2009.8.31 尚恩開始念小學

這天是蘆洲小學開學日, 也就是尚恩開始踏入小學階段的第一天.
女王當然在事先就都準備好一切.
這陣子也是H1N1風聲鶴唳的時期, 所有學生上課一律都得戴口罩.
今天出門前,在家裡也量過了, 家裡兩光的耳溫槍量出來是38.x, 大人們都尖叫.
重複量也是......
但我堅信是耳溫槍的問題....,我也不想在開學第一天就讓小孩踏不進校園.
我們想用賭的, 就讓小孩給學校的額溫槍測試.
進到校門口時,我們假裝不知道的,讓學校來測...........
幸好....沒問題.
於是我與女王就陪尚恩上了半天課.
尚恩沒出狀況, 下午就到安親班.

2009.8.26 今天又是工作內容精彩又累的一天

1.先是中午要幫某一客戶大陸點的L3 switch上針對vlan 3要用VACL來過濾traffic, 後來是我VACL內某一acl名稱打錯一個字,結果就這樣內網斷線! 我也承認我造成了這個錯誤! 希望客戶不要對我的credit打折了
2.晚上另一客戶打來說SSL VPN怎麼連一個都無法連. 此客戶的設備是借測的, 上禮拜已通知業務那License將在8/26 expire. 業務看要怎麼處理. 之前也提示過, 過期了也還可有SSL VPN兩個人可以同時上線. 但客戶說"一個都不能上...". 客戶訴說了他的不滿, 但我無能為力啊, 這類的問題要找業務啊.
我隨即轉達給業務, 客戶被上頭飆. 這種issue關我們甚麼事啊. 更何況那測試Key我們也生不出來.
3.不久, 另一客戶打來說IPScan Server無法正常開機, 此case用兩個人力, 從晚上處理到隔天早上五點才解決.
詳細內容如下:在接到電話當下就覺得今天很倒楣. 進一步了解後, 因我剛好有事, 於是先請另一Engineer遠端協助處理. 後來判斷需現場處理, 於時A Engineer就搭長程的Taxi過去, 我表示晚一點會去. 此客戶有簽7*24維護, 而且明日又是重要日子, 此Server無法運作就開天窗了. A到現場後,先判斷是Power硬體問題
此事情過程很長.......有空再來補上.

2009.8.25 回鍋的客戶(使用F5產品)

這幾天呢剛好很多事情都卡在一起, 所以時間都排得很擠!
1.先是有一客戶WS-X4014故障, RMA後,剛好新品來了,需要測試.
2.公司有一PM要離職, 手上的弱點掃描產品, 主管(含糊的)交代說要負責,於是去聽課去見習.
3.有一客戶說員工都不能上網,初期以為是內網有人被植入木馬,從某些數據上看有DoS攻擊現象發生, 先在Core Switch用VACL阻擋,經過假象的以為好了, 但最後才知道是BlueCoat的BCAAA所在的系統(與Cisco ACS放在一起的Server)出問題而造成. 前面是另兩個Engineer處理的, 但後來引發客戶想要更新ACS Server, 於是又勞師動眾的討論要如何處理次案子!
4.有一客戶在前年向我們採購了四台F5 LTM, 後來客戶找別人維護, 這幾天要回來找我們維護,且要買新1600. 於是協助業務去了解需求. 但我不是PreSales, 我是Engineer.
5.有一客戶大陸點的PIX及內網很凌亂, 必須要進一步處理, 之前管理了login策略及logging方式,解決了enable password老是被莫名其妙更改的問題. 並解決某一NAT老是會timeout問題. 再來要處理內網有private ip再亂送icmp到subnet broadcast上. 此事在今天五六點時在Core上也先用VACL處理, 再觀察. 另外,晚上要遠端登入PIX時, 常常timeout, 此事還無法釐清是頻寬還是其他因素, 還在了解中
6.今天有另一客戶F5 LC又剛好有問題, 後來了解後是下端IPS出問題, 但不知為何F5 LC Redundant Pair上的Standby竟沒有切換. 此問題還要釐清中

就是這些事都卡在一起

2009.8.24 Unicast Reverse Path Forwarding (uRPF) feature

4006+Supervisor IV (WS-X4515)要有Unicast Reverse Path Forwarding (uRPF) feature
Minimum Compatible Release要12.2(37)SG, Flash 64MB/DRAM 256MB

Unicast RPF helps to mitigate problems caused by the introduction of
malformed or forged IP source addresses into a network by discarding
IP packets that lack a verifiable IP source address.
Malformed or forged source addresses can indicate
denial-of-service (DoS) attacks based on source IP address spoofing.

2009.8.24 【TVBS前線報告】馬式災害防救署 被批是「做半套」

以下新聞來自:【TVBS前線報告】馬式災害防救署　被批是「做半套」

◎防災署只做半套

鞠再久的躬，也解不不了問題，頂多只能稍稍安撫災民的情緒，眼看風災過了整整2個星期，這次最被詬病的政府指揮體系亂象，有沒有可能下不為例？

總統馬英九(98.08.18)：「我們立刻著手，成立災害防救署，來取代現在的消防署，讓它成為在內政部底下，專責的災害防救機構。」

◎防災專業應尊重

馬英九總統被逼上火線，學者專家千呼萬喚的防災總署，總算是有了眉目，但沒想到馬總統的說法一出，引來的卻是更大的批判。

國民黨立委邱毅：「馬總統所謂的防救災總署，是放在內政部底下，取代現有的消防署，那等於是把原來的消防署，換了一個招牌而已嘛，它沒有辦法發揮它應有的功能。」

高雄市長陳菊：「重點是說，你今天你要做一個什麼樣的，全國性綜合各個部會，包括集合國家所有的力量，你即時下達你的命令，包括效率效能，那這個部分如果沒有這些，你在形式上，說我們要怎樣，這個意義不大。」

邱毅：「你今天消防署對民間救援團體，你有辦法能夠指揮嗎？你有辦法能夠整合嗎？你能夠叫得動各部會嗎？你能夠把國軍的救援力量整合進來嗎？他都做不到嘛！」

◎催生部級防災署

政治人物從指揮調度的角度批評，學者更關心未來的防災總署，到底能不能有效運作。台大土木系教授李鴻源：「防災是很專業的，防災不是大家所看到的，大家看到的都只是救災而已，譬如說你平常，你所有的地理資訊蒐集，包括你的水文、地文、人文，所有資料的蒐集。」

李 鴻源：「主要橋樑的蒐集，所有的國土的所有的資訊的蒐集，平常都要蒐集地清清楚楚，這個防災總署還規定什麼呢？規定所有的救災程序，什麼時候成立前進指揮 所，前進指揮所誰該坐鎮，中央政府該扮演什麼角色，地方政府該扮演什麼角色，所以這樣子的話，那從第1天、第2天、第7天，到1個月、2個月，所有的標準 作業程序，全都做出來。」

李鴻源：「還有一個更重要的事情是什麼，平常就訓練一部份的國軍，去訓練他們做救災防災的工作。」

當災害防救署，還在只聞樓梯響的階段，專家呼籲，既然要變，就應該一步到位，建立直屬行政院的部會級防災總署，不要小看防災的重要性，因為誰也不知道，下一次的災害，什麼時候又要來挑戰台灣。

相關新聞：學者：建立救災制度重於成立災防署
相關新聞：不能及時指揮調度 層級不變 災防署何用
相關新聞：馬：設災害防救署 取代消防署

2009.8.22 培恩成果展-Sorry Sorry舞

今天是培恩安親班成果展--從大班畢業後,在唸小學前,將尚恩送到培恩安親班. 課程項目中有學街舞. 街舞陳老師安排了Sorry Sorry街舞讓一群國小生來學習.

尚恩在幼稚園學跳舞時,我們對他的節奏感很有信心, 而動作上第一次學複雜街舞.
成果在這裡--尚恩的Sorry Sorry

陳老師與尚恩的合照. 尚恩是這一班裡年紀最小的, 陳老師誇讚尚恩韻律感很好.

2009.8.22 馬總統，您委屈了！

轉載自NOWnews!
馬總統，您委屈了！原本台灣今年降雨不足，眼看就要全面限水，好不容易來了個颱風，一次下超過了全年的降雨量，讓台灣今年不愁用水問題。居然還有刁民怪您帶賽，真是不知感激，馬總統，您委屈了！

馬總統，您委屈了！您在八月七日參加詩人詹澈與司童的婚禮，笑談兩岸四通，兩人結為連理符合兩岸對等尊嚴原則。雖然颱風來了，您還是不畏風雨參 加，展現親民近民的風格，之後馬上趕往救災中心，只晚到了半小時。忙碌中抽空參加，居然婚宴上賓客還敢看不下去，馬總統，您委屈了！

馬總統，您委屈了！前總統李登輝先生，在九二一發生的時時候，恰巧他老人家沒睡，所以在十數分鐘內下令，淩晨二時成立救災指揮中心，並於早上八時 於南投成立指揮所。國軍在初期投入十三萬六千餘兵力搶救。相對於您只在八月八日只花了四個小時就把膠舟送到林邊鄉，到八日晚間只需要投入五百兵力救災，至 十三日，一週內也只需要動員五萬五千餘兵力救災，可見您領導有方效率超高。外界批評投入兵力不足根本是瞎扯，而且這也應該是要國防部長負責才對是吧！馬總 統，您委屈了！

馬總統，您委屈了！您在十日前往台東勘災，災民哭著對您說為什麼見不到您，這根本是犯了邏輯上的錯誤，所以您好心的指正說」你不是見到了嗎?」災 民說他父親死掉了，真是誰沒有爸爸，馬總統您的父親也是過世了，所以您就安慰大家說」我父親也過世了，我非常瞭解這種感覺，」沒想到好心被雷劈，居然被汙 衊成冷血，馬總統，您委屈了！

馬總統，您委屈了！您是哈佛的高材生，外語能力自然一流。當您說They的時候，因為您和第一家庭都不是受災戶，住的地方也沒什麼災情，當然不會 是We也更不可能是I，別人英語不好居然怪到您身上，況且您不是一向是把原住民都當人看嗎?怎麼可能會有階級差別的意思！馬總統，您委屈了！

馬總統，您委屈了！您是遵循憲法的好總統，不像那位貪汙現在還蹲大牢的陳水扁，把外交內政連錢都一把抓。水災這個事情是在國內發生，自然就是要那位跑去過父親節的行政院長劉兆玄來負責，您是根據憲法負責外交的啊，怎麼能怪您呢?馬總統，您委屈了！

馬總統，您委屈了！那個可惡的外交部長夏立言居然自己亂發公文，要外館婉拒國外的物資和搜救人員，以至錯過了水災初期的外援。外交部搞出這種飛 機，連2100的主持人李濤和邱毅委員都難以相信，居然很丟臉的錯信並在節目上幫外交部辯護澄清網路謠言。外交是您的憲法權力，這種壞部長是一定要修理 的，就跟那個偷懶換發票的余文一樣。不過您還是仁者無敵心胸寬大，只要有心改過您都是敞開雙手接納的，余先生最近不也回市府上班了嗎？馬總統，您委屈了！

馬總統，您委屈了！您說人不與天鬥，這句話真的是一點都沒錯。大自然的力量那麼大，小小的人類哪裡敵的過。加上現在全球氣候劇烈改變，我覺得那一 定是美國前總統小布希的錯。2001年的時候小布希已經上任，所以納莉颱風一來把當年還是市長的您管轄的臺北捷運給滅頂，還造成上百億的損失，更別說那個 不會動的懶貓空車和詐胡捷運。我們台灣人沒跟美國要國賠就算了，小布希還有臉想賣武器賺我們台灣的錢。還好英明的國民黨委員們早就把他看透，我們才沒有上 當！就像您在記者會上說的，我們大家都學到了教訓，我覺得這句話太有道理了。馬總統，您委屈了！

馬總統，您委屈了！所謂羅馬不是一天造成的，災難也不會這樣發生。貪腐的民進黨執政八年，好在四百五十億的治水預算在2006年優秀的國民黨立委 把關下通過，這樣不但免除了陳水扁的海角七億變成海角七百億，也有效防堵了民進黨用治水預算綁樁的企圖！好在國民黨在三年前把預算通過，不然我看這次災難 會更加的嚴重！民進黨執政八年弄出的災難，居然要賴在您頭上。馬總統，您委屈了！

馬總統，您委屈了！有自稱支持您的人投書媒體，說NCC(國家通訊委員會)居然搞了網路公投，說有超過八成的人要您下臺，還說NCC沒有對卡崔納 時的布希做民調。我看他根本是來亂的，那個欺負您的惡媒體是美國CNN(有線電視新聞網)不是NCC，而且CNN在卡崔納過後一年也有網路民調，只有三成 六的民眾認為小布希的災難處理是恰當的。這種不實的投書還假裝成您的支持者，我看是根本是想要捏造瘋狂粉絲形象來陷您於不義。馬總統，您委屈了！

馬總統，您委屈了！您在十八日召開兩場記者會，被外國媒體欺負，我以為總結上面從媒體報導過的事實及個人分析，您一點也不辜負自稱的「領導強而有 力」，而且我最敬佩您的就是您把宋朝就有的公使錢，也就是另一半不需要單據的特別費，從自己的私人財產中捐出來做慈善，包括了超過兩千萬的善款捐給了新臺 灣人文教基金會。這個基金會還是您自己單獨捐助成立的，這是多麼偉大的事情啊！這些搞不清楚狀況的外國媒體真是來找您麻煩的！馬總統，您委屈了！

馬總統，您委屈了，七百萬人逼您做這個總統，您真是太委屈，太委屈了！

2009.8.22 Drop.io resource

Drop.io

2009.8.21 show command還可以這樣用:用括弧,然後再搭配or

今天在研究某件事, 從書上看到show的指令後面的參數的括號用法
一般人只會用show run, 再去找你要的
進階一點會用:
show run route
show run | inc ip route    縮小範圍去看static route的設定就好
再來是超人才知道的用法, 可以用括弧,然後再搭配or, 如下:

2009.8.20 發現尚恩近視了;今日去COSTCO

今日休假. 與岳母到內湖COSTCO辦附卡, 附卡年費500元.
這趟買了巴西早橘, 紐西蘭奇異果, 水蜜桃哪一國的忘記了.
買紐力活兩罐!
COSTCO藥品部這邊的保健食品有夠多的......(要介紹的藥品忘記牌子名稱)

晚上與尚恩碰面時, 邊吃水果邊看象牛職棒賽.
發現尚恩近視了...從沙發往電視機的距離看, 計分表上的局數要瞇瞇眼才看得到...
天啊, 我不想發生的事, 就在尚恩要生小一這一年發生了.....
我小時候到小六時還沒近視, 生到國一後, 就在開學後的十月十一日(記得是這一天),我發生車禍後才近視的.

2009.8.18 神明燈改用LED燈泡

去年拜祖先的小神明燈改用LED燈泡後,成效良好.
今年拜神明燈的大神明燈燈泡陸續壞了三次, 最後一次還是一對一起壞, 所以也要改用LED燈泡.
至B&Q買一對298元, 規格是耗電量1W,E12燈頭,壽命號稱長達50k小時(一年8760hr, 所以估計約5.7年), 照明說相當於15W, 符合歐盟環保RoHS規定

其實, 如果可以稱2年就很偷笑了!

PCHome有賣 《福祿壽》LED神明燈泡, 一個168元, 感覺這個比較優!


P.S. 至2012.4.28為止,原本裝四個, 兩大兩小, 壞了一個小的!

2009.8.17 藍色AD小護士

かゆみ
皮フ炎
かぶれ
じんましん
虫さされ
しっしん
ただれ
あせも
しもやけ

痒み
皮フ炎
被れ
蕁麻疹
虫さされ
湿疹
爛れ
汗疹
霜焼

發癢
皮膚炎
皮膚中毒
蕁麻疹
蟲刺傷
濕疹
爛瘡
痱子
凍傷

2009.8.17 商業周刊／政府救災的5大荒謬

商業周刊／政府救災的5大荒謬

「天災總是在人們遺忘時降臨。」這是日本天災防治專家寺田寅彥的名言。誰也沒料到，一個原被認為平平無奇的中度颱風莫拉克，竟會釀成台灣五十年來最慘重的水災。颱風既是台灣不可避免的天災，如何才能避免悲劇重演？

荒謬一：以為告知就盡到責任　事前測到降雨量，卻未強制撤離

這次從馬英九總統到地方縣市首長，都指責中央氣象局雨量預測有誤，彷彿只要預測準了就不會釀成災害。真的如此嗎？事實上，在颱風來臨前的八月六日，氣象局就已預估中南部山區會有八百毫米的降雨量。在颱風來臨當天的八月八日上午，氣象局更把屏東等地的降雨量上修到兩千毫米。

然而，除了事前農委會發布的土石流警戒、以及在七日下午「建議」包括高雄縣甲仙鄉小林等五個村「提早疏散」外，幾乎沒看到中央或地方政府事先撤離 可能受災居民。彷彿只要政府有「告知」民眾要注意，責任就完了。殊不知在重大災害發生前，必要時「強迫」民眾事先撤離，也是政府的責任。何況政府花更大資 源事後救災，將間接排擠日後的施政資源。

荒謬二：全靠媒體發現災情　一一九打不通，打電視台才得救

救災資源有限，「取捨」救災的優先順序是關鍵，政府應優先掌握並分析災情資訊，進而研判資源如何配置，但這非地方縣市能力所及，只有中央才能掌握 整個災情的「面」。但這次水災，幾乎看不到中央災害應變中心有此優先順序概念，而是一股腦的跟著媒體的SNG現場報導打轉，這種對全面災情資訊掌握的不 足，充分反映在行政院長在災害應變中心時，對各救災單位所說：「所有中央與地方的溝通，一律透過媒體。」

媒體的報導有其選擇性，掌握的是片面的資訊「點」，甚少從「面」的角度即時報導最需要救援的災區，如果只靠媒體來溝通，再據此資訊分配資源，豈不 容易誤事？再退一步說，就算氣象局事前預報不準，在實際降雨一至兩個小時後，也應該知道真正的大雨落在哪裡，這時中央就應發布警戒、撤離居民，或調派機具 去搶救。

但實際的情況卻是，水開始淹了，民眾打電話求救，地方政府得知後再通報中央，中央才開始派人搶救，而有的民眾一一九、一一○都打不進去，媒體曝光後才有官員注意去搶救。這種救災指揮模式，毫無章法，極可能耽誤最需要救援民眾的可能。

荒謬三：救災中心沒人在管　大官只顧勘災，卻忘了指揮救災

此外，這次救災行動不盡人意，關鍵在於最高主事者未能全盤掌握災情資訊，沒有負起協調各部會、調集資源救災的重責大任，反而是四處奔波去勘災。那 麼地方縣市政府何用？調派資源的決策又該誰來做？總統與其花時間去第一線災區聽取民意，還不如從長遠思考究竟如何讓救災體系更完善，對民眾的幫助更大。

荒謬四：救災行動邊做邊學　人員年年換，靠電視台call in溝通

再者，每次天災發生，中央成立的災害應變中心都是各部會臨時組成，天災過後「各自解散」，明年天災再來，各部會再「集合一次」，但參與人員早因人 事異動而換人。如此組合，能夠記取前車之鑑嗎？高度如馬總統，是否更應花時間去思考一個更有效的災害應變流程，讓經驗可傳承，而不是每次救災都像「邊做邊 學」？

荒謬五：救援人力始終有限　科技進步，還是得付出巨大代價

每次碰到天災，民眾大多苦等政府救援，但當救援姍姍來遲，就痛批政府救災不力，殊不知政府的能力本來有限，如果我們有此意識，事前多點防災準備，或許能為自己多爭取一段存活生機。

同樣每年面臨颱風侵襲的日本，其商店就有專賣「防災用品專用包」，裡面有十八種至二十種一般人可用的救災用品，包括簡易燈、急救護理包、食用水 等，廠商宣稱有此救助包可讓一般人在孤立無援下多活一到兩天。即便台灣還無此產品，但我們似乎可自力救濟，颱風來襲前，事先準備飲食、飲水，這樣即使斷水 斷電，還可應急，等到救援到來。

二○○九年八月八日，莫拉克颱風重創台灣，距離一九五九年的八七水災正好五十年。五十年後的今天，台灣人均所得已比過去成長了數十倍，科技也進步到能預測到颱風的路徑。面對同樣的天災，我們還是付出了和以往一樣巨大代價。那麼，下次呢？

2009.8.17 PIX/ASA flags

轉載自Cisco's PIX/ASA TCP flags syntax

Flags: A - awaiting inside ACK to SYN, a - awaiting outside ACK to SYN,
B - initial SYN from outside, C - CTIQBE media, D - DNS, d - dump,
E - outside back connection, F - outside FIN, f - inside FIN,
G - group, g - MGCP, H - H.323, h - H.225.0, I - inbound data,
i - incomplete, J - GTP, j - GTP data, K - GTP t3-response
k - Skinny media, M - SMTP data, m - SIP media, O - outbound data,
P - inside back connection, q - SQL*Net data, R - outside acknowledged FIN,
R - UDP SUNRPC, r - inside acknowledged FIN, S - awaiting inside SYN,
s - awaiting outside SYN, T - SIP, t - SIP transient, U - up

inside Client to Outside Server: UIO
Outside Client to Inside Server: UIOB
UFRIO

2009.8.17 PIX/ASA 開traceroute

In the outside-in access-list (acl_out), make sure that the following
entries are present:

access-list acl_out permit icmp any any time-exceeded
access-list acl_out permit icmp any any unreachable
access-list acl_out permit icmp any any echo
access-list acl_out permit icmp any any echo-reply

I've seen the question asked hundreds of times, and since I finally
found how to do it without allowing ALL icmp, I thought I'd share.

Hope it helps!

-J Keegan
j keegan at ctny dot net

2009.8.17 Host flapping 02:01:00:00:00:00 & Microsoft NLB service

參考自 supportwiki.cisco.com

• The host is connected to ports x/y, and x/y runs a type of clustering or redundancy and has an issue with this mechanism.
  
  If the MAC address specified in the error message can be traced, this is likely the issue. For an example, refer to this error message:
  
  %C4K_EBM-4-HOSTFLAPPING: Host 02:01:00:00:00:00 in vlan x is flapping between port Gi x/y and port Gi x/y
  
  
  The MAC address 02:01:00:00:00:00 appears to be associated to Microsoft's Network Load Balancing (NLB) Service Heartbeat. It is suggested that the connected device (Microsoft host) be checked for causing these messages.

2009.8.16 天厭之、天厭之，「馬統」！

天厭之、天厭之，「馬統」！

實 地採訪莫拉克颱風肆虐所造成的災害，《紐約時報》記者安德魯．約克布（Andrew Jacobs）已經替馬英九開出了死亡證明書，宣告馬英九政治生命的終結。在〈颱風後台灣總統成為怒火的箭靶〉的報導中，他認為這場颱風「已經轉而成為馬 先生政治生涯起落（make or break）的試煉」；雖用「起落」，著重的是「落」，標題就點明了主旨。用通俗一點的話來詮釋，南台灣的土石流已然成為馬英九的土石流了。

好在台灣沒有「鎖在中國」，國際重要媒體紛紛派人馬來台就近觀察、報導。在媒體工作者敏銳的鏡頭與筆鋒下，無能的「馬統」政府「馬上」躍升為全球焦點之一：「馬統」惹人厭的嘴臉、無血無淚不敢負責的心態以及毫無尊嚴可言的醜態，全展現在世人眼前；真是丟臉丟到全世界。

美國有線電視台（ＣＮＮ）一定大開了眼界。早在莫拉克形成之際，ＣＮＮ就預先警告台灣要預防大洪水與土石流，但也不吝讚美台灣的能力，指出台灣防颱措施一 向周全，嚴整的面對颱風，「好像古巴很會對付颶風般，台灣也很會對付颱風。」天可憐見的是，這兩項報導全在馬英九身上摃龜了。馬英九麻木不仁於前，全無應 變救災的準備，結果死人無數，更嚴酷的是，過去防颱的績效碰到馬英九就毀於一旦，馬英九砸了台灣好不容易建立起來的招牌。

馬英九竟而拒絕國際的援助，親臨台灣採訪的ＣＮＮ記者約翰．沃斯覺得不可思議，只能說馬「太驕傲」。美國記者太善良而不知「馬統」的邪惡；「馬統」拒絕國 際援助而且透過外交部公然發文的同一天，卻偷偷和中國密謀，接受中國的援助。美國記者絕對不可能想像台灣的民選總統會把天災人命當政治籌碼來買賣；不過， 沃斯的結語倒是不錯：「馬統」救災，「愈救愈糟」。

對國外媒體而言，或許「馬統」最「經典」的回答是公然把責任賴到滅族破家的災民身上，指控他們「死守家園」，所以活該倒楣？如果知道「馬統」說過「我把你 們當人看」的話，大約就見怪不怪了。即使如此，《紐約時報》仍然用象徵性極強的文字，捕捉到「馬統」最精采的片段，「當他…走進操場，憤怒的村民團團圍住 馬先生，指斥行政團隊動作太慢，無力營救還困在山上的災民；羞辱猛攻不已時，天空突然破了大洞，雨水傾盆而下，馬先生的衣服立刻黏在皮膚上，這一幕被電視 現場直播出去…」開麥拉頓時凝聚到罪魁禍首上，這不是「天厭之、天厭之」是什麼！

（作者金恒煒，當代雜誌總編輯）

2009.8.15 九流政府 媒體還能縱容？

轉仔自九流政府 媒體還能縱容？

◎ 謝卿宏

如果媒體能以「八掌溪事件」時要求「扁政府」的標準與規格來檢驗「馬劉政府」，今天在電視畫面上哀嚎的人一定不會那麼多；如果多數新聞工作者能用追逐阿扁 是外國人阿公的幹勁來考驗馬的綠卡，馬劉政府一定會更謙卑；如果大家在馬英九競選諾言：「我準備好了」、「馬上會變好」與「六三三」跳票暨他睜眼說瞎話之 際，立即發揮監督的功能，救災的步調與規模一定會差很大。

即使媒體人因自身利益與政治、意識立場縱容馬政府的內政、外交、中國與經濟政策，但天災人禍可是不分藍綠！被驕縱慣了的馬劉政府的救災表現，正是媒體長期 偏頗的後遺症；如果媒體再縱容九流政府，如果大家就這麼容易被欺騙，如果大家還是一樣健忘，那麼，大家就再也沒有哭的權利！

媒體殺人之事每天都在上演，但是，不分青紅皂白縱容九流政府的結局，終會反噬媒體；今日，相對上，大家受的或許還只是小苦而已，如果媒體還不覺醒，將來一定會有更大的苦，甚至是萬劫不復的苦難等著我們。

（作者為婦產科醫師）

2009.8.14 尚恩的第四節游泳課

昨天是尚恩的第四節游泳課.
晚上見面時, 趕緊問尚恩今天學甚麼..
旁邊有事情影響他..., 所以一直沒有回答.
我問有沒有學踢水, 他說踢水超簡單的..
我們的對話這樣就結束了.
女王在弄可愛卡, 說比較乖的就會發. 這招是補習班用的方式, 家裡要開始用起來了
就是可愛卡的事影響尚恩的注意力.
後天再問游泳的事好了, 不然我今晚打完羽球回去時, 小孩已上床睡覺了

2009.8.13 CNN：台灣救災 手忙腳亂

剛去CNN網站找不到這片報導, 但有看到Story Highlights寫這一句話 U.S. "very concerned" but has not received request for aid from Taiwan, official says

CNN有台灣的專欄

CNN：台灣救災 手忙腳亂

〔國 際新聞中心、編譯盧永山／綜合十二日外電報導〕莫拉克颱風造成台灣半世紀來最嚴重的水患，豪雨成災的怵目驚心畫面，引起國際媒體普遍關注。其中，每節整點 新聞都以台灣災情及救災進度當做頭條的美國有線電視新聞網（ＣＮＮ）就直言，台灣在救災方面表現得手忙腳亂。香港明報新聞網也說，馬政府每遇風災就歸咎於 氣象預報不準或地方治水不力，卻無任何官員下台，影響政府威信。

馬救災遭質疑 影響政府威信

在莫拉克颱風來襲前，ＣＮＮ的氣象預報中心就已準確預報降雨量。颱風過後，ＣＮＮ不僅深入報導南台灣災情，還利用電腦動畫輔助說明，十一日甚至請來救難專家麥唐諾進行專業分析。

麥唐諾說：「卡崔娜颶風發生在全世界最有能力應對重大災難的國家（美國）。相較鄰國，台灣算是較有應對能力，但面對如此重大天災，台灣顯然仍手忙腳亂。」他也建議馬政府記取慘痛教訓，在災後重建時，考慮未來風險，以免重蹈覆轍。

台灣風災引起國際高度關注，包括美國三大電視網、福斯電視台、英國廣播公司（ＢＢＣ）、日本ＮＨＫ電視台、紐約時報、華爾街日報、美聯社、法新社與路透等知名媒體，均大幅報導台灣災情。ＢＢＣ指出，莫拉克颱風在週末夾帶豪雨襲擊台灣，令台灣當局措手不及。

香港明報新聞網也指出，馬政府的救災能力備受批評，莫拉克颱風可謂馬政府執政以來的一場「生死考驗」。

台灣優社批馬 助中更勝台灣

另，大洛杉磯台灣會館日前發起賑災募款，前董事長Stone Yen抨擊：「馬英九總統只會在媒體前作秀，並未真正協助災民。」

台灣優社（Taiwan Elite Alliance）社長潘鞠慧也說，馬英九極度傾中，對中國的協助更勝於自己的國家。

2009.8.13 尚恩說我不要跟你去

昨晚上完日語課回到家時, 小孩已在床上, 正準備進入夢鄉中, 所以不方便與尚恩聊天.
半夜一樣是兩點半, 叫尚恩起來小便.
隔天醒來後, 本來要送尚恩到培恩, 但尚恩一直講我不要跟你去.
讓我有些許的惆悵.....
因為叫他起床時, 我有打他.
出門前,他說手肘處(非我打他的地方)在痛, 而我要檢查時, 他不讓我檢查

今天我要早點回去與尚恩聊天
這禮拜的日語しゅくだい是要寫一篇作文, 題目是我的家族.
偏偏公司呢,在這禮拜比較忙一點....
回家前要先擬中文稿, 然後更有空時呢再來翻成日文...

2009.8.12 八八水災

8/7是莫拉克颱風關係,放假一天
8/8傳出南部水災.
雨量太大,南部多處地方相繼發生水災及土石流等.

非常非常慘.
我看到新聞畫面時,都掉眼淚了!
許許多多的家庭已無家可歸, 或妻離子散, 太可憐了!

這幾天我們家有收到退稅的款項, 我今日拿2000元出來捐給慈濟, 請慈濟繼續follow!

2009.8.10 尚恩的第三節游泳課

尚恩在培恩的第二個禮拜開始, 而今天是第三節的游泳課.
晚上碰面時,趕緊問尚恩今天游泳課教了什麼內容. 我以前沒上過游泳課, 另要讓尚恩回憶, 所以問了許多事.
尚恩這次肯回答了, 說學了水上漂, 肚子上放浮板, 抱住浮板, 眼睛看上面, 這樣就可以浮起來了.
還有學殭屍跳, 學憋氣等....

2009.8.10 Passive FTP and Active FTP

Passive FTP與Active FTP模式有何不同?
參考來源Active FTP vs. Passive FTP, a Definitive Explanation

簡明扼要的解釋是:
Active FTP: Ftp server會主動用自己的port 20去連線到Ftp client的port N+1
Passive FTP: Ftp server是被動的讓ftp client來連線到data port(非port 20)

2009.8.10 不同OS的Traceroute動作是不同的!

Cisco IOS/Linux 與 Microsoft Windows traceroute的動作是不同的.

簡單是這樣分:
windows -> tracert -> icmp
linux -> traceroute -> udp

仔細分是這樣:
共同的部分是一樣都是讓TTL隨著hop count的增加而遞增, 中間的點(TTL等於0的那一點)都會送icmp time exceeded(type=11 code=0)的 error message 回給送端.
但在實做時:
Cisco IOS and Linux
使用UDP封包. 目的地的udp port一開始是33434(但每多送一次,會遞增), 而source udp是亂數(不過是與0x8000做過OR後的亂數).
在中間的hop(還未到目的地的點),每當TTL到zero時, probe會送icmp time exceeded(type=11 code=0)的 error message 回給送端
一直到目的端時, 目的地端會回送icmp Port Unreachable(icmp type=3 code=3)error message給送端.
Microsoft Windows
此種OS就不是使用UDP封包, 而是用ICMP echo request與TTL. 而目的地端就不是用ICMP unreachable類型的封包回, 而是用ICMP echo reply回.

請參考Cisco Using the traceroute Command on Operating Systems

2009.8.10 家裡的電話及ADSL故障

家裡電話及ADSL從上禮拜四就故障, 也報修了, 而剛好又遇到莫拉克颱風, 所以還沒修好,可以體諒!
於是這次休三天在家, 都無法上網, 幸好也沒有公事是需要上網處理!
希望今天下班後, 已修理完畢!

2009.8.10 老爸問4次,兒子問21次的What is that?

我看影片後, 掉了眼淚..., 因為太感動了!
我的小孩一個七歲(暑假中,正要升小一), 另一個五歲,正在念中班.
大的正是迷惑之年, 常常在問我那是甚麼, 或是甚麼是甚麼.
而我總是非常有耐心,非常和藹可親的解釋
但如果是媽媽問我, 有時連一次的回答都不想回答........

值得深思--有一天我們也會老

影片內容概要：

一個老父親問兒子4次"那是甚麼?"，兒子回答4次"麻雀"後大發雷霆。

父親進家裡拿出自己的日記叫兒子念一段：

「...幾天前小兒子跟我在公園，

他問了我21次"那是甚麼?"，我回答了21次"麻雀"，

每一次都是緊抱著他，慈愛的回答我那純真的小孩...」

2009.8.6 SOL10328: Forcing a file system check on the next system reboot

SOL10328: Forcing a file system check on the next system reboot

---

Updated: 7/23/09 7:43 AM

The fsck utility is used to scan the file system for errors, and to correct those errors if possible. In order to correct errors, the file systems must be unmounted. Performing a file system check using the fsck utility can be a tedious manual process requiring the user to reboot the system to a minimal run level and then issue an fsck on each file system listed in the /etc/mtab file. This method requires direct access to the system in order to access and run the fsck utility.

A more convenient method is to force a file system check on the next system reboot. This method removes the tedious manual process, and allows the system to check all of the available file systems.

Important: F5 Networks recommends that you have direct access to the system during a forcefsck so that you are able to observe any errors or information that may be reported during the fsck process. While this method removes the manual process of specifying the various file systems, the system reboots into a minimal run level to perform the necessary tasks.

The following two methods can be used to force a file system check on the next reboot:

• Creating a forcefsck file in the root directory

  This method allows you to schedule a file system check at the next reboot by creating a blank file called forcefsck that resides in the / directory. When the system is rebooted, it will read this file and begin checking the file systems.

• Forcing a file system check using the shutdown command

  This method allows you to reboot the system immediately and perform a forced file system check using the shutdown command. When the command is issued, the system reboots and begins checking the file systems.

Creating a forcefsck file in the root directory

To create a forcefsck file in the root directory, perform the following procedure:

1. Log in to the command line.
2. To create the forcefsck file, type the following command:
   

   touch /forcefsck

3. Leave the file in place. A file system check is automatically run the next time the system reboots.

Forcing a file system check using the shutdown command

1. Log in to the command line.
2. To restart the BIG-IP and force a file system check, type the following command:
   shutdown -rF now

Once the fsck has finished checking the file systems, the system will continue to boot normally into the proper run levels.

2009.8.6 SOL7036: The Linux uptime counter wraps after 497 days

SOL7036: The Linux uptime counter wraps after 497 days

---

Known Issue
Updated: 7/21/09 11:05 AM

This is the result of a known issue, which was discovered in 1998 and still exists in the Linux 2.4 kernel. The kernel computes the system uptime based on the internal jiffies counter, which counts the time since boot in units of 10 milliseconds, or jiffies. The counter is a 32-bit counter, which has a maximum value of 2^32, or 4,294,967,296. When the counter reaches this value (after 497 days, 2 hours, 27 minutes, and 53 seconds, or approximately 16 months), it wraps back around to zero and continues to increment.

F5 Networks Product Development is tracking this Linux issue as CR74550. Currently, no Linux kernel patch is available to resolve this issue.

When the counter wraps, the following side effects may be observed:

• The ps (Process Status) command may report incorrect TIME values for daemons that were running at the time of the counter wrap
• Some processes that depend on accurate elapsed time calculations may be adversely affected, as detailed in the following Solutions:

SOL7071: SCCP kernel driver i2c read failure

SOL8087: SCCP kernel driver timer wrap may cause system component health misreadings (FirePass only)

SOL9679: The lacpd daemon stops sending LACP messages after 497 day linux uptime wraparound

SOL9683: The gtmd, tmm, or bcm56xxd daemons may crash after 497 day linux uptime wraparound

SOL10311: The performance graphs no longer display data after 497 day linux uptime wraparound

Note: These are the only known side effects of the uptime counter wrapping. The issues documented in these Solutions have been patched as noted therein. If you encounter issues that seem related but are not documented here, contact F5 Networks Technical Support.

Workaround

You can work around most issues created by the wrapping of the uptime counter by rebooting the system. In some cases, further remedial steps may be necessary. Refer to the solutions above for specifics.

You can avoid this issue by rebooting the system prior to the 497 day counter wrap. To determine how long the system has been up, use the Linux uptime command. The uptime command produces output that appears similar to the following example:

19:52:48 up 20 days, 9:24, 1 user, load average: 0.09, 0.05, 0.11

2009.8.6 Cat 3750 Stack function

2009.8.6 Cat 3750 Stack function
Cat 3750在有Stack功能之下的升級方式,請參閱Catalyst 3750 Software Upgrade in a Stack Configuration with Use of the Command-Line Interface
Cat3750設定Stack功能方式:Managing Switch Stacks or Creation and Management of Catalyst 3750 Switch Stacks
Cat3750當有cross-stack功能在時,要如何設定EtherChannel,請看Cross-Stack EtherChannel on a Catalyst 3750 Switch Configuration Example

喔, 要這樣收集相關文件,資訊等,蠻累的耶!

2009.8.5 台語俗語[阿婆踉港]意思與典故

阿婆踉港這俗語不陌生, 但由來一直不曉得. 一直到昨晚看一台節目, 主持人就解釋了阿婆踉港的由來. 今早起床後,忘記了由來的前半段,只記得後半段, 於是Google又發揮了價值, 把來由找出來了.
以下文來自於儒林戲語部落格

『阿婆踉港』這句俗語，為什麼說是最[正港]的台灣話呢？這是有歷史典故的。中日甲午戰爭滿清戰敗，1895年簽訂[馬關條約]將台灣割讓給日本，日軍由台北澳底登陸，由前清官出任的「台灣民主國」總統唐景松卻不戰而逃，以喬裝老太婆從滬尾港[今淡水港]，潛逃回大陸。留下台灣義勇軍與日軍做殊死激戰，戰死的台灣義勇軍，估計達一萬四千人以上。因此才有這句『阿婆踉港』俗語產生。形容見情勢不對有狀況時，自己先開溜，趕快逃跑的意思。因此，[跤踏台灣地，頭戴台灣天]的台灣人，要知道這段悲慘的台灣史。

SOL7727: A service check date that is earlier than the license check date now requires you to relicense the system before upgrading

SOL7727: A service check date that is earlier than the license check date now requires you to relicense the system before upgrading

---

Updated: 6/16/09 11:08 AM

Beginning with BIG-IP version 9.2 and Enterprise Manager version 1.2, a license check date in the software is verified against the service check date in the license file.

License Check Date

The license check date is a static date built into the software for BIG-IP products versions 9.2 and later.

The following table contains the license check date for BIG-IP versions 9.2 and later, and Enterprise Manager versions 1.2 and later:

Product	Version	License Check Date
Enterprise Manager	1.2.0	2005-08-24
Enterprise Manager	1.2.1	2006-10-02
Enterprise Manager	1.2.1	2006-08-18
Enterprise Manager	1.2.2	2006-08-18
Enterprise Manager	1.4	2006-08-18
Enterprise Manager	1.4.1	2007-08-18
Enterprise Manager	1.6.0	2007-08-18
Enterprise Manager	1.7.0	2006-10-02
BIG-IP	9.2 - 9.2.5	2005-08-24
BIG-IP	9.3.0	2007-03-23
BIG-IP	9.3.1	2007-10-09
BIG-IP	9.4 - 9.4.1	2006-10-02
BIG-IP	9.4.2 - 9.4.3	2007-09-18
BIG-IP	9.4.4	2007-12-07
BIG-IP	9.4.5	2008-05-01
BIG-IP	9.4.6 - 9.4.7	2008-09-15
BIG-IP	9.6.0 - 9.6.1	2007-12-05
BIG-IP	10.0.0	2009-01-02
BIG-IP	10.0.1	2009-04-24

Note: For information about an early build of Enterprise Manager version 1.2.1 that contained an incorrect license check date, refer to SOL7613: Enterprise Manager systems licensed prior to October 2, 2006 require relicensing after an upgrade to version 1.2.1.

Service Check Date

The service check date is located in the BIG-IP license and is the same as the date the license was last activated or the date the service contract for the device expires, whichever is earlier. For example, if you have an active service contract that ends on December 31, and you license a device on June 30, the service check date is set to June 30.

Note: The service check date in the BIG-IP license is updated each time the license is reactivated.

Enforcement during an upgrade

When you upgrade a system, the install script will verify the service check date with the license check date of the version being installed. If the service check date is missing or it is earlier than the license check date, the upgrade will not continue, and an error message similar to the following example is displayed:

An active service contract is required for the software you are attempting
to install. The license found for  
does not contain a valid service check date for this software release.
If you have a current service contract, please re-activate your product
license and resume installation. If you do not have an active service
contract, please contact F5 Sales. Cannot proceed with changes to this
product image.

Enforcement during system startup

The license check date enforcement also applies during system startup. The system compares the license check date to the service check date in the license file. If the service check date is earlier than the license check date, the system will initialize but the configuration will not be loaded. To allow the configuration to load, you must update the service check date in the license file by re-activating the system's license.

Important: For devices managed with Enterprise Manager version 1.4 and later, the Enterprise Manager will verify the license check date and the service check date before upgrading a managed system. If required, the Enterprise Manager will attempt to re-activate the system's license before performing the upgrade. For more information, refer to SOL7702: Upgrades using Enterprise Manager will verify service check date and attempt to reactivate system license if required.

Workaround

You can prevent upgrade issues by relicensing your system before performing the upgrade, or recovering a system that fails to initialize by relicensing your system after performing the upgrade. To do so, complete the following two procedures:

• Verifying the service check date in your license
• Reactivating the system's license

Verifying the service check date of your license

To verify the service check date in your system's license, perform the following procedure:

1. Log in to the command line.
2. Change directories to the /config directory, by typing the following command:
   
   cd /config
3. Parse the bigip.license file for the Service check date, by typing the following command:
   
   grep "Service check date" bigip.license
4. Referencing the table previously mentioned in this Solution, verify the Service check date listed is after the license check date listed for the version you are upgrading.

If the value in the Licensed Date field is earlier than the license check date, you must reactivate the system's license before upgrading.

Reactivating the system license

To reactivate a system's license, perform the following procedure:

1. Log in to the Configuration utility.
2. Click System.
3. Click License.
4. Click Reactivate.
5. Select either the Automatic or Manual as the activation method.

   Note: If your system does not have internet access to the F5 Networks license server, you must select Manual.

6. Click Next and follow the on-screen instructions.

Note: Be sure to log in as the admin user to re-license the system. For more information, refer to SOL9965: The admin user account must be used to license the system.

SOL4423: Overview of UCS archives

SOL4423: Overview of UCS archives

---

Updated: 9/24/08 2:17 PM

A UCS archive is a compressed file that contains all of the configuration files that are typically required to restore your current configuration to a new system. These files are:

• All BIG-IP specific configuration files
• BIG-IP product licenses
• User accounts and password information
• DNS zone files and ZoneRunner configuration
• SSL certificates and keys

Important: In addition to user accounts, passwords, and critical system files, the UCS archive contains the SSL private keys that are used with your SSL proxies. You must store backup UCS archives in an environment that is as secure as where you store your private keys.

Note: For more information about the specific files that are contained in a UCS archive and instructions about how to modify those files, refer to SOL4422: Viewing and modifying the files that are configured for inclusion in a UCS archive.

Creating a UCS archive

You can create a UCS archive at any time using the Configuration utility or the command line.

Configuration utility

To create a UCS archive from the Configuration utility, perform the following steps:

1. From the Configuration utility, click System.

2. Click Archives.

   The Archives page displays.

3. From the Archives page, click the Create button.

4. In the File Name field, type a name for the file.

   Note: You can supply a path for the file, but if you do, the file will not appear in the Archive List. Only files stored in the default UCS path, /var/local/ucs, will appear in the Archive List.

5. Select Enabled from the Encryption dropdown menu only if you want to encrypt the UCS archive file.

   Note: If you enable encryption, you will need to type a passphrase for the encrypted UCS archive file. This passphrase will be required in order to restore using the encrypted UCS archive.

6. Click the Finished button.

   A status screen displays.

7. Click the OK button.

Command line

To create a UCS archive from the command line, use the following command syntax:

bigpipe config save

Replace with the name you want to give the archive. If you include a path, the file will be saved to that location. If you do not include a path, the file will be saved to the default path, /var/local/ucs.

To create an encrypted UCS archive from the command line, use the following command syntax:

bigpipe config save passsphrase

Replace with the name you want to give the archive. If you include a path, the file will be saved to that location. If you do not include a path, the file will be saved to the default path, /var/local/ucs.

Replace with the password you want to give the archive.

Restoring a configuration from a UCS archive

You can restore a configuration that is contained in a UCS archive using the Configuration utility or the command line.

Configuration utility

To restore a configuration in a UCS archive using the Configuration utility, perform the following steps:

1. From the Configuration utility, click System.

2. Click Archives.

   The Archives page displays.

3. From the Archive List, click the name of the UCS archive from which you want to restore.

   Note: If the UCS archive is encrypted, you will need to type the passphrase for the encrypted UCS archive file in the Restore Passphrase field.

4. Click the Restore button.

   A status screen displays.

5. Click the OK button.

Command line

To restore a configuration in a UCS archive from the command line, use the following command syntax:

bigpipe config install

Replace with the name of the archive. If the file is not contained in the default path or the directory from which you are working, you must also specify the path.

Note: If the UCS archive file specified was encrypted, you will be prompted to enter the passphrase for the archive file.

For more information about backing up and restoring your configuration using a UCS archive, see SOL3499: Backing up and restoring BIG-IP LTM, GTM, Link Controller, or ASM configuration files..

Viewing the UCS archive content

Note: For encrypted UCS archive files, refer to SOL8465: Viewing and extracting the contents of an ecrypted UCS archive file.

To view the files that are saved in a UCS archive, use the following command syntax:

tar -ztf

Replace with the name of the UCS archive.

This will provide a list of all the files included in the UCS archive.

Extracting files from the UCS archive

Note: For encrypted UCS archive files, refer to SOL8465: Viewing and extracting the contents of an ecrypted UCS archive file.

You can extract the files from a UCS archive without overwriting your existing configuration by using one of the following processes:

• Extract all UCS archive files
• Extract a single UCS archive file

Extracting all UCS archive files

To extract all files from a UCS archive, perform the following steps:

1. Create a new directory within the /var/tmp directory, using the following command syntax:

   mkdir /var/tmp/

   Replace with a name of your choice.

2. Copy the UCS archive into the new directory using the following command syntax:

   cp /var/tmp//

   Replace with the name of the UCS archive from which you want to extract files and with the name of the directory that you created in step 1.

3. Change directories to the new directory using the following command syntax:

   cd /var/tmp/

   Replace with the name of the directory that you created in step 1.

4. Extract the files from the UCS archive using the following command syntax:

   tar -zxf

   Replace with the name of the UCS archive.

   This command will extract the files and put them in the current directory. It will create subdirectories to match the directories in which the configuration files are normally stored. For example, a config directory will be created and will contain all the files that are normally contained in the /config directory.

Extracting a single UCS archive file

To extract a single file from a UCS archive, perform the following steps:

1. Create a new directory within the /var/tmp directory using the following command syntax:

   mkdir /var/tmp/

   Replace with a name of your choice.

2. Copy the UCS archive into the new directory using the following command syntax:

   cp /var/tmp//

   Replace with the name of the UCS archive from which you want to extract files and with the name of the directory that you created in step 1.

3. Change directories to the new directory using the following command syntax:

   cd /var/tmp/

   Replace with the name of the directory that you created in step 1.

4. Extract the desired file from the UCS archive, using the following command syntax:

   tar -zxf

   Replace:

   • with the name of the UCS archive

   • with the relative path and name of the file that you want to extract from the UCS archive

   For example, to retrieve the file bigip.conf you must specify the config directory, but not the root directory.

   For example:

   tar -zxf myconfig.ucs config/bigip.conf

   This command will extract the files and put them in the current directory. It will create a subdirectory to match the directory in which the configuration file is normally stored. For example, if you extract config/bigip.conf, a config directory will be created.

Viewing the contents of a file contained in a UCS archive

Note: For encrypted UCS archive files, refer to SOL8465: Viewing and extracting the contents of an ecrypted UCS archive file.

To view a single file from a UCS archive on a terminal screen (standard output), perform the following steps:

1. Change directories to the directory that contains the UCS archive using the following command syntax:

   cd

   Replace with the name of the directory where the UCS achive is located.

   Extract the desired file from the UCS archive to standard output using the following command syntax:

   Note: The third character in the flags list is a capital letter "O".

   tar -zxOf

   Replace:

   • with the name of the UCS archive

   • with the relative pathe and name of the file that you want to extract from the UCS archive

   For example, to view the file bigip.conf you must specify the config directory, but not the root directory, as follows:

   tar -zxOf myconfig.ucs config/bigip.conf

   Note: It is possible to use wildcards, for example config/bigip.*, to display multiple files from an archive.

   Warning: Some files contained in a UCS archive are binary files which will not display correctly to standard output.

SOL10245: BIG-IP UCS installation and licensing behavior

SOL10245: BIG-IP UCS installation and licensing behavior

---

Updated: 7/30/09 2:23 PM

A user configuration set (UCS) is an archive of configuration files contained on a BIG-IP system, including the system license.

Note: For more information about the contents of a UCS file, refer to SOL4423: Overview of UCS archives.

When you use the bigpipe config save command to save the BIG-IP system configuration to a UCS file, the system also saves the existing license to the UCS file. When you use the bigpipe config install command to restore the UCS file on the BIG-IP system, the UCS installer uses the following logic to determine whether to install the license from the UCS file, or retain the system's existing license file:

• The license file is only installed when the hostname in the UCS file matches the system hostname
• If there is no /config/bigip.license on the system, the license from the UCS file is installed to the system
• If there is a /config/bigip.license on the system, the BIG-IP system performs the following checks to determine whether to install the license from the UCS, or retain the system's existing license file:
  
  
  • If neither license is time limited (neither license file contains a License end date), the BIG-IP system uses the LATEST_ONE.
    
    Note: For more information, refer to the following LATEST_ONE section.
  • If both licenses are time limited (both license files contain a License end date), the BIG-IP system uses the license that expires last. If the time limited date is the same, the BIG-IP system uses the LATEST_ONE.
    
    Note: For more information, refer to the following LATEST_ONE section.
  • If one license is time limited:
    • If the license has expired, use the other license
    • If the license is still valid, use the LATEST_ONE

LATEST_ONE

Select the service check date in both bigip.license files for the following conditions:

• If only one license contains a service check date, use that license
• If both licenses contain a service check date, use the license with latest service check date
• If the service check dates match or do not exist, use the license check date for comparison, and use the license with latest license check date

Note: For more information about the license check date, refer to SOL7727: A service check date that is earlier than the license check date now requires you to relicense the system before upgrading.

Note: For more information about saving and restoring BIG-IP configurations, refer to SOL3499: Backing up and restoring BIG-IP LTM, ASM, GTM, Link Controller, or WebAccelerator configuration files.

Ask F5 - Added and updated documents from 7/26 through 8/01

*Top 10 Solutions for July*

1. SOL8035: Overview of BIG-IP daemons https://support.f5.com/kb/en-us/solutions/public/8000/000/sol8035.html

2. SOL5527: Configuring the BIG-IP system to log to a remote syslog server https://support.f5.com/kb/en-us/solutions/public/5000/500/sol5527.html

3. SOL3499: Backing up and restoring BIG-IP LTM, ASM, GTM, Link Controller, or WebAccelerator configuration files https://support.f5.com/kb/en-us/solutions/public/3000/400/sol3499.html

4. SOL3667: Configuring SNMP trap alerts to send email notifications https://support.f5.com/kb/en-us/solutions/public/3000/600/sol3667.html

5. SOL7024: Overview of the configsync process https://support.f5.com/kb/en-us/solutions/public/7000/000/sol7024.html

6. SOL2486: Providing files to F5 Networks Technical Support https://support.f5.com/kb/en-us/solutions/public/2000/400/sol2486.html

7. SOL4707: Choosing a profile for HTTP traffic https://support.f5.com/kb/en-us/solutions/public/4000/700/sol4707.html

8. SOL9447: Choosing an installation method https://support.f5.com/kb/en-us/solutions/public/9000/400/sol9447.html

9. SOL7595: Overview of IP forwarding virtual servers https://support.f5.com/kb/en-us/solutions/public/7000/500/sol7595.html

10. SOL3350: Changing account passwords for the command line and Configuration utility https://support.f5.com/kb/en-us/solutions/public/3000/300/sol3350.html

*FirePass hotfix released*

FirePass has releases cumulative HF-602-11 for FirePass version 6.0.2. For more information, refer to the following location:

F5 Networks Downloads site:

https://downloads.f5.com/esd/product.jsp?sw=FirePass&pro=firepass_v5.x&fromArchive=1&prodesc=FirePass&ver=6.0.2

*Added and updated documents from 7/26 through 8/01*

BIG-IP - New
SOL10366: BIND vulnerability - CVE-2009-0696 https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10366.html

SOL10352: Qkview may not collect all necessary BIG-IP WebAccelerator log files https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10352.html

SOL10350: Deleting the dynamic parameter does not delete the corresponding extraction object https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10350.html

SOL10348: A large client-side TCP window scale factor may cause data re-segmentation https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10348.html

SOL10347: LACP trunk may be created with actor key value set to 0 https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10347.html

SOL10344: The BIG-IP GTM system logs an error message for a default gateway pool in another datacenter https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10344.html

SOL10343: A virtual server configured with a FastL4 profile and no available pool members will not send a reset packet https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10343.html

SOL10340: A BIG-IP GTM user with the Operator role cannot enable or disable BIG-IP GTM pool members https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10340.html

SOL10338: The command prompt changes to ?Active? after loading larger BIG-IP GTM configurations https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10338.html

SOL10337: Simultaneously changing the BIG-IP GTM monitor's timeout and interval values results in the host status changing to a down state https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10337.html

SOL10336: The pvad process may crash when attempting to add a pool and node at the same time https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10336.html

SOL10334: The BIG-IP GTM object status changes may not immediately reflect in the Configuration utility https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10334.html

SOL10332: Remote syslog entries are not correctly imported during an upgrade https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10332.html

SOL10331: Configuring the big3d agent to listen on all self IP addresses on a VLAN https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10331.html

SOL10321: The BIG-IP system sends duplicate traps when Agent Authentication is enabled https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10321.html

SOL10319: Using the tcpdump utility disables hardware checksum offloading https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10319.html

SOL10318: Cache-Control headers may still be modified when the client cache policy is set to 'Do not change'
https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10318.html

SOL10312: Events contained in a UCS archive may cause configsync operations to fail https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10312.html

SOL10296: Error Message: The vlan for self IP must be one of the vlans in the associated route-domain https://support.f5.com/kb/en-us/solutions/public/10000/200/sol10296.html

SOL10281: The persist none iRule command does not disable cookie persistence for the connection when used with the LB::reselect command https://support.f5.com/kb/en-us/solutions/public/10000/200/sol10281.html

SOL10245: BIG-IP UCS installation and licensing behavior https://support.f5.com/kb/en-us/solutions/public/10000/200/sol10245.html

BIG-IP - Updated
SOL10288: Supported product module combinations by platform https://support.f5.com/kb/en-us/solutions/public/10000/200/sol10288.html

SOL10258: ZebOS integration changes starting in BIG-IP version 9.4.4 https://support.f5.com/kb/en-us/solutions/public/10000/200/sol10258.html

SOL10167: Overview of the ClientSSL profile https://support.f5.com/kb/en-us/solutions/public/10000/100/sol10167.html

SOL10111: The BIG-IP WebAccelerator corrupts the Cache-Control header under certain conditions https://support.f5.com/kb/en-us/solutions/public/10000/100/sol10111.html

SOL10025: Managing F5 Networks product hotfixes for BIG-IP version 10.x systems https://support.f5.com/kb/en-us/solutions/public/10000/000/sol10025.html

SOL9858: Deleting a node address using iControl may cause pvad to core https://support.f5.com/kb/en-us/solutions/public/9000/800/sol9858.html

SOL9812: Overview of BIG-IP TCP RST behavior https://support.f5.com/kb/en-us/solutions/public/9000/800/sol9812.html

SOL9476: The F5 Networks hardware / software compatibility matrix https://support.f5.com/kb/en-us/solutions/public/9000/400/sol9476.html

SOL9143: The Linux IP routing policy rule for route lookups on the management port is missing https://support.f5.com/kb/en-us/solutions/public/9000/100/sol9143.html

SOL9085: The BIG-IP GTM uses an internal database to provide geolocation maps for topology load balancing https://support.f5.com/kb/en-us/solutions/public/9000/000/sol9085.html

SOL8994: The BIG-IP GTM HTTP monitor fails when the server response uses HTTP Keep-Alive headers https://support.f5.com/kb/en-us/solutions/public/8000/900/sol8994.html

SOL8989: The SSL certificate expiration date is displayed incorrectly in the Configuration utility https://support.f5.com/kb/en-us/solutions/public/8000/900/sol8989.html

SOL8968: Enabling persistence for a virtual server bypasses load balancing https://support.f5.com/kb/en-us/solutions/public/8000/900/sol8968.html

SOL8966: A corrupt MySQL password prevents the Configuration utility from loading https://support.f5.com/kb/en-us/solutions/public/8000/900/sol8966.html\

SOL8940: The BIG-IP system processes traffic for virtual servers after disabling the virtual address https://support.f5.com/kb/en-us/solutions/public/8000/900/sol8940.html

SOL8928: VIPRION compression licensing levels https://support.f5.com/kb/en-us/solutions/public/8000/900/sol8928.html

SOL8927: The BIG-IP system fails to send a TCP window update when interacting with certain TCP/IP stacks https://support.f5.com/kb/en-us/solutions/public/8000/900/sol8927.html

SOL8517: Enabling attack signatures that were not triggered during the staging process https://support.f5.com/kb/en-us/solutions/public/8000/500/sol8517.html

SOL8439: Configuring local host name resolution for BIG-IP version 9.4.2 and later https://support.f5.com/kb/en-us/solutions/public/8000/400/sol8439.html

SOL8254: Support for the OSPF routing protocol in BIG-IP LTM high availability pairs https://support.f5.com/kb/en-us/solutions/public/8000/200/sol8254.html

SOL7922: Overview of BIG-IP ASM HTTP response code filtering https://support.f5.com/kb/en-us/solutions/public/7000/900/sol7922.html

SOL7747: SSL Transactions performance graph and TPS licensing rate limit reached log messages https://support.f5.com/kb/en-us/solutions/public/7000/700/sol7747.html

SOL7233: Change in Behavior: The BIG-IP ASM UCS no longer contains Forensic and Events data https://support.f5.com/kb/en-us/solutions/public/7000/200/sol7233.html

SOL7225: Overview of the BIG-IP LTM mirroring transport protocol https://support.f5.com/kb/en-us/solutions/public/7000/200/sol7225.html

SOL7222: Overview of connection and persistence mirroring https://support.f5.com/kb/en-us/solutions/public/7000/200/sol7222.html

SOL6768: Restricting Configuration utility access to SSL clients that are 128 bits or higher https://support.f5.com/kb/en-us/solutions/public/6000/700/sol6768.html

SOL6767: Overview of the BIG-IP LTM SSL session cache https://support.f5.com/kb/en-us/solutions/public/6000/700/sol6767.html

SOL6475: Error message: 'SSL transaction (TPS) rate limit reached' or 'no SSL TPS or run out'
https://support.f5.com/kb/en-us/solutions/public/6000/400/sol6475.html

SOL6401: Configuring the BIG-IP to use an intermediate or chain certificate with a clientssl profile https://support.f5.com/kb/en-us/solutions/public/6000/400/sol6401.html

SOL6008: Change in Behavior: The BIG-IP system can be configured to execute commands or scripts upon failover https://support.f5.com/kb/en-us/solutions/public/6000/000/sol6008.html

SOL1858: Overview of the qkview utility
https://support.f5.com/kb/en-us/solutions/public/1000/800/sol1858.html

FirePass - New
SOL10357: Configuring RSA SecurID Authentication on a FirePass standalone controller https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10357.html

SOL10351: The BIG-IP WebAccelerator logs a benign warning message when it receives a request containing a Proxy-Connection header https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10351.html

SOL10329: The Java console reports a 'load: class com.citrix.JICA not found' error when attempting to connect to a Java-based Citrix MetaFrame Terminal Server favorite https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10329.html

SOL10327: Overview of FirePass version 6.0.3 cumulative HF-603-4 https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10327.html

SOL10322: FirePass hotfix matrix
https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10322.html

FirePass - Updated
SOL10259: The session variable session.os.platform is incorrectly set to Undefined for new browsers https://support.f5.com/kb/en-us/solutions/public/10000/200/sol10259.html

SOL10253: Processor change for the FirePass 4100 platform https://support.f5.com/kb/en-us/solutions/public/10000/200/sol10253.html

SOL10222: The RSA Authentication field is pre-populated with existing credentials when using the VPN standalone client https://support.f5.com/kb/en-us/solutions/public/10000/200/sol10222.html

SOL10220: The password expiration warning may not display if the gPLink attribute contains multiple Group Policy Objects https://support.f5.com/kb/en-us/solutions/public/10000/200/sol10220.html

SOL10197: Passive FTP fails through Static Application Tunnels after installing cumulative hotfix HF-603-2.1 or HF-603-3 https://support.f5.com/kb/en-us/solutions/public/10000/100/sol10197.html

SOL10184: Network Access session disconnects when using Safari https://support.f5.com/kb/en-us/solutions/public/10000/100/sol10184.html

SOL10009: FirePass 1000 and 1200 series controllers do not support clustering https://support.f5.com/kb/en-us/solutions/public/10000/000/sol10009.html

SOL9778: Archived logs are not sent to the configured email address https://support.f5.com/kb/en-us/solutions/public/9000/700/sol9778.html

SOL9153: Secondary cluster nodes may become intermittently unresponsive when the Automatically add websites that require client side cookie manipulation setting is enabled https://support.f5.com/kb/en-us/solutions/public/9000/100/sol9153.html

SOL8702: Citrix resources fail to launch through Portal Access when the FirePass URL is in the Trusted Sites list of Internet Explorer https://support.f5.com/kb/en-us/solutions/public/8000/700/sol8702.html

SOL8597: Overview of concurrent session limits https://support.f5.com/kb/en-us/solutions/public/8000/500/sol8597.html

Enterprise Manager - New
SOL10349: Enterprise Manager may require network access to the following F5 Networks hosts: activate.f5.com, callhome.f5.com, and drop.f5.com https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10349.html

Release Note: Enterprise Manager version 1.8 https://support.f5.com/kb/en-us/products/em/releasenotes/product/relnotes_1_8_em.html

Manual: Enterprise Manager Administrator Guide 1.8 https://support.f5.com/kb/en-us/products/em/manuals/product/Enterprise_Manager_AdminGuide_1_8.html

Enterprise Manager - Updated
SOL6556: Enterprise Manager software support policy https://support.f5.com/kb/en-us/solutions/public/6000/500/sol6556.html

ARX - New
SOL10355: A share remains offline after a Windows cluster failover https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10355.html

SOL10307: Editing an export after using the browser's Back button will cause the ARX Manager GUI to dump core https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10307.html

ARX - Updated
SOL10157: A drain share rule may result in omTransactionRaise traps being logged https://support.f5.com/kb/en-us/solutions/public/10000/100/sol10157.html
____________________________________________________________________
F5 Networks | 401 Elliott Avenue West | Seattle, Washington 98119

The Leader in Application Traffic Management Ensuring secure and optimized application delivery for global enterprises.

You may unsubscribe from this list at any time by sending a blank email to technews-unsubscribe@lists.f5.com

2009.8.4 Fine-Tuning Loggin Message Generation

• If only firewall error conditions should be recorded and no one will regularly view the message logs, choose severity level 3(errors).
• If you are primarily interested in seeing how traffic is being filtered by the firewall access lists, choose severity level 4(warnings).
• If you need an audit trail of firewall users and their activity, choose severity level 5(notifications).
• If you will be using a firewall log analysis application, you should choose severity level 6(informational). This is the only level that produces messages about connections that are created, as well as the time and data volume usage.

ASA logging的開法

ASA 基本logging的開法, 其他snmp, ftp, mail等不記載.
這樣就能讓buffer, telnet/ssh, asdm能及時收到notifications級(5級)的log

NTP Info and NTP開法

現在標準時間是要遵循UTC不是GMT, 參考GMT 與 UTC 有何不同
NTP (Network Time Protocol), 現在是v3, RFC1305, UDP port 123
常用的NTP Server清單如下:

1. tock.stdtime.gov.tw 220.130.158.71
2. time.stdtime.gov.tw 220.130.158.52
3. clock.stdtime.gov.tw 220.130.158.72
4. freq_f.stdtime.gov.tw 210.59.157.26
5. tick.stdtime.gov.tw 220.130.158.51
6. stdtime.sinica.edu.tw 140.109.1.4
7. time.nist.gov 192.43.244.18

---------------------------------------------------------------------
PIA/ASA ntp
ntp server 192.43.244.18
ntp server 220.130.158.71 prefer

SOL6845: Managing F5 Networks product hotfixes for BIG-IP version 9.x systems

SOL6845: Managing F5 Networks product hotfixes for BIG-IP version 9.x systems

---

Updated: 8/3/09 10:47 AM

About the hotfix functionality
Saving and backing up existing BIG-IP version 9.x system configuration data
Downloading the hotfix files
Verifying the MD5 Checksum of the hotfix files
Installing the hotfix
Uninstalling hotfixes
Verifying the hotfix version installed

This Solution describes how to manage hotfixes for BIG-IP version 9.x systems.

Note: Managing BIG-IP hotfixes has changed in BIG-IP version 10.x. For information about installing version 10.x hotfixes on systems with a logical volume management (LVM) disk-formatting scheme, refer to SOL10025: Managing F5 Networks product hotfixes for BIG-IP version 10.x systems. For information about installing BIG-IP version 10.x hotfixes on partitioned systems, refer to SOL9819: Installing a BIG-IP version 10.x hotfix on a partitioned system.

Important: F5 Networks recommends that you install hotfixes using a serial console or SSH connection to the management port IP address. The hotfix installation script may restart the TMM process, which will terminate all connectivity to the BIG-IP self IP addresses. If the hotfix is installed when connected to a self IP address, you may leave the BIG-IP system in an inaccessible state.

Important: For hotfixes containing an update which requires a loss of SSH connectivity to the management IP address, the hotfix should only be installed using the serial console. For information about installation requirements, refer to the associated hotfix readme note.

About the hotfix functionality

The functionality provided for managing hotfixes includes the following:

• Hotfixes are fully cumulative within each product
  

  Every time a cumulative hotfix is produced, all packages from previously-generated hotfixes for that product on that branch are automatically included in the cumulative hotfix. The most recently created hotfix for each product contains all previously-issued hotfixes for that product.

• Hotfixes have a version number
  

  Each cumulative hotfix has a version number. You can use the bigpipe version command to display the version of the cumulative hotfix installed on the system. Also, the hotfix installation manager (IM) packages are named using the hotfix version.

• Hotfixes on a system can be uninstalled
  

  You can use the hotfix uninstall installation manager (IM) package to remove all hotfixes from a system. This process brings the system back to the base version installed on the system.

  Note: The hotfix uninstall functionality was added to the BIG-IP version 9.3 software branch, version 9.4 software branch and version 9.1.2 of the 9.1 software branch.

  Important: The hotfix uninstall functionality is not supported in the BIG-IP version 9.2 software branch.

Saving and backing up existing BIG-IP version 9.x system configuration data

Before you install or uninstall a hotfix, you must save your BIG-IP version 9.x configuration data. Backing up your configuration prevents loss of data if, for any reason, the hotfix installation or uninstallation is not successful.

You can collect and archive the BIG-IP version 9.x configuration files by typing the following command from the BIG-IP system command line:

bigpipe config save /config.ucs

Important: It is critical that you back up the archived configuration files to a remote location. In the event this process fails, you may need to use the remotely-stored file in order to restore your BIG-IP version 9.x configuration data.

Downloading the hotfix files

After you save the existing configuration, download the hotfix files from the F5 Networks Downloads site. There are three types of files for each hotfix:

• IM files
  

  Each hotfix has two IM files: one IM file for installing the hotfix, and one IM file for removing all hotfixes installed.

• MD5 files
  

  Each IM file has a corresponding MD5 file for checking the integrity of the IM files.

• Hotfix Release Note / README files
  

  Each IM file has a corresponding Hotfix Release Note / README file. You should always read the Hotfix Release Note / README files before you install a hotfix. This file contain important notes about each particular hotfix installation and uninstallation file.
  
  Note: Starting in BIG-IP versions 9.3 and 9.4.1, the README file name was changed to Hotfix Release Note.

  Important: Always read the Hotfix Release Note / README files and follow hotfix instructions for each specific hotfix. These instructions may include critical tasks, including rebooting the host, the SCCP or both.

For information about downloading files from the F5 Networks Downloads site, refer to SOL167: Downloading software from F5 Networks.

Download the following files for the hotfix you want to install:

• Download the hotfix installation and uninstallation IM packages:

  • Hotfix-BIG-IP-9.x.x-HFyy.im
    

    This file is the hotfix installation IM file. The 9.x.x part of the file name denotes the software version, the HFyy part of the file is the cumulative hotfix number.

  • HotfixUninstall-BIG-IP-9.x.x-HFyy.im
    

    This file is the hotfix uninstallation IM file. The 9.x.x part of the file name denotes the software version, the HFyy part of the file is the cumulative hotfix number.

• Download the corresponding MD5 files:

  • Hotfix-BIG-IP-9.x.x-HFyy.md5
    

    This file is the hotfix installation MD5 file. The 9.x.x part of the file name denotes the software version, the HFyy part of the file is the cumulative hotfix number.

  • HotfixUninstall-BIG-IP-9.x.x-HFyy.md5
    

    This file is the hotfix uninstallation MD5 file. The 9.x.x part of the file name denotes the software version, the HFyy part of the file is the cumulative hotfix number.

Note: For information about transferring files to the BIG-IP system, refer to SOL175: Transferring files to or from an F5 Networks system.

Verifying the MD5 checksum of the hotfix files

After you download the hotfix files and the matching MD5 checksum files, and before you perform the installation, we recommend you test the integrity of each file to ensure file quality. To run the test, type the following command, where Hotfix-BIG-IP-9.x.x-HFyy.im is the name of the upgrade file you downloaded:

md5sum Hotfix-BIG-IP-9.x.x-HFyy.im
cat Hotfix-BIG-IP-9.x.x-HFyy.md5

The two MD5 hash values should be identical. Ensure the output matches the contents of the corresponding MD5 file. If the output matches, install the file; if the output does not match, download the file again and repeat the process.

Installing a hotfix

Before you install a cumulative hotfix, you must first consider whether the system has a hard drive or a CompactFlash media drive.

• Hard drive installation

  Systems with hard drives typically have enough disk space to download the hotfix file directly to the hard drive and perform the installation. For hard drive installations, refer to the Installing a hotfix on a system with a hard drive section.

• CompactFlash media drive installation

  Systems with only CompactFlash media drives typically do not have enough space to download and install the hotfix file. In this case, you must create a memory file system to accommodate the hotfix file. For CompactFlash media drive installation, refer to Installing the hotfix on systems with CompactFlash media drives.

Installing a hotfix on a system with a hard drive

After you have downloaded the files to the hard drive on the system and checked their integrity using the MD5 files, you can install the hotfix by typing the following command, where Hotfix-BIG-IP-9.x.x-HFyy.im is the name of the hotfix installation IM file:

im Hotfix-BIG-IP-9.x.x-HFyy.im

Installing the hotfix on systems with CompactFlash media drives

Note: Before installing the hotfix on systems with CompactFlash media drives, it is recommended to first uninstall any previous hotfix installation. For information about uninstalling previous hotfix installations, refer to the uninstalling hotfixes on systems with CompactFlash media drives section.

To install the hotfix on systems with CompactFlash media drives, perform the following procedure:

1. From the BIG-IP command line, create a memory file system by typing the following command:

   mkdir /var/ramfs

2. Mount the directory by typing the following command:

   mount -t ramfs none /var/ramfs

3. Change directories to the /var/ramfs directory by typing the following command:

   cd /var/ramfs

4. Copy the Hotfix-BIG-IP-9.x.x-HFyy.im file from the location where you downloaded the file, , to the /var/ramfs directory on the target BIG-IP system. For example, if you obtain the files through Secure Copy (scp) on the system where the file is located, you would type the following command:

   scp root@:/
   /Hotfix-BIG-IP-9.x.x-HFyy.im /var/ramfs/Hotfix-BIG-IP-9.x.x-HFyy.im

5. Install this hotfix by typing the following command:

   im /var/ramfs/Hotfix-BIG-IP-9.x.x-HFyy.im

6. Reboot the system by typing the following command:

   /usr/bin/full_box_reboot

   
   Important: After you install the hotfix, for the system to function properly, you must type the /usr/bin/full_box_reboot command to reboot the system.

For BIG-IP platforms containing a Switch Card Control Processor (SCCP), such as the 1500, 3400, 4100, 6400, 6800 and 8400 platforms, a full system reboot including the SCCP must be performed. Follow the instructions provided in the Hotfix Release Note / README file to reboot the system.

Uninstalling hotfixes

Important: If you want to uninstall the hotfix using the hotfix uninstall IM file, be aware that all previous hotfixes installed on the system will be removed by this process. After you complete the uninstall process, the system returns to the base version of the product with all previously installed hotfixes removed.

Before you uninstall a cumulative hotfix, you must first consider whether the system has a hard drive or a CompactFlash media drive.

• Hard drive uninstallation
  

  Systems with hard drives typically have enough disk space to download the hotfix file directly to the hard drive and perform the uninstallation. For hard drive uninstallations, refer to Uninstalling hotfixes on a system with a hard drive.

• CompactFlash media drive uninstallation
  

  System with CompactFlash media drives typically do not have enough space to download and run the hotfix uninstallation file. In this case, you must create a memory file system to accommodate the hotfix uninstallation file. For CompactFlash media drive uninstallation refer to Uninstalling the hotfix on systems with CompactFlash media drives.

Uninstalling hotfixes on systems with hard drives

After you download the files to the hard drive on the system and check their integrity using the MD5 files, you can uninstall the hotfix by typing the following command, where HotfixUninstall-BIG-IP-9.x.x-HFyy.im is the name of the hotfix uninstallation IM file.

im HotfixUninstall-BIG-IP-9.x.x-HFyy.im

Uninstalling hotfixes on systems with CompactFlash media drives

To uninstall hotfixes on systems with CompactFlash media drives, perform the following procedure:

1. From the BIG-IP command line, create a memory file system by typing the following command:

   mkdir /var/ramfs

2. Mount the directory by typing the following command:

   mount -t ramfs none /var/ramfs

3. Change directories to the /var/ramfs directory by typing the following command:

   cd /var/ramfs

4. Copy the HotfixUninstall-BIG-IP-9.x.x-HFyy.im file from the location where you downloaded the file, , to the /var/ramfs directory on the target BIG-IP system. For example, to use scp on the system where the file is located, you would type the following command:

   scp root@:/
   /Hotfix-BIG-IP-9.x.x-HFyy.im /var/ramfs/Hotfix-BIG-IP-9.x.x-HFyy.im

5. Install this hotfix by typing the following command:

   im /var/ramfs/HotfixUninstall-BIG-IP-9.x.x-HFyy.im

6. Reboot the system by typing the following command:

   reboot

   Important: After you install the hotfix, for the system to function properly with the hotfix, you must reboot the system.

For BIG-IP platforms containing a Switch Card Control Processor (SCCP), such as the 1500, 3400, 4100, 6400, 6800 and 8400 platforms, a full system reboot including the SCCP must be performed. Follow the instruction provided in the Hotfix Release Note / README file to reboot the system.

Verifying the hotfix version installed

You can verify the hotfix version running on a system using the bigpipe version command. The Product version number itself is not changed by installing a hotfix. You can identify which hotfix version is installed on the system by the version indicated in the Hotfix Version line of the bigpipe version command output. For example, to obtain information about the hotfix version installed on your system, type bigpipe version in the command line. Output similar to the following indicates the system is running hotfix version 3, or HF3:

Kernel:
Linux 2.4.21-9.1.2.15.4smp
Package:
BIG-IP Version 9.1.2 15.4
Hotfix Version HF3