Forum Discussion

daboochmeister's avatar
Jul 29, 2015

APM OAM, access server hostname FQDN trimmed to simple name before use...?

Environment: Big-IP 4200v running LTM 11.5.2 with APM

 

We have an OAM integrated as a AAA server in APM, and for some reason, even though we use a fully-qualified name for the access server hostname, it seems that the OAM SDK calls are all trying to reach out to the simple version of the name (that is, we have host.domain.com in the configuration, but the OAP calls all are made to host:5575, instead of host.domain.com:5575).

 

I know this is the case, because I have manual name resolution in place at this point, via hosts file entries - and if I don't have the simple name resolved, OAM calls fail - if I add in resolution of the simple name, it works fine.

 

This does not happen with other OAM integrations we have, on other F5s, they all use the fqdn.

 

This isn't really a problem, we can live with the simple name - but it's dang curious. Any thoughts?

 

  • Actually - I think we figured it out. The APM OAM module just uses the access server hostname that you configure in to establish an initial connection with the OAM servers - during that initial connection, it retrieves a more complete configuration from OAM (which it saves in file ObClientAccess.xml, buried in the OAM file system tree under /config/aaa). I noticed in that file that the plain names are being returned from the OAM server.

     

    We still haven't found where in the OAM configuration it's occurring, but it's definitely something on the OAM side.

     

    Can a moderator pls mark this response as the answer to this question? I don't seem to be able to mark my own responses as answers.

     

    • Nut_Pornsopon_1's avatar
      Nut_Pornsopon_1
      Icon for Nimbostratus rankNimbostratus
      Hi, I'm not sure to understand you correctly. So, i'm try to debugging tcpdump from APM with OAM log byself. APM store OAM WebGate configuration within the path that you mention. If primary and secondary OAM server name in configure file contain only hostname instead FQDN. When you initialize APM, F5 will use hostname to communicate with OAM firstly if OAM not reachable with hostname. F5 will use FQDN to commnicate. Note : I'm very recommend you to use DNS instead configure host file. If you use host file you will found another issue in the future. Hope this help.
    • daboochmeister's avatar
      daboochmeister
      Icon for Cirrus rankCirrus
      Thanks, Nut Pornsopon - the hosts file is temporary, till we get DNS updated (a different group within our organization manages DNS, and we're going through the process of coordinating an alias). I think you're understanding the overall issue correctly - we use FQDN in our APM AAA server configuration (for the "access server hostname", specifically), but after the initial use of that FQDN to reach the primary OAM server, the configuration received back from OAM has plain names in it, and those plain names are used from that point on. So we're coordinating with the OAM group to get their configuration corrected to use FQDN.