I’ve written several articles on the TCP profile (click here) and enjoy
digging into TCP. It’s a beast, and I am constantly re-learning the inner
workings. Still etched in my visual memory map, however, is the TCP header
format, shown in Figure 1 below.
Since 9.0 was released, TCP payload data (that which comes after the header)
has been consumable in iRules via the TCP::payload and the port information
has been available in the contextual commands
TCP::local_port/TCP::remote_port and of course
TCP::client_port/TCP::server_port. Options, however, have been
inaccessible. However, beginning with version 10.2.0-HF2, it is now
possible to retrieve data from the options fields.
Preparing the BIG-IP
Currently, it is necessary to set a bigpipe database key with the option (or
options) of interest:
bigpipe db Rules.Tcpoption.settings [option, first|last], [option,
One time passwords, or OTP, are used (as the name indicates) for a single
session or transaction. The plus side is a more secure deployment, the
downside is two-fold—first, most solutions involve a token system, which is
costly in management, dollars, and complexity, and second, people are lousy
at remembering things, so a delivery system for that OTP is necessary. The
exercise in this tech tip is to employ BIG-IP APM to generate the OTP and
pass it to the user via an SMS Gateway, eliminating the need for a token
creating server/security appliance while reducing cost and comple... (more)
The default logon page for the Access Policy Manager module is pretty basic,
particularly so if only the minimal username and password is configured.
However, APM is wildly flexible. In this tech tip, I’ll cover customizing
the logon page by adding a dropdown box of services to the standard username
and password fields.
Introduction Background Information
The goal here is to provide access to multiple web applications behind APM
through the use of an admin-defined dropdown menu and different LTM pools for
each web application. We will be generating the list dynamically through t... (more)
Don’t get me wrong, regex is awesome, and entirely useful—sometimes
it’s the only option, it’s just not the best tool of choice for wire
speed applications. Often the sys-admin and network type converts to BIG-IP
will find the regexp tcl command and go that route because it’s familiar.
If that describes you, please let me introduce you to a couple more
These two commands will cover a great percentage of regexp’s use cases, and
will save significant resources on the system. Don’t buy it? Here’s
% set ip "10.10.20.200" 10.10.20.20... (more)
Welcome back for another episode of the ABC's of NSM. What's NSM you say?
We'll go with Network and System Management, but you could throw Security in
there as well. We'll work our way through the alphabet over the next
several weeks looking at tools and concepts along the way for all the
administrators out there. By the way, you can thank Joe for the format &
Don for the title (I couldn't for the life of me come up with one.)
Today's letter U is for Umbraco, an open-source .NET based content management
system. There are no shortages of CMS platforms. However, thanks to ... (more)