Posts Tagged ‘big-ip’

Booting F5 BIG-IP LTM 3900 from USB

Sunday, November 8th, 2015

As a side note: should you own BIG-IP LTM 3900 appliance and wonder how to boot it from the USB stick (to reinstall the OS or run the End User Diagnostics software) make sure to use a USB stick which is precisely 1GB in size. Any other USB sticks (2/4/8/16GB) simply won’t work.

Why it can’t be documented somewhere on the F5 website remains a mystery to me.

[20151205] : I stand corrected. It looks like it has nothing to do with the size but with the chipset. I received a Rescue Kit the other day from F5 and they included two USB 32GB sticks — it’s SanDisk Cruzer Glide.

http to https redirect under F5

Monday, October 13th, 2014

Say you have a virtual web server, serving, configured on F5 with the following iRule redirecting plain http to https:


	if { [HTTP::host] equals "" } {
		HTTP::redirect "https://[HTTP::host][HTTP::uri]"

You decided to buy another domain ( and want to point it to the same IP where is hosted, with the redirect to Here is how the modified iRule will look like:


	if { [string tolower [HTTP::host]] ends_with "" } { 
		HTTP::redirect "[HTTP::uri]" 
	} elseif { [HTTP::host] equals "" } {
		HTTP::redirect "https://[HTTP::host][HTTP::uri]"

Here is an alternative way to implement redirection by using HTTP Class profile.

Under Local Traffic › Profiles › Protocol › HTTP Class create a new profile:

Parent Profile: httpclass

Hosts: Match all
URI Paths: Match all
Headers: Match all
Hosts: Match all
Cookies: Match all

Send To: Redirect to...
Redirect to Location: https://[getfield [HTTP::host] ":" 1][HTTP::uri]

For redirection, modify it and change Redirect to Location to:

Send To: Redirect to...
Redirect to Location:[HTTP::uri]

Backup of F5 BIG-IP

Monday, April 8th, 2013

An overview of steps to backup configuration of F5 BIG-IP appliance (10.2.X) to the remote server running Linux Ubuntu 12.04.2 LTS (precise). The backup is done over SSH.

List of actions to be done on the Linux server:

1. Create a user (for example f5backup with /home/f5backup as a home directory).

2. Create .ssh directory under /home/f5backup:

mkdir /home/f5backup/.ssh && chown -R f5backup:f5backup /home/f5backup/.ssh

3. Copy /var/ssh/root/ file from the F5 appliance to /home/f5backup/.ssh/authorized_keys file on the Linux server and fix permissions:

cd /home/f5backup/.ssh && chown f5backup:f5backup authorized_keys && chmod 600 authorized_keys

4. Ensure that PubkeyAuthentication is set to yes in /etc/ssh/sshd_config file:

PubkeyAuthentication yes

List of actions to be done on the F5 appliance:

1. Create a directory, for example /root/scripts/.

2. Download the relevant version of backup script from here (you need to register to access F5 DevCentral), name it, place it under /root/scripts/ directory and ‘chmod 755’ it.

3. Create f5archive_config file under /root/.ssh/ directory:

Host *
   User f5backup
   PasswordAuthentication no
   StrictHostKeyChecking yes
   IdentityFile /root/.ssh/f5archive_dsa
   Port 22
   Protocol 2
   Ciphers aes128-cbc,aes192-cbc,aes256-cbc
   UserKnownHostsFile /root/.ssh/f5archive_host

4. Copy /var/ssh/root/identity file into /root/.ssh/f5archive_dsa:

cd /root/.ssh && cp /var/ssh/root/identity f5archive_dsa

5. Now ssh to the Linux server so /var/ssh/root/known_hosts file is updated with the host entry.

6. Copy /var/ssh/root/known_hosts file into /root/.ssh/f5archive_host.

7. Fix permissions:

cd /root/.ssh && chmod 600 f5*

8. Modify /root/scripts/ file to suit your needs, particularly SCP_DESTINATION part:


9. Finally, create a cron task to execute the file on a regular basis (I run it daily at 2am). To do so, create /etc/cron.d/f5backup file with the following content:

0 2 * * * root /bin/bash /root/scripts/ 1>/var/tmp/f5backup.log 2>&1