Many thanks for this videos . I just have one thing to add regarding where tcpdump starts capturing packets : the tcpdump captures packets from the L2 level if we run it on a vlan exemple : tcpdump -i 0.0 ; for all vlans If you run the tcpdump while choosing and interface instead, using for example #tcpdump -i 1.1, you'll be able to capture PVA accelerated packet. More info : support.f5.com/csp/article/K6546
the answer is "yes" :) iRules events fire in a loop as protocol layers are handled on both sides of the proxy, so at each stage of the drawing above, if there are iRules events belonging to that block in the flow, they'll fire there, assuming your virtual server has profiles applied for that particular type of traffic. For example, if you're just load balancing but not offloading TLS traffic, then events like FLOW_INIT will fire before AFM or TMM see the traffic, then CLIENT_ACCEPTED will fire after the TCP handshake on the clientside of the proxy fires, but you won't see the CLIENTSSL_CLIENTHELLO event or any HTTP events because those filters in the hud chain are not applied. Ping back if you have any more questions, thanks for asking!
Many thanks for this videos . I just have one thing to add regarding where tcpdump starts capturing packets :
the tcpdump captures packets from the L2 level if we run it on a vlan exemple : tcpdump -i 0.0 ; for all vlans
If you run the tcpdump while choosing and interface instead, using for example #tcpdump -i 1.1, you'll be able to capture PVA accelerated packet.
More info : support.f5.com/csp/article/K6546
Excellent Jason!
nice videos and I enhanced my skillset on f5 watching these videos.
audio gets too low at some point.
Nice video, One question, If we have standard virtual servers, Does AFM rules need to allow for traffic coming to Standard vip?
Hi.. This depends on you AFM mode. If it's Firewall mode, then yes. However if AFM is ADC mode then no, AFM rules not needed.
Hi team , explained very well but voice is very low even I am checking this video on full volume still
Where do iRules come in?
the answer is "yes" :) iRules events fire in a loop as protocol layers are handled on both sides of the proxy, so at each stage of the drawing above, if there are iRules events belonging to that block in the flow, they'll fire there, assuming your virtual server has profiles applied for that particular type of traffic. For example, if you're just load balancing but not offloading TLS traffic, then events like FLOW_INIT will fire before AFM or TMM see the traffic, then CLIENT_ACCEPTED will fire after the TCP handshake on the clientside of the proxy fires, but you won't see the CLIENTSSL_CLIENTHELLO event or any HTTP events because those filters in the hud chain are not applied. Ping back if you have any more questions, thanks for asking!
@@JasonRahm beautifully explained, thank you
Can you explain SNAT Autonat destination in f5 BIG IP
The world needs to know: are you good at writing backwards? Or is there some trickery going on here?
Our write-up on the magic is here: devcentral.f5.com/articles/lightboard-lessons-behind-the-scenes.