It's not the Network! Ok, maybe it's the network...

Jason Rahm

Subscribe to Jason Rahm: eMailAlertsEmail Alerts
Get Jason Rahm via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by Jason Rahm

Prior to v13, F5 DNS assumes that all devices in a cluster have knowledge about all virtual servers, which makes virtual server auto-discovery not function properly. In this article, we’ll cover the changes to the F5 DNS server object introduced in v13 to solve this problem. In the scenario below, we have 3 BIG-IPs in a device group. In that device group we have two traffic groups each serving a single floating virtual server, and then each BIG-IP has a non-floating virtual server.  Let’s look at the behavior prior to v13. When F5 DNS receives a get config message from BIG-IP A, it discovers the virtual servers it knows about, the two failover objects (vs1 & vs2) and the non-floating object (vs3.) All is well at this point, but then the problem should become obvious when we look at the status when F5 DNS receives a get config message from BIG-IP B. No... (more)

Accessing TCP Options from iRules

I’ve written several articles on the TCP profile (click here) and enjoy digging into TCP.  It’s a beast, and I am constantly re-learning the inner workings.  Still etched in my visual memory map, however, is the TCP header format, shown in Figure 1 below. Since 9.0 was released, TCP payload data (that which comes after the header) has been consumable in iRules via the TCP::payload and the port information has been available in the contextual commands TCP::local_port/TCP::remote_port and of course TCP::client_port/TCP::server_port.  Options, however, have been inaccessible.  Ho... (more)

Mitigate Java Vulnerability with iRules

I got a request yesterday morning to asking if there was a way to drop HTTP requests if a certain number was referenced in the Accept-Language header.  The user referenced this post on Exploring Binary.  The number, 2.2250738585072012e-308, causes the Java runtime and compiler to go into an infinite loop when converting it to double-precision binary floating-point.  Not good.  Twitter is ablaze on the issue, and there is a good discussion thread on Hacker News as well.  So how do you stop it?  At first, this appeared to be a no-brainer, just copy that string and drop if found in that... (more)

The Wait Is Over: Edit Your iRules on Linux!

DevCentral has many rock star contributors.  Most are not affiliated officially with F5 Networks, or DevCentral for that matter, but there are several F5ers who believe in the community, and really believe in the F5 story.  One of those F5ers is Matt Cauthorn, or as you know him in the community, L4L7.  You may recognize Matt as the author of pyControl.  Well, not only did he provide this entrance to a better iControl experience, he has also delivered in a major way with his Vim plugin for editing iRules (utilizing pyControl of course to make those calls to BIG-IP).  I had toyed ... (more)

Networking Options with LTM VE

Virtualization Expo on Ulitzer If you haven’t yet downloaded the  BIG-IP LTM VE trial, I highly suggest you do.  It is a fully-functional LTM, rate-limited to 1Mbps throughput.  If you’re not familiar with virtualized environments, hopefully this blog will fill in some blanks for how to get started on the network front. Getting Started Before downloading your VE image, you need to choose what virtualization environment you’re installing into.  The supported options in the type 1 hypervisor are VMWare ESX version 4 and ESXi version 4.  For the type 2 hypervisor (requiring a host O... (more)