on /shared type ext3 (rw,noatime)
/dev/mapper/vg--db--sda-dat.log.1 on /var/log type ext3 (rw,noatime)
none on /dev/shm type tmpfs (rw,noatime)
none on /var/tmstat type tmpfs (rw)
none on /var/run type tmpfs (rw,noatime)
prompt on /var/prompt type tmpfs (rw,size=4m)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
none on /dev/mprov/tmm type hugetlbfs (rw)
/shared/images/BIGIP-10.2.0.1707.0.iso on /mnt/cd type iso9660 (rw,loop=/dev/loop1)
[root@BIGIP-6400:Active] images # cd /mnt/cd
[root@BIGIP-6400:Active] cd # ./mkdisk
..............................................................................
7047 blocks
On which F5 platform will the installation media be used?

Index Platform

1 BIG-IP 1500
2 BIG-IP 1600
3 BIG-IP 3400
4 BIG-IP 3410
5 BIG-IP 3600
6 BIG-IP 3900
7 BIG-IP 4100
8 BIG-IP 6400
9 BIG-IP 6800
10 BIG-IP 6900
11 BIG-IP 8400
12 BIG-IP 8800
13 BIG-IP 8900
14 BIG-IP 8950
15 BIG-IP 11050
16 BIG-IP Viprion
17 BIG-IP_SAM 4300
18 Enterprise Manager EM500
19 Enterprise Manager EM3000
20 FirePass 1200
21 FirePass 4100
22 FirePass 4300
23 TrafficShield 4100
24 WANJet Appliance WJ300
25 WANJet Appliance WJ500
26 WBA Appliance WA4500
Please select a device by index (1 - 26) --->8
Please select the device on which you which to create the bootable installer

Index Device Product Size Notes

1 /dev/sdb SanDisk Cruzer Blade 3819 MB May hold 2 products
Please select a device by index (1 - 1) --->1
Chosen device /dev/sdb is SanDisk Cruzer Blade
WARNING: The next step will destroy all data on this device!
Are you sure you want to continue? (y|n) [n] --> y
info: FAT Formatting device /dev/sdb

info: Installing bootloader on /dev/sdb
info: Mounting device /dev/sdb on /mnt/ozimLXTaYx
copying ./isolinux/vmlinuz => /mnt/ozimLXTaYx
copying ./isolinux/initrd.img => /mnt/ozimLXTaYx
The following products are available for transfer:
BIG-IP version 10.2.0
Would you like to transfer BIG-IP version 10.2.0? (y|n) [y] --> y
Queueing BIG-IP version 10.2.0
Ready to copy one product (this will take a while...).
Creating repository ISO in /mnt/tm_install/16082.mJRdtt (this will take a while)...Using TS_MN000.RPM;1 for ././BIGIP1020/i686/TS-mng-fbagent-10.2.0-1707.0.i686.rpm (TS-mng-fbloader-10.2.0-1707.0.i686.rpm)
Using TMM_V000.RPM;1 for ././BIGIP1020/i686/tmm-vadc-debug-10.2.0-1707.0.i686.rpm (tmm-vadc-10.2.0-1707.0.i686.rpm)
Using TMM_P000.RPM;1 for ././BIGIP1020/i686/tmm-padc-debug-10.2.0-1707.0.i686.rpm (tmm-padc-10.2.0-1707.0.i686.rpm)
Using RRDTO000.RPM;1 for ././BIGIP1020/i686/rrdtool-perl-1.2.27-156.0.i686.rpm (rrdtool-1.2.27-156.0.i686.rpm)
Using PERL_000.RPM;1 for ././BIGIP1020/i686/perl-Config-IniFiles-2.39-156.0.i686.rpm (perl-Config-Crontab-1.03-156.0.i686.rpm)
Using OPENS000.RPM;1 for ././BIGIP1020/i686/openssh-4.3p2-36.el5_4.2.156.0.i686.rpm (openssh-server-4.3p2-36.el5_4.2.156.0.i686.rpm)
Using OPENS001.RPM;1 for ././BIGIP1020/i686/openssh-server-4.3p2-36.el5_4.2.156.0.i686.rpm (openssh-clients-4.3p2-36.el5_4.2.156.0.i686.rpm)
Using OPENL000.RPM;1 for ././BIGIP1020/i686/openldap-clients-2.3.43-3.el5.156.0.i686.rpm (openldap-2.3.43-3.el5.156.0.i686.rpm)
Using MONIT000.RPM;1 for ././BIGIP1020/i686/monitors-genericdb-10.2.0-1707.0.i686.rpm (monitors-10.2.0-1707.0.i686.rpm)
Using LIBSE000.RPM;1 for ././BIGIP1020/i686/libselinux-utils-1.33.4-5.5.el5.156.0.i686.rpm (libselinux-1.33.4-5.5.el5.156.0.i686.rpm)
Using LIBSE001.RPM;1 for ././BIGIP1020/i686/libselinux-1.33.4-5.5.el5.156.0.i686.rpm (libselinux-python-1.33.4-5.5.el5.156.0.i686.rpm)
Using LIBHA000.RPM;1 for ././BIGIP1020/i686/libhalmsg-10.2.0-1707.0.i686.rpm (libhalmsg-nonbj-10.2.0-1707.0.i686.rpm)
Using LIBDA000.RPM;1 for ././BIGIP1020/i686/libdatastor-10.2.0-1707.0.i686.rpm (libdatastor-large-10.2.0-1707.0.i686.rpm)
Using LCDPR000.RPM;1 for ././BIGIP1020/i686/lcdproc-apollo-0.5.2-4.fc9.156.0.i686.rpm (lcdproc-wanjet-0.5.2-4.fc9.156.0.i686.rpm)
Using LCDPR001.RPM;1 for ././BIGIP1020/i686/lcdproc-wanjet-0.5.2-4.fc9.156.0.i686.rpm (lcdproc-gemini-0.5.2-4.fc9.156.0.i686.rpm)
Using LCDPR002.RPM;1 for ././BIGIP1020/i686/lcdproc-gemini-0.5.2-4.fc9.156.0.i686.rpm (lcdproc-viprion-0.5.2-4.fc9.156.0.i686.rpm)
Using LCDPR003.RPM;1 for ././BIGIP1020/i686/lcdproc-viprion-0.5.2-4.fc9.156.0.i686.rpm (lcdproc-0.5.2-4.fc9.156.0.i686.rpm)
Using LCDPR004.RPM;1 for ././BIGIP1020/i686/lcdproc-0.5.2-4.fc9.156.0.i686.rpm (lcdproc-mercury-0.5.2-4.fc9.156.0.i686.rpm)
Using IPTAB000.RPM;1 for ././BIGIP1020/i686/iptables-1.3.5-5.3.el5.156.0.i686.rpm (iptables-ipv6-1.3.5-5.3.el5.156.0.i686.rpm)
Using ICONT000.RPM;1 for ././BIGIP1020/i686/iControl-modules-10.2.0-1707.0.i686.rpm (iControl-wsdl-10.2.0-1707.0.i686.rpm)
Using ICONT001.RPM;1 for ././BIGIP1020/i686/iControl-wsdl-10.2.0-1707.0.i686.rpm (iControl-handlers-10.2.0-1707.0.i686.rpm)
Using ICONT002.RPM;1 for ././BIGIP1020/i686/iControl-handlers-10.2.0-1707.0.i686.rpm (iControl-10.2.0-1707.0.i686.rpm)
Using HALTO000.RPM;1 for ././BIGIP1020/i686/haltools-moonshot-10.2.0-1707.0.i686.rpm (haltools-predator-10.2.0-1707.0.i686.rpm)
Using GEOIP000.RPM;1 for ././BIGIP1020/i686/geoip-1.0-10.2.0.1707.0.i686.rpm (GeoIP-1.4.5-1707.0.i686.rpm)
Using FWMGR000.RPM;1 for ././BIGIP1020/i686/fwmgr_bios-c107-10.2.0-1707.0.i686.rpm (fwmgr_bios-gemini-10.2.0-1707.0.i686.rpm)
Using FWMGR001.RPM;1 for ././BIGIP1020/i686/fwmgr_bios-gemini-10.2.0-1707.0.i686.rpm (fwmgr_bios-apollo-10.2.0-1707.0.i686.rpm)
Using FWMGR002.RPM;1 for ././BIGIP1020/i686/fwmgr_bios-apollo-10.2.0-1707.0.i686.rpm (fwmgr_bios-predator-10.2.0-1707.0.i686.rpm)
Using FWMGR003.RPM;1 for ././BIGIP1020/i686/fwmgr_bios-predator-10.2.0-1707.0.i686.rpm (fwmgr_bios-mercury-10.2.0-1707.0.i686.rpm)
Using FWMGR004.RPM;1 for ././BIGIP1020/i686/fwmgr_bios-mercury-10.2.0-1707.0.i686.rpm (fwmgr_bios-c106-10.2.0-1707.0.i686.rpm)
Using F5_PL000.RPM;1 for ././BIGIP1020/i686/f5-platform-common-10.2.0-1707.0.i686.rpm (f5-platform-id-D35-10.2.0-1707.0.i686.rpm)
Using F5_PL001.RPM;1 for ././BIGIP1020/i686/f5-platform-id-D35-10.2.0-1707.0.i686.rpm (f5-platform-id-D68-10.2.0-1707.0.i686.rpm)
Using F5_PL002.RPM;1 for ././BIGIP1020/i686/f5-platform-id-D68-10.2.0-1707.0.i686.rpm (f5-platform-id-A107-10.2.0-1707.0.i686.rpm)
Using F5_PL003.RPM;1 for ././BIGIP1020/i686/f5-platform-id-A107-10.2.0-1707.0.i686.rpm (f5-platform-id-C36-10.2.0-1707.0.i686.rpm)
Using F5_PL004.RPM;1 for ././BIGIP1020/i686/f5-platform-id-C36-10.2.0-1707.0.i686.rpm (f5-platform-id-D54-10.2.0-1707.0.i686.rpm)
Using F5_PL005.RPM;1 for ././BIGIP1020/i686/f5-platform-id-D54-10.2.0-1707.0.i686.rpm (f5-platform-id-D43-10.2.0-1707.0.i686.rpm)
Using F5_PL006.RPM;1 for ././BIGIP1020/i686/f5-platform-id-D43-10.2.0-1707.0.i686.rpm (f5-platform-family-virtual-appliance-10.2.0-1707.0.i686.rpm)
Using F5_PL007.RPM;1 for ././BIGIP1020/i686/f5-platform-family-virtual-appliance-10.2.0-1707.0.i686.rpm (f5-platform-id-D38-10.2.0-1707.0.i686.rpm)
Using F5_PL008.RPM;1 for ././BIGIP1020/i686/f5-platform-id-D38-10.2.0-1707.0.i686.rpm (f5-platform-id-D100-10.2.0-1707.0.i686.rpm)
Using F5_PL009.RPM;1 for ././BIGIP1020/i686/f5-platform-id-D100-10.2.0-1707.0.i686.rpm (f5-platform-family-predator-10.2.0-1707.0.i686.rpm)
Using F5_PL00A.RPM;1 for ././BIGIP1020/i686/f5-platform-family-predator-10.2.0-1707.0.i686.rpm (f5-platform-id-C107-10.2.0-1707.0.i686.rpm)
Using F5_PL00B.RPM;1 for ././BIGIP1020/i686/f5-platform-id-C107-10.2.0-1707.0.i686.rpm (f5-platform-family-swiftcurrent-10.2.0-1707.0.i686.rpm)
Using F5_PL00C.RPM;1 for ././BIGIP1020/i686/f5-platform-family-swiftcurrent-10.2.0-1707.0.i686.rpm (f5-platform-id-C62a-10.2.0-1707.0.i686.rpm)
Using F5_PL00D.RPM;1 for ././BIGIP1020/i686/f5-platform-id-C62a-10.2.0-1707.0.i686.rpm (f5-platform-id-Mercury-10.2.0-1707.0.i686.rpm)
Using F5_PL00E.RPM;1 for ././BIGIP1020/i686/f5-platform-id-Mercury-10.2.0-1707.0.i686.rpm (f5-platform-family-hsibj-10.2.0-1707.0.i686.rpm)
Using F5_PL00F.RPM;1 for ././BIGIP1020/i686/f5-platform-family-hsibj-10.2.0-1707.0.i686.rpm (f5-platform-family-appliance-10.2.0-1707.0.i686.rpm)
Using F5_PL00G.RPM;1 for ././BIGIP1020/i686/f5-platform-family-appliance-10.2.0-1707.0.i686.rpm (f5-platform-id-D51-10.2.0-1707.0.i686.rpm)
Using F5_PL00H.RPM;1 for ././BIGIP1020/i686/f5-platform-id-D51-10.2.0-1707.0.i686.rpm (f5-platform-id-C106-10.2.0-1707.0.i686.rpm)
Using F5_PL00I.RPM;1 for ././BIGIP1020/i686/f5-platform-id-C106-10.2.0-1707.0.i686.rpm (f5-platform-id-Z100-10.2.0-1707.0.i686.rpm)
Using F5_PL00J.RPM;1 for ././BIGIP1020/i686/f5-platform-id-Z100-10.2.0-1707.0.i686.rpm (f5-platform-id-C100-10.2.0-1707.0.i686.rpm)
Using F5_PL00K.RPM;1 for ././BIGIP1020/i686/f5-platform-id-C100-10.2.0-1707.0.i686.rpm (f5-platform-debuginfo-10.2.0-1707.0.i686.rpm)
Using F5_PL00L.RPM;1 for ././BIGIP1020/i686/f5-platform-debuginfo-10.2.0-1707.0.i686.rpm (f5-platform-id-D63-10.2.0-1707.0.i686.rpm)
Using F5_PL00M.RPM;1 for ././BIGIP1020/i686/f5-platform-id-D63-10.2.0-1707.0.i686.rpm (f5-platform-id-D101-10.2.0-1707.0.i686.rpm)
Using F5_PL00N.RPM;1 for ././BIGIP1020/i686/f5-platform-id-D101-10.2.0-1707.0.i686.rpm (f5-platform-family-moonshot-10.2.0-1707.0.i686.rpm)
Using F5_PL00O.RPM;1 for ././BIGIP1020/i686/f5-platform-family-moonshot-10.2.0-1707.0.i686.rpm (f5-platform-id-D84-10.2.0-1707.0.i686.rpm)
Using F5_PL00P.RPM;1 for ././BIGIP1020/i686/f5-platform-id-D84-10.2.0-1707.0.i686.rpm (f5-platform-id-D144-10.2.0-1707.0.i686.rpm)
Using F5_PL00Q.RPM;1 for ././BIGIP1020/i686/f5-platform-id-D144-10.2.0-1707.0.i686.rpm (f5-platform-id-A100-10.2.0-1707.0.i686.rpm)
Using F5_PL00R.RPM;1 for ././BIGIP1020/i686/f5-platform-id-A100-10.2.0-1707.0.i686.rpm (f5-platform-id-D46-10.2.0-1707.0.i686.rpm)
Using F5_PL00S.RPM;1 for ././BIGIP1020/i686/f5-platform-id-D46-10.2.0-1707.0.i686.rpm (f5-platform-id-Z101-10.2.0-1707.0.i686.rpm)
Using F5_PL00T.RPM;1 for ././BIGIP1020/i686/f5-platform-id-Z101-10.2.0-1707.0.i686.rpm (f5-platform-id-D63a-10.2.0-1707.0.i686.rpm)
Using F5_PL00U.RPM;1 for ././BIGIP1020/i686/f5-platform-id-D63a-10.2.0-1707.0.i686.rpm (f5-platform-id-D88-10.2.0-1707.0.i686.rpm)
Using F5_PL00V.RPM;1 for ././BIGIP1020/i686/f5-platform-id-D88-10.2.0-1707.0.i686.rpm (f5-platform-id-E102-10.2.0-1707.0.i686.rpm)
Using F5_PL00W.RPM;1 for ././BIGIP1020/i686/f5-platform-id-E102-10.2.0-1707.0.i686.rpm (f5-platform-id-E101-10.2.0-1707.0.i686.rpm)
Using F5_PL00X.RPM;1 for ././BIGIP1020/i686/f5-platform-id-E101-10.2.0-1707.0.i686.rpm (f5-platform-id-Gemini-10.2.0-1707.0.i686.rpm)
Using F5_PL00Y.RPM;1 for ././BIGIP1020/i686/f5-platform-id-Gemini-10.2.0-1707.0.i686.rpm (f5-platform-id-C62-10.2.0-1707.0.i686.rpm)
Using E2FSP000.RPM;1 for ././BIGIP1020/i686/e2fsprogs-1.39-23.el5.156.0.i686.rpm (e2fsprogs-libs-1.39-23.el5.156.0.i686.rpm)
Using DEVIC000.RPM;1 for ././BIGIP1020/i686/device-mapper-1.02.32-1.el5.156.0.i686.rpm (device-mapper-multipath-0.4.7-30.el5.156.0.i686.rpm)
Using DEVIC001.RPM;1 for ././BIGIP1020/i686/device-mapper-multipath-0.4.7-30.el5.156.0.i686.rpm (device-mapper-event-1.02.32-1.el5.156.0.i686.rpm)
Using DATAS000.RPM;1 for ././BIGIP1020/i686/datastor-10.2.0-1707.0.i686.rpm (datastor-large-10.2.0-1707.0.i686.rpm)
Using CYRUS000.RPM;1 for ././BIGIP1020/i686/cyrus-sasl-2.1.22-5.el5.156.0.i686.rpm (cyrus-sasl-lib-2.1.22-5.el5.156.0.i686.rpm)
Using CYRUS001.RPM;1 for ././BIGIP1020/i686/cyrus-sasl-lib-2.1.22-5.el5.156.0.i686.rpm (cyrus-sasl-gssapi-2.1.22-5.el5.156.0.i686.rpm)
Using CRACK000.RPM;1 for ././BIGIP1020/i686/cracklib-2.8.9-3.3.156.0.i686.rpm (cracklib-dicts-2.8.9-3.3.156.0.i686.rpm)
Using AUDIT000.RPM;1 for ././BIGIP1020/i686/audit-libs-python-1.7.13-2.el5_3.156.0.i686.rpm (audit-libs-1.7.13-2.el5_3.156.0.i686.rpm)
Using WOC_A000.RPM;1 for ././BIGIP1020/noarch/woc-application-10.2.0-1707.0.noarch.rpm (woc-application-lm-10.2.0-1707.0.noarch.rpm)
Using TS_MN000.RPM;1 for ././BIGIP1020/noarch/TS-mng-install-10.2.0-1707.0.noarch.rpm (TS-mng-idl-10.2.0-1707.0.noarch.rpm)
Using SELIN000.RPM;1 for ././BIGIP1020/noarch/selinux-policy-2.4.6-255.el5.1707.0.noarch.rpm (selinux-policy-targeted-2.4.6-255.el5.1707.0.noarch.rpm)
Using PERL_000.RPM;1 for ././BIGIP1020/noarch/perl-XML-Simple-2.13-156.0.noarch.rpm (perl-XML-NamespaceSupport-1.09-156.0.noarch.rpm)
Using PERL_001.RPM;1 for ././BIGIP1020/noarch/perl-Class-Trigger-0.10-156.0.noarch.rpm (perl-Class-DBI-mysql-1.00-156.0.noarch.rpm)
Using PERL_002.RPM;1 for ././BIGIP1020/noarch/perl-Class-DBI-mysql-1.00-156.0.noarch.rpm (perl-Class-Data-Inheritable-0.04-156.0.noarch.rpm)
Using PERL_003.RPM;1 for ././BIGIP1020/noarch/perl-XML-NamespaceSupport-1.09-156.0.noarch.rpm (perl-XML-SAX-0.12-156.0.noarch.rpm)
Using PERL_004.RPM;1 for ././BIGIP1020/noarch/perl-XML-SAX-0.12-156.0.noarch.rpm (perl-XML-DOM-1.44-4.fc9.156.0.noarch.rpm)
Using PERL_005.RPM;1 for ././BIGIP1020/noarch/perl-Class-Data-Inheritable-0.04-156.0.noarch.rpm (perl-Class-DBI-3.0.14-156.0.noarch.rpm)
Using PERL_006.RPM;1 for ././BIGIP1020/noarch/perl-XML-DOM-1.44-4.fc9.156.0.noarch.rpm (perl-XML-Twig-3.32-156.0.noarch.rpm)
Using PERL_007.RPM;1 for ././BIGIP1020/noarch/perl-XML-Twig-3.32-156.0.noarch.rpm (perl-XML-Encoding-1.01-23.1707.0.noarch.rpm)
Using PERL_008.RPM;1 for ././BIGIP1020/noarch/perl-XML-Encoding-1.01-23.1707.0.noarch.rpm (perl-XML-RegExp-0.03-4.fc9.156.0.noarch.rpm)
Using PERL_009.RPM;1 for ././BIGIP1020/noarch/perl-Class-DBI-3.0.14-156.0.noarch.rpm (perl-Class-Accessor-0.25-156.0.noarch.rpm)
Using PERL_00A.RPM;1 for ././BIGIP1020/noarch/perl-XML-RegExp-0.03-4.fc9.156.0.noarch.rpm (perl-XML-XPath-1.13-156.0.noarch.rpm)
Using PERL_00B.RPM;1 for ././BIGIP1020/noarch/perl-JSON-RPC-0.96-1707.0.noarch.rpm (perl-JSON-2.15-156.0.noarch.rpm)
Using F5_CO000.RPM;1 for ././BIGIP1020/noarch/f5-console-serial-10.2.0-1707.0.noarch.rpm (f5-console-vga-10.2.0-1707.0.noarch.rpm)
Using F5CON000.RPM;1 for ././BIGIP1020/noarch/f5config-10.2.0-1707.0.noarch.rpm (f5config-sccp-10.2.0-1707.0.noarch.rpm)
Using F5CON001.RPM;1 for ././BIGIP1020/noarch/f5config-sccp-10.2.0-1707.0.noarch.rpm (f5config-aom-10.2.0-1707.0.noarch.rpm)
Using COMMO000.RPM;1 for ././BIGIP1020/noarch/commons-fileupload-1.2.1-1.156.0.noarch.rpm (commons-io-1.4-1.156.0.noarch.rpm)
Using F5_PL000.RPM;1 for ././BIGIP1020/x86_64/f5-platform-id-C107-10.2.0-1707.0.x86_64.rpm (f5-platform-id-Gemini-10.2.0-1707.0.x86_64.rpm)
Using F5_PL001.RPM;1 for ././BIGIP1020/x86_64/f5-platform-id-Gemini-10.2.0-1707.0.x86_64.rpm (f5-platform-debuginfo-10.2.0-1707.0.x86_64.rpm)
Using F5_PL002.RPM;1 for ././BIGIP1020/x86_64/f5-platform-debuginfo-10.2.0-1707.0.x86_64.rpm (f5-platform-id-Z100-10.2.0-1707.0.x86_64.rpm)
Using F5_PL003.RPM;1 for ././BIGIP1020/x86_64/f5-platform-id-Z100-10.2.0-1707.0.x86_64.rpm (f5-platform-id-C106-10.2.0-1707.0.x86_64.rpm)
Using F5_PL004.RPM;1 for ././BIGIP1020/x86_64/f5-platform-id-C106-10.2.0-1707.0.x86_64.rpm (f5-platform-family-moonshot-10.2.0-1707.0.x86_64.rpm)
Using F5_PL005.RPM;1 for ././BIGIP1020/x86_64/f5-platform-family-moonshot-10.2.0-1707.0.x86_64.rpm (f5-platform-family-predator-10.2.0-1707.0.x86_64.rpm)
Using F5_PL006.RPM;1 for ././BIGIP1020/x86_64/f5-platform-family-predator-10.2.0-1707.0.x86_64.rpm (f5-platform-id-D43-10.2.0-1707.0.x86_64.rpm)
Using F5_PL007.RPM;1 for ././BIGIP1020/x86_64/f5-platform-id-D43-10.2.0-1707.0.x86_64.rpm (f5-platform-id-D101-10.2.0-1707.0.x86_64.rpm)
Using F5_PL008.RPM;1 for ././BIGIP1020/x86_64/f5-platform-id-D101-10.2.0-1707.0.x86_64.rpm (f5-platform-id-D68-10.2.0-1707.0.x86_64.rpm)
Using F5_PL009.RPM;1 for ././BIGIP1020/x86_64/f5-platform-id-D68-10.2.0-1707.0.x86_64.rpm (f5-platform-id-E101-10.2.0-1707.0.x86_64.rpm)
Using F5_PL00A.RPM;1 for ././BIGIP1020/x86_64/f5-platform-id-E101-10.2.0-1707.0.x86_64.rpm (f5-platform-id-C62-10.2.0-1707.0.x86_64.rpm)
Using F5_PL00B.RPM;1 for ././BIGIP1020/x86_64/f5-platform-id-C62-10.2.0-1707.0.x86_64.rpm (f5-platform-id-C100-10.2.0-1707.0.x86_64.rpm)
Using F5_PL00C.RPM;1 for ././BIGIP1020/x86_64/f5-platform-id-C100-10.2.0-1707.0.x86_64.rpm (f5-platform-id-D54-10.2.0-1707.0.x86_64.rpm)
Using F5_PL00D.RPM;1 for ././BIGIP1020/x86_64/f5-platform-id-D54-10.2.0-1707.0.x86_64.rpm (f5-platform-id-D84-10.2.0-1707.0.x86_64.rpm)
Using F5_PL00E.RPM;1 for ././BIGIP1020/x86_64/f5-platform-id-D84-10.2.0-1707.0.x86_64.rpm (f5-platform-family-appliance-10.2.0-1707.0.x86_64.rpm)
Using F5_PL00F.RPM;1 for ././BIGIP1020/x86_64/f5-platform-family-appliance-10.2.0-1707.0.x86_64.rpm (f5-platform-id-D63-10.2.0-1707.0.x86_64.rpm)
Using F5_PL00G.RPM;1 for ././BIGIP1020/x86_64/f5-platform-id-D63-10.2.0-1707.0.x86_64.rpm (f5-platform-family-hsibj-10.2.0-1707.0.x86_64.rpm)
Using F5_PL00H.RPM;1 for ././BIGIP1020/x86_64/f5-platform-family-hsibj-10.2.0-1707.0.x86_64.rpm (f5-platform-id-C62a-10.2.0-1707.0.x86_64.rpm)
Using F5_PL00I.RPM;1 for ././BIGIP1020/x86_64/f5-platform-id-C62a-10.2.0-1707.0.x86_64.rpm (f5-platform-id-D35-10.2.0-1707.0.x86_64.rpm)
Using F5_PL00J.RPM;1 for ././BIGIP1020/x86_64/f5-platform-id-D35-10.2.0-1707.0.x86_64.rpm (f5-platform-id-D88-10.2.0-1707.0.x86_64.rpm)
Using F5_PL00K.RPM;1 for ././BIGIP1020/x86_64/f5-platform-id-D88-10.2.0-1707.0.x86_64.rpm (f5-platform-id-D46-10.2.0-1707.0.x86_64.rpm)
Using F5_PL00L.RPM;1 for ././BIGIP1020/x86_64/f5-platform-id-D46-10.2.0-1707.0.x86_64.rpm (f5-platform-id-Mercury-10.2.0-1707.0.x86_64.rpm)
Using F5_PL00M.RPM;1 for ././BIGIP1020/x86_64/f5-platform-id-Mercury-10.2.0-1707.0.x86_64.rpm (f5-platform-id-A107-10.2.0-1707.0.x86_64.rpm)
Using F5_PL00N.RPM;1 for ././BIGIP1020/x86_64/f5-platform-id-A107-10.2.0-1707.0.x86_64.rpm (f5-platform-id-D144-10.2.0-1707.0.x86_64.rpm)
Using F5_PL00O.RPM;1 for ././BIGIP1020/x86_64/f5-platform-id-D144-10.2.0-1707.0.x86_64.rpm (f5-platform-id-D63a-10.2.0-1707.0.x86_64.rpm)
Using F5_PL00P.RPM;1 for ././BIGIP1020/x86_64/f5-platform-id-D63a-10.2.0-1707.0.x86_64.rpm (f5-platform-id-A100-10.2.0-1707.0.x86_64.rpm)
Using F5_PL00Q.RPM;1 for ././BIGIP1020/x86_64/f5-platform-id-A100-10.2.0-1707.0.x86_64.rpm (f5-platform-family-virtual-appliance-10.2.0-1707.0.x86_64.rpm)
Using F5_PL00R.RPM;1 for ././BIGIP1020/x86_64/f5-platform-family-virtual-appliance-10.2.0-1707.0.x86_64.rpm (f5-platform-id-C36-10.2.0-1707.0.x86_64.rpm)
Using F5_PL00S.RPM;1 for ././BIGIP1020/x86_64/f5-platform-id-C36-10.2.0-1707.0.x86_64.rpm (f5-platform-id-D100-10.2.0-1707.0.x86_64.rpm)
Using F5_PL00T.RPM;1 for ././BIGIP1020/x86_64/f5-platform-id-D100-10.2.0-1707.0.x86_64.rpm (f5-platform-id-D38-10.2.0-1707.0.x86_64.rpm)
Using F5_PL00U.RPM;1 for ././BIGIP1020/x86_64/f5-platform-id-D38-10.2.0-1707.0.x86_64.rpm (f5-platform-family-swiftcurrent-10.2.0-1707.0.x86_64.rpm)
Using F5_PL00V.RPM;1 for ././BIGIP1020/x86_64/f5-platform-family-swiftcurrent-10.2.0-1707.0.x86_64.rpm (f5-platform-id-D51-10.2.0-1707.0.x86_64.rpm)
Using F5_PL00W.RPM;1 for ././BIGIP1020/x86_64/f5-platform-id-D51-10.2.0-1707.0.x86_64.rpm (f5-platform-common-10.2.0-1707.0.x86_64.rpm)
Using F5_PL00X.RPM;1 for ././BIGIP1020/x86_64/f5-platform-common-10.2.0-1707.0.x86_64.rpm (f5-platform-id-E102-10.2.0-1707.0.x86_64.rpm)
Using F5_PL00Y.RPM;1 for ././BIGIP1020/x86_64/f5-platform-id-E102-10.2.0-1707.0.x86_64.rpm (f5-platform-id-Z101-10.2.0-1707.0.x86_64.rpm)
Using DATAS000.RPM;1 for ././BIGIP1020/x86_64/datastor-10.2.0-1707.0.x86_64.rpm (datastor-drv-app-10.2.0-1707.0.x86_64.rpm)
Using DATAS001.RPM;1 for ././BIGIP1020/x86_64/datastor-drv-app-10.2.0-1707.0.x86_64.rpm (datastor-large-10.2.0-1707.0.x86_64.rpm)
1.25% done, estimate finish Sun Jun 26 21:58:00 2011
2.50% done, estimate finish Sun Jun 26 21:58:00 2011
3.75% done, estimate finish Sun Jun 26 21:58:00 2011
5.00% done, estimate finish Sun Jun 26 21:58:00 2011
6.25% done, estimate finish Sun Jun 26 21:58:00 2011
7.50% done, estimate finish Sun Jun 26 21:58:00 2011
8.75% done, estimate finish Sun Jun 26 21:58:11 2011
10.00% done, estimate finish Sun Jun 26 21:58:09 2011
11.25% done, estimate finish Sun Jun 26 21:58:08 2011
12.50% done, estimate finish Sun Jun 26 21:58:07 2011
13.76% done, estimate finish Sun Jun 26 21:58:07 2011
15.01% done, estimate finish Sun Jun 26 21:58:13 2011
16.25% done, estimate finish Sun Jun 26 21:58:12 2011
17.50% done, estimate finish Sun Jun 26 21:58:17 2011
18.75% done, estimate finish Sun Jun 26 21:58:21 2011
20.00% done, estimate finish Sun Jun 26 21:58:19 2011
21.25% done, estimate finish Sun Jun 26 21:58:18 2011
22.51% done, estimate finish Sun Jun 26 21:58:17 2011
23.76% done, estimate finish Sun Jun 26 21:58:16 2011
25.00% done, estimate finish Sun Jun 26 21:58:19 2011
26.25% done, estimate finish Sun Jun 26 21:58:22 2011
27.51% done, estimate finish Sun Jun 26 21:58:21 2011
28.76% done, estimate finish Sun Jun 26 21:58:24 2011
30.00% done, estimate finish Sun Jun 26 21:58:23 2011
31.26% done, estimate finish Sun Jun 26 21:58:22 2011
32.51% done, estimate finish Sun Jun 26 21:58:24 2011
33.76% done, estimate finish Sun Jun 26 21:58:23 2011
35.01% done, estimate finish Sun Jun 26 21:58:22 2011
36.25% done, estimate finish Sun Jun 26 21:58:22 2011
37.51% done, estimate finish Sun Jun 26 21:58:23 2011
38.75% done, estimate finish Sun Jun 26 21:58:23 2011
40.01% done, estimate finish Sun Jun 26 21:58:24 2011
41.26% done, estimate finish Sun Jun 26 21:58:24 2011
42.50% done, estimate finish Sun Jun 26 21:58:25 2011
43.76% done, estimate finish Sun Jun 26 21:58:25 2011
45.01% done, estimate finish Sun Jun 26 21:58:24 2011
46.26% done, estimate finish Sun Jun 26 21:58:23 2011
47.51% done, estimate finish Sun Jun 26 21:58:23 2011
48.76% done, estimate finish Sun Jun 26 21:58:22 2011
50.01% done, estimate finish Sun Jun 26 21:58:23 2011
51.26% done, estimate finish Sun Jun 26 21:58:23 2011
52.51% done, estimate finish Sun Jun 26 21:58:22 2011
53.76% done, estimate finish Sun Jun 26 21:58:22 2011
55.01% done, estimate finish Sun Jun 26 21:58:21 2011
56.26% done, estimate finish Sun Jun 26 21:58:21 2011
57.51% done, estimate finish Sun Jun 26 21:58:22 2011
58.76% done, estimate finish Sun Jun 26 21:58:22 2011
60.01% done, estimate finish Sun Jun 26 21:58:23 2011
61.26% done, estimate finish Sun Jun 26 21:58:24 2011
62.51% done, estimate finish Sun Jun 26 21:58:23 2011
63.76% done, estimate finish Sun Jun 26 21:58:23 2011
65.01% done, estimate finish Sun Jun 26 21:58:23 2011
66.26% done, estimate finish Sun Jun 26 21:58:24 2011
67.51% done, estimate finish Sun Jun 26 21:58:25 2011
68.76% done, estimate finish Sun Jun 26 21:58:24 2011
70.01% done, estimate finish Sun Jun 26 21:58:24 2011
71.26% done, estimate finish Sun Jun 26 21:58:23 2011
72.51% done, estimate finish Sun Jun 26 21:58:24 2011
73.76% done, estimate finish Sun Jun 26 21:58:24 2011
75.01% done, estimate finish Sun Jun 26 21:58:23 2011
76.26% done, estimate finish Sun Jun 26 21:58:23 2011
77.51% done, estimate finish Sun Jun 26 21:58:24 2011
78.76% done, estimate finish Sun Jun 26 21:58:24 2011
80.01% done, estimate finish Sun Jun 26 21:58:24 2011
81.26% done, estimate finish Sun Jun 26 21:58:25 2011
82.51% done, estimate finish Sun Jun 26 21:58:25 2011
83.76% done, estimate finish Sun Jun 26 21:58:25 2011
85.01% done, estimate finish Sun Jun 26 21:58:24 2011
86.26% done, estimate finish Sun Jun 26 21:58:25 2011
87.51% done, estimate finish Sun Jun 26 21:58:26 2011
88.76% done, estimate finish Sun Jun 26 21:58:25 2011
90.01% done, estimate finish Sun Jun 26 21:58:26 2011
91.26% done, estimate finish Sun Jun 26 21:58:26 2011
92.51% done, estimate finish Sun Jun 26 21:58:25 2011
93.76% done, estimate finish Sun Jun 26 21:58:25 2011
95.01% done, estimate finish Sun Jun 26 21:58:25 2011
96.26% done, estimate finish Sun Jun 26 21:58:25 2011
97.51% done, estimate finish Sun Jun 26 21:58:26 2011
98.76% done, estimate finish Sun Jun 26 21:58:27 2011
Total translation table size: 0
Total rockridge attributes bytes: 72463
Total directory bytes: 135168
Path table size(bytes): 304
Max brk space used a3000
399956 extents written (781 MB)
Inserting md5sum into iso image...
md5 = cce0625d016f8571974647453cc6fd78
Inserting fragment md5sums into iso image...
fragmd5 = e3e88cee8adb0fcb92fe92e3a465ceb2b49ee5c4d1e47e46e153d687dcce
frags = 20
Setting supported flag to 0
done
Moving repository ISO to thumb drive (this will take a while) ...done
Product setup complete.
Flushing disk buffer (this may take a while)... done
[root@BIGIP-6400:Active] cd #




==========================

F5 solution documents used for this blog:

sol11686 - Change in Behavior: When the BIG-IP system is booted from a USB removable media, a manufacturing installation dialog is automatically displayed
http://support.f5.com/kb/en-us/solutions/public/11000/600/sol11686.html

Creating a USB Drive: http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip_gs_10_0_0/bip_gs_app_b_thmb.html#1026618

sol10819 - Performing a clean installation of BIG-IP version 10.x or Enterprise Manager 2.x
http://support.f5.com/kb/en-us/solutions/public/10000/800/sol10819.html

sol751 - Backing up and restoring BIG-IP configuration files
http://support.f5.com/kb/en-us/solutions/public/0000/700/sol751.html

sol11396a - Error Message: Terminal error: System memory of 1 GiB is insufficient for 'format=volumes' with this product image; 1.5 GiB is required
http://support.f5.com/kb/en-us/solutions/public/11000/300/sol11396a

Youtube - Preparing F5 USB boot disk
http://www.youtube.com/watch?v=-KQ7MMWlwp4
Posted by at 1 comment:

Wednesday, June 22, 2011

Upgrading F5 Big-IP from version 9.1.x to 9.3.1 - Local Install

1. Download the image (.im) and accompanying md5 file from the F5 support site.

2. SCP to your Big-IP and transfer the image and md5 file to the directory /shared/tmp

3. Connect to the Console port of your Big-IP. This ensures during reboot you do not loose connectivity to the CLI of the Big-IP.

4. Extract the .im file and run installation script. Apply the following command:
im local-install-9.3.1.37.1.im

5. The system then prompts you for some installation options to be selected.
Posted by at No comments:

Tuesday, May 31, 2011

IPv6

Resources
====================================================

## IPv6 Test sites: They are used to test the readiness of your host to communitcate over IPv6. Test sites include:

* http://www.test-ipv6.com
* http://www.ipv6-test.com

## IPv6 Brokers: They are required to connect your IPv6 enabled hosts to the IPv6 Internet world through IPv4 networks. Your network edge will still have a IPv4 Internet connection, whilst hosts behind it will be IPv6. IPv6 brokers includes , Hurricane Electric Services or browse to "http://tunnelbroker.net/". A more thorough list can be found on Wikipedia:

*http://en.wikipedia.org/wiki/List_of_IPv6_tunnel_brokers

##Blogs:

How to configure a Cisco router to connect to the IPv6 world via a Network broker:
*http://blog.howardtang.com/tag/ipv6-cisco-configuration/
Posted by at No comments:

Sunday, March 27, 2011

Displaying the configuration on JUNOS or SRX

The configuration on a JUNOS based device can be displayed in two different formats - "JUNOS" or "set-based". Set-based means the configuration will be displayed as commands you would enter at the CLI to apply a configuration. JUNOS based displays the configuration file which you can edit at the CLI. The commands to apply are:

1. Set based:
show | display set | no-more

2. JUNOS based:
show | no-more
Posted by at No comments:

Upgrading Big-IP 10.2.0 1755.1 to 10.2.0 1789.0

1. Download the image or *.iso file from the F5 support site.

2. SCP to the Big-IP device and copy the iso file to the directory /shared/images

3. Apply the following command to install the Hotfix image. Note, the Hotfix image can be installed in an empty partition:

bigpipe software desired HD1.3 product BIG-IP version 10.2.0 build 1789.0

4. Configure the device to boot from the location where the new image is installed:
switchboot -b
e.g. switchboot -b HD1.3

5. Reboot the entire device. Apply the command:
full_box_reboot
Posted by at No comments:

Friday, March 4, 2011

Cisco Flexlinks

Cisco Flexlinks provide a layer 2 redundant link solution. It is often considered an alternate solution to Spanning-Tree protocol where STP is undesired. With Flexlinks redundant paths are manually configured by the network administrator, in comparison to STP where the redundant paths are calculated and formed dynamically by the Spanning-Tree protocol.

Advantages:
* Spanning-Tree Protocol Independant.
* No BPDUs across links.
* Fast convergence - testing shows convergence at approximately 110ms.
* Traffic can be load shared across the redundant links.
* Neighbouring switches are not affected by local network Spanning-Tree recalculations.
* Failure of an Etherchannel where STP is not running between interconnecting neighbours can cause network loops and subsequent broadcast storms.

Disadvantages
* Maximum of 16 Flexlink pairs.
* RSTP convergence can be quicker - sub-second.
* Dynamic loop prevention.
* Less administrative management.
* Etherchannel can load-balance and provide redundancy.
* Does not support load-balancing, only load sharing (allocation of VLANs per link).

Testing Scenarios:
3750 (Flexlink) -to- 3750 (STP)

TOP-SWITCH#show run int gi 1/0/21
Building configuration...

Current configuration : 351 bytes
!
interface GigabitEthernet1/0/21
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 237
switchport mode trunk
switchport backup interface Gi1/0/23
switchport backup interface Gi1/0/23 mmu primary vlan 237
switchport backup interface Gi1/0/23 preemption mode forced
switchport backup interface Gi1/0/23 preemption delay 60
end

TOP-SWITCH#show run int gi 1/0/23
Building configuration...

Current configuration : 135 bytes
!
interface GigabitEthernet1/0/23
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 237
switchport mode trunk
end

TOP-SWITCH#

Middle-Switch#show run int fa 2/0/45
Building configuration...

Current configuration : 156 bytes
!
interface FastEthernet2/0/45
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 237
switchport mode trunk
spanning-tree portfast
end

Middle-Switch#show run int fa 2/0/47
Building configuration...

Current configuration : 156 bytes
!
interface FastEthernet2/0/47
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 237
switchport mode trunk
spanning-tree portfast
end

Middle-Switch#

Diagnostics:
=======================
TOP-SWITCH#show interfaces switchport backup detail

Switch Backup Interface Pairs:

Active Interface Backup Interface State
------------------------------------------------------------------------
GigabitEthernet1/0/21 GigabitEthernet1/0/23 Active Up/Backup Standby


Interface Pair : Gi1/0/21, Gi1/0/23
Preemption Mode : forced
Preemption Delay : 60 seconds
Bandwidth : 100000 Kbit (Gi1/0/21), 100000 Kbit (Gi1/0/23)
Mac Address Move Update Vlan : 237

TOP-SWITCH#

TOP-SWITCH#show mac-address-table move update
Switch-ID : 033d.ae01.6210
Dst mac-address : 0120.d100.0010
Vlans/Macs supported : 1023/6272
Default/Current settings: Rcv Off/Off, Xmt Off/Off
Max packets per min : Rcv 40, Xmt 60

Rcv packet count : 0
Rcv conforming packet count : 0
Rcv invalid packet count : 0
Rcv packet count this min : 0
Rcv threshold exceed count : 0
Rcv last sequence# this min : 0
Rcv last interface : None
Rcv last src-mac-address : 0000.0000.0000
Rcv last switch-ID : 0000.0000.0000

Xmt packet count : 0
Xmt packet count this min : 0
Xmt threshold exceed count : 0
Xmt pak buf unavail cnt : 0
Xmt last interface : None
TOP-SWITCH#
Posted by at No comments:

Monday, February 28, 2011

Aspera FASP ( Fast and Secure Protocol )

Aspera transfers use one TCP port for session initialization and control, and one UDP port for data transfer. The TCP port is usually either 22 (default port for SSH) or 33001, and the UDP port is by default 33001.
Control: TCP Port 22 (SSH)
Data: UDP Port 33001-33020

Both connections are initiated by the client. The UDP is negotiated between the server and client. Unix servers are are to run parrallel connections over the single port 33001. Windows operating systems require that unique ports for each transfer - a range of ports from 33001-33020 should be opened for multiple connections to the server.

Risks:
======
1) Firewalls can interpret the number of UDP transactions (2000+ per second) as a denial of server attack. Security features such as Screens available on the Juniper SRX will need to be tuned to allow the high number of transactions. The UDP flood event is identified in the Junos logs as:
RT_IDS: RT_SCREEN_UDP: UDP flood! source: 1.1.1.1:33001, destination: 2.2.2.2:8883, zone name: Untrust, interface name: reth3.0

This has the potential of allowing the sending of a large number of UDP packets containing 4 data bytes (all zeros) and coming from one source port to random destination ports on the target host. The target host returns ICMP Port Unreachable messages. The target slows down because it is busy processing the UDP packets, and at this point, there will be little or no network bandwidth left (Ref: Hack blog).

2) The applications can also pose a considerable risk to enterprise network bandwidth, potentially impacting business-critical applications. Since their data transfer rate is adapted to the available bandwidth on the end-to-end path, enterprises can protect their critical network segments by using appropriate bandwidth controls. On the Palo Alto Networks Next Generation Firewalls, the App-ID technology identifies all traffic from this application as FASP. Security and QoS policies can then be configured, based on the application, to deny, allow, or rate-limit the traffic according to defined bandwidth limits. Whatever application and bandwidth usage policies businesses come up with, Network and Security administrators will need to equip themselves with the right tools to enforce them (Ref: Palo Alto Networks).
Posted by at No comments:

Saturday, January 29, 2011

Upgrading F5 Big-IP from version 9.3.x or 9.4.x to 10.x

Upgrading Big-IP from version 9.3.x or 9.4.x to 10.x
======================================================
This installation was performed on a Big-IP 3600. Hardware details are as follows:
PLATFORM INFORMATION --
| Marketing Name: BIG-IP 3600
| BIOS Rev: AMIBIOS(C)2006 American Megatrends, Inc. F5 Platform: MERCURY OBJ-0272-03 BIOS S10.0 Date:04/24/2009
| base MAC: 00:00:00:00:00:00
+-> SYSTEM INFO
| Type: C103
| Chassis serial: f5-yyyy-xxxx Level 200 part: 200-0293-11 REV A
| Memory: 3.437GB
+-> HARDWARE CARDS
| | Type: pic Model: F5 cpld
| | version: 0x13
| | Type: crypto Model: Cavium NITROX-PX
| | version: CNPx-MC-SSL-MAIN-MC1-0001
+-> CPU 0
| | Type: Intel(R) Core(TM)2 Duo CPU E6400 @ 2.13GHz Speed: 2133.469MHz
| | Temp: 37degC Fan speed: 10546rpm


1. Download the iso and md5 files from the F5 website.

2. SCP to your F5 Big-IP appliance.

3. Transfer files downloaded in step 1 to the directory “/shared/images”. Create this directory if it does not exist.

4. Login to the CLI of the device using the root account. Verify the integrity of the images. Apply the following commands:

md5sum /shared/images/BIGIP-10.0.1.283.0.iso
cat /shared/images/BIGIP-10.0.1.283.0.md5

Visually check that the hash values outputs are identical.

5. Login to the CLI of the device using the root account. Install the configuration utility “image2disk” – the iso image contains the image2disk utility. Apply the following command to install the utlity:

im /shared/images/BIGIP-10.0.1.283.0.iso

The process copies over the image2disk installation utility, and then presents a status message, which lets you know that the im command is no longer supported, and tells you how to proceed.

/tmp/rpmdisk.173hO1 /shared/images
info: media has tm_install version 2.6.2, release 40.0
info: adding bin/../isolinux/install/tm_install.rpm to system...
info: media has perl-RPM2 version 0.67, release 10.0.0.4598.0
info: adding bin/../isolinux/install/perl-RPM2.rpm to system...
The im utility is no longer used to upgrade software images.
Please use 'image2disk'. For help, use 'image2disk -h'.
You must always install to an image location that is not in use.
Here is your current image-location status:
HD1.1 active no default no title BIG-IP 9.1.2 Build 40.2
HD1.2 active yes default yes title BIG-IP 9.3.1 Build 37.1


6. Determine which HD slot to install the new in using the switchboot utility. You must install the image on an inactive slot. Apply the following command:

switchboot –l

Sample output:
[root@F5:Active] / # switchboot –l
Current boot image:
HD1.1 - BIG-IP 9.4.8 Build 355.0
Default boot image:
HD1.1 - BIG-IP 9.4.8 Build 355.0
Available boot image(s):
HD1.1 - BIG-IP 9.4.8 Build 355.0
HD1.2 - BIG-IP 9.4.8 Build 355.0
[root@F5:Active] / #

7. Install the new image. This step will reformat the disk to use Logical Volume Management. Apply the following command as the root using the CLI:
image2disk --instslot=HD1.2 --format=volumes /shared/images/BIGIP-10.0.1.283.0.iso
The upgrade process installs the software on the inactive installation location (--instslot) that you specify. This process usually takes between three minutes and seven minutes.

8. Reboot the into the volume where you installed the new image:
switchboot -b HD1.2
reboot

Installing Hotfixes 10.x
1. Download the Hot fix files from F5:
• Hotfix-BIGIP-10.0.1-402.7-HF4.iso
• Hotfix-BIGIP-10.0.1-402.7-HF4.md5

2. SCP to the device and copy the downloaded hot fix files to the directory “/shared/images”. Login to the CLI and verify the files are recognised by the device. Apply the following command:
bigpipe software list
Sample output:
[admin@F5:Active] images # bigpipe software list
software {
desired {
HD1.1 {}
HD1.2 {
product "BIG-IP"
version "10.0.1"
build "283.0"
active enable
}
HD1.3 {}
}
hotfixes "Hotfix-BIGIP-10.0.1-402.7-HF4.iso"
images "BIGIP-10.0.1.283.0.iso"
}
[admin@F5:Active] images #
3. Verify the integrity of the files. Apply the following commands:
md5sum /shared/images/Hotfix-BIGIP-10.0.1-402.7-HF4.iso
cat /shared/images/Hotfix-BIGIP-10.0.1-402.7-HF4.md5

Visually check the hash values are the same from the output.

4. Verify the disk formatting scheme used by the device. Apply the following command:

lvscan
Sample output:
[admin@F5:Active] images # lvscan
lvscan -- ACTIVE "/dev/vg-db-sda/dat.share.1" [30 GB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/dat.log.1" [7 GB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.1.root" [256 MB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.1._config" [512 MB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.1._var" [3.25 GB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.1._usr" [1 GB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.2.root" [256 MB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.2._config" [512 MB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.2._var" [3.25 GB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.2._usr" [1 GB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.3.root" [256 MB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.3._config" [512 MB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.3._var" [3.25 GB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.3._usr" [1 GB] contiguous
lvscan -- 14 logical volumes with 52 GB total in 2 volume groups
lvscan -- 14 active logical volumes

[admin@F5:Active] images #

5. The Big-IP image and hotfix file into a volume which is NOT active. Check which volume is active – apply the following command:
bigpipe software
Sample output:
[admin@F5:Active] images # bigpipe software
SOFTWARE
+-> SOFTWARE STATUS
| Key Slot Product Version Build Active Status
| HD1.1 0 none none none no complete
| HD1.2 0 BIG-IP 10.0.1 283.0 yes complete
| HD1.3 0 none none none no complete
[admin@F5:Active] images #

6. Install the Big-IP image and hotfix file into the inactive volume.

a) First install the Big-IP image. Apply the following command:
bigpipe software desired HD1.3 product BIG-IP version 10.0.1 build 283.0
Sample Output:
[admin@F5:Active] images # bigpipe software desired HD1.3 product BIG-IP version 10.0.1 build 283.0
[admin@F5:Active] images # bigpipe software
SOFTWARE
+-> SOFTWARE STATUS
| Key Slot Product Version Build Active Status
| HD1.1 0 none none none no complete
| HD1.2 0 BIG-IP 10.0.1 283.0 yes complete
| HD1.3 0 BIG-IP 10.0.1 283.0 no installing 0.000 pct
[admin@F5:Active] images # bigpipe software
SOFTWARE
+-> SOFTWARE STATUS
| Key Slot Product Version Build Active Status
| HD1.1 0 none none none no complete
| HD1.2 0 BIG-IP 10.0.1 283.0 yes complete
| HD1.3 0 BIG-IP 10.0.1 283.0 no installing 3.000 pct
[admin@F5:Active] images #
[admin@F5:Active] images # bigpipe software
SOFTWARE
+-> SOFTWARE STATUS
| Key Slot Product Version Build Active Status
| HD1.1 0 none none none no complete
| HD1.2 0 BIG-IP 10.0.1 283.0 yes complete
| HD1.3 0 BIG-IP 10.0.1 283.0 no complete

b) Apply the hotfix onto the Big-IP image. Apply the following commands:
bigpipe software desired HD1.3 product BIG-IP version 10.0.1 build 402.7
Sample Output:
[admin@F5:Active] images # bigpipe software desired HD1.3 product BIG-IP version 10.0.1 build 402.7
[admin@F5:Active] images # bigpipe software
SOFTWARE
+-> SOFTWARE STATUS
| Key Slot Product Version Build Active Status
| HD1.1 0 none none none no complete
| HD1.2 0 BIG-IP 10.0.1 283.0 yes complete
| HD1.3 0 BIG-IP 10.0.1 402.7 no installing hotfix
[admin@F5:Active] images #

c) Boot into the volume containing the hotfix. Apply the following command:

switchboot -b HD1.3
reboot

Sample Output:
[admin@F5:Active] images # switchboot -b HD1.3
[admin@F5:Active] images # reboot

Broadcast message from root (pts/0) (Tue Jan 25 12:00:58 2011):

The system is going down for reboot NOW!
[admin@F5:Active] images #

References
F5: Manual Chapter: Using the image2disk and diskinit Utilities
F5: SOL11496
Posted by at 1 comment:
Subscribe to: Posts (Atom)