Category Archives: F5

A Flashback and a New Busy Year!

Dear Reader,

Thanks to spend your time reading this post on the first day of the new year.

The 2017 was a busy year regards projects and a new area i’ve been exploring myself (Business Development), this is quite new for me but it’s going….

What i mean by Business Development? I’ve been focus only on Engineering (hands-on) which is by far what i really like to do, so i get the implementation plan and GO! Why not dive in the conversation with the customer and understand their challenges, advise what technologies are in the market that really suit them. Presenting cutting-edge technologies and advise the customer is also something i really like.

What do i have for this upcoming year? I’ve done some re-cert’s, like Juniper, VMware and Cisco.
I have do do some re-certs this year too, but i want to focus more on the CCDE than ever, so i’m starting officially today and i hope do the Written in 6 months. I will attend the Cisco Live Barcelona 2018, so i hope get good contacts to push this even further. This is the plan mentally but i know this might has to change a bit.

CCNA Cyber Ops is just around the corner :)

Happy New Year.

F5 REST API Resources

These are for me the best two resources if you want embrace Dev/Net/Sec Ops using F5 iControl

 

Just a sneak peak of what you can find:

  • Mesos Marathon Container Integration
  • Kubernetes Container Integration
  • RedHat OpenShift Container Integration
  • OpenStack Cloud Integration
  • F5 Application Services Proxy
  • Dockers

Really recommended

http://clouddocs.f5.com/

https://devcentral.f5.com/wiki/iControl.HomePage.ashx

F5 TMOS v13 is out!

F5 launched TMOS v13, What’s new?

  • New Built-in TCP Profiles
  • TCP Nagle “Auto mode”
  • Diameter High Availability
  • SIP and Diameter Connection Auto-Initialization
  • Diameter Election Process Support
  • Diameter In-Band Monitor
  • ECDH and ECDSA
  • DAG v2
  • Enhanced platform diagnostics for iSeries platforms
  • Global VLAN based SYN flood protection

You can read the full release notes here

BigIP Factory default in 3 steps

When you restore the BIG-IP configuration to factory default settings, the system performs the following tasks:

Retains:

  • the management IP address
  • BIG-IP license file
  • files in the /shared partition
  • manually-modified bigdb database variables
  • Flags the Setup utility to run when the next user logs in to the Configuration utility

Removes:

  • All BIG-IP local traffic configuration objects
  • All BIG-IP network configuration objects
  • All non-system maintenance user accounts
  • System maintenance user account passwords (root and admin)
  • BIG-IP module data and policies
  • Current host name
  • local trust domain

These are the steps:

  1. Go to TMS
  2. Load the default config
  3. Save the config

After execute the 3 steps the big-ip daemon will restart using the default config, and it is ready to go again.

This is a factory default for a 11.x and 12.x code to execute on 10.x use load sys default-config

[email protected](backend)(cfg-sync Standalone)(Active)(/Common)(tmos)# load sys config default

Reset the system configuration to factory defaults? (y/n) y
Loading system configuration…
/defaults/asm_base.conf
/defaults/config_base.conf
/defaults/ipfix_ie_base.conf
/defaults/ipfix_ie_f5base.conf
/defaults/low_profile_base.conf
/defaults/low_security_base.conf
/defaults/policy_base.conf
/defaults/wam_base.conf
/defaults/analytics_base.conf
/defaults/apm_base.conf
/defaults/apm_saml_base.conf
/defaults/app_template_base.conf
/defaults/classification_base.conf
/var/libdata/dpi/conf/classification_update.conf
/defaults/daemon.conf
/defaults/pem_base.conf
/defaults/profile_base.conf
/defaults/sandbox_base.conf
/defaults/security_base.conf
/defaults/urldb_base.conf
/usr/share/monitors/base_monitors.conf
/usr/local/gtm/include/gtm_base_region_isp.conf
/usr/share/monitors/gtm_base_monitors.conf
Loading configuration…
/defaults/defaults.scf
Resetting trust domain…
Setting flag to reset ASM data…

[email protected](localhost)(cfg-sync Standalone)(INOPERATIVE)(/Common)(tmos)# save /sys config

Nov 14 02:54:37 localhost emerg logger: Re-starting bigd

Saving running configuration…
/config/bigip.conf
/config/bigip_base.conf
/config/bigip_user.conf
Saving Ethernet mapping…done

[email protected](localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)#quit

 

F5 BIG-IP iSeries more robust

F5 came out with new platforms called BIG-IP iSeries with the following features/innovations:

  • TurboFlex optimization technology that offloads specialized functions from the general CPU
  • Due the complexity of SSL offloading and traffic growing exponentially due IoT, this new platforms have more capacity (TPS) than their previous versions, in some cases 2.5 times more

Platforms Available:

f5-iseries

The BIG-IP iSeries is the next generation of ADCs, with key innovations that enable customers to meet the challenges of rapidly shifting landscapes. Beyond a significant increase in capacity, the BIG-IP iSeries mixes the power of dedicated hardware with the flexibility of a programmable, updatable platform

References:

iSeries: Not Just a Better, Bigger, and Faster BIG-IP

BIG-IP System Hardware datasheet