F5 BIG-IP - LTM Survival Guide: Difference between revisions

From IT-Arts.net
Created page with "Category:Wiki '''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]''''' == CHOOSE PARTITION == Enter tmsh and choose partition : <nowiki> tmsh cd /<PARTITION_NAME></nowiki> == SHOW VS CONFIG == <nowiki> # show running-config ltm virtual <VS_NAME> ltm virtual <VS_NAME>_443 { destination 1.2.3.4%1094:443 ip-protocol tcp mask 255.255.255.255 partition LBP3-LBPFM pool Pool_<VS_NAME> profiles { /Common/tcp { }..."
 
 
(6 intermediate revisions by the same user not shown)
Line 10: Line 10:
tmsh
tmsh
cd /<PARTITION_NAME></nowiki>
cd /<PARTITION_NAME></nowiki>


== SHOW VS CONFIG ==
== SHOW VS CONFIG ==
Line 40: Line 38:
     translate-port enabled
     translate-port enabled
     vs-index 147
     vs-index 147
}
}</nowiki>
 
 


== SHOW POOL CONFIG ==
== SHOW POOL CONFIG ==
Line 64: Line 60:
     monitor /Common/tcp
     monitor /Common/tcp
     partition PARTITION_NAME
     partition PARTITION_NAME
}
}</nowiki>


== SHOW POOL STATISTICS ==
== SHOW POOL STATISTICS ==
Line 95: Line 91:
cs-client-addr      cs-server-addr    ss-client-addr    ss-server-addr</nowiki>
cs-client-addr      cs-server-addr    ss-client-addr    ss-server-addr</nowiki>


# Filter                                # Description
=== Filters & Descriptions ===
*cs-client-addr
**The (client) source IP address on the clientside of the connection. Subnets are allowed by specifying an optional prefix length up to /24 and /56 for IPv4 and IPv6 respectively.
*cs-client-port
** The (client) source port on the clientside of the connection
*cs-server-addr
** The (server) destination IP address on the clientside of the connection (i.e. the Virtual Server IP address). Subnets are allowed by specifying an optional prefix length up to /24 and /56 for IPv4 and IPv6 respectively.
*cs-server-port
** The (server) destination port on the clientside of the connection (i.e. the Virtual Server port)
*ss-client-addr
**The (client) source IP address on the serverside of the connection (i.e. the SNAT address)
*ss-client-port
**The (client) source port on the serverside of the connection (i.e. the SNAT port)
*ss-server-addr
**The (server) destination IP address on the serverside of the connection (i.e., the Pool Member address)
*ss-server-port
** The (server) destination port on the serverside of the connection (i.e., the Pool Member port)
 


* '''cs-client-addr''': The (client) source IP address on the clientside of the connection. Subnets are allowed by specifying an optional prefix length up to /24 and /56 for IPv4 and IPv6 respectively.
* '''cs-client-port''': The (client) source port on the clientside of the connection.
* '''cs-server-addr''': The (server) destination IP address on the clientside of the connection (i.e. the Virtual Server IP address). Subnets are allowed by specifying an optional prefix length up to /24 and /56 for IPv4 and IPv6 respectively.
* '''cs-server-port''': The (server) destination port on the clientside of the connection (i.e. the Virtual Server port).
* '''ss-client-addr''': The (client) source IP address on the serverside of the connection (i.e. the SNAT address).
* '''ss-client-port''': The (client) source port on the serverside of the connection (i.e. the SNAT port).
* '''ss-server-addr''': The (server) destination IP address on the serverside of the connection (i.e., the Pool Member address).
* '''ss-server-port''': The (server) destination port on the serverside of the connection (i.e., the Pool Member port).


== SHOW VS LOGS ==
== SHOW VS LOGS ==


  <nowiki>
  <nowiki>
tail /var/log/ltm | grep <VS_NAME><nowiki>
tail /var/log/ltm | grep <VS_NAME></nowiki>


The /var/log/ltm will show the time according to the Time Zone configured while the tmsh show sys log ltm  will show the UTC time.
The /var/log/ltm will show the time according to the Time Zone configured while the tmsh show sys log ltm  will show the UTC time.


== SHOW VS STATISTICS ==
== SHOW VS STATISTICS ==
Line 178: Line 163:
   Last 5 Seconds                            0
   Last 5 Seconds                            0
   Last 1 Minute                              0
   Last 1 Minute                              0
   Last 5 Minutes                            0
   Last 5 Minutes                            0</nowiki>
 
 


== USEFUL LINKS ==
== USEFUL LINKS ==


* [F5 BIG-IP LTM Command Line Interface (CLI) Guide](https://my.f5.com/manage/s/article/K40033505)
* [F5 BIG-IP LTM Command Line Interface (CLI) Guide](https://my.f5.com/manage/s/article/K40033505)
  - This guide provides an overview of **F5 BIG-IP LTM CLI commands** and their usage, ideal for network administrators working with F5 load balancers.
* [F5 BIG-IP LTM Troubleshooting and Logs](https://my.f5.com/manage/s/article/K53851362)
* [F5 BIG-IP LTM Troubleshooting and Logs](https://my.f5.com/manage/s/article/K53851362)
  - A detailed article covering various **troubleshooting techniques** for F5 BIG-IP LTM, including analyzing logs, inspecting performance statistics, and diagnosing issues.
* [F5 BIG-IP LTM Configuration Examples](https://my.f5.com/manage/s/article/K28245234)
* [F5 BIG-IP LTM Configuration Examples](https://my.f5.com/manage/s/article/K28245234)
  - A collection of useful **configuration examples** for **F5 BIG-IP LTM**. This includes virtual server, pool, SSL, and other common configuration scenarios.
* [F5 BIG-IP iRule Documentation](https://support.f5.com/csp/article/K19240)
* [F5 BIG-IP iRule Documentation](https://support.f5.com/csp/article/K19240)
  - Documentation on **iRules** for customizing traffic handling, load balancing, SSL offloading, and other network-level operations in **F5 BIG-IP LTM**.
* [F5 Knowledge Base](https://support.f5.com/csp/)
* [F5 Knowledge Base](https://support.f5.com/csp/)
  - The official **F5 Knowledge Base** for accessing articles, troubleshooting tips, and frequently asked questions (FAQs) related to **F5 BIG-IP** products.
* [F5 BIG-IP System Performance Monitoring](https://techdocs.f5.com/t/d/s/article/K85011825)
* [F5 BIG-IP System Performance Monitoring](https://techdocs.f5.com/t/d/s/article/K85011825)
  - Information on how to monitor the **performance** of your **F5 BIG-IP LTM** system, including system stats, metrics, and performance tuning guidelines.
* [F5 SSL Offloading Configuration](https://techdocs.f5.com/t/d/s/article/K15153940)
* [F5 SSL Offloading Configuration](https://techdocs.f5.com/t/d/s/article/K15153940)
  - Step-by-step guide for **SSL offloading** using **F5 BIG-IP LTM**, which helps optimize the decryption of HTTPS traffic.
* [F5 iHealth](https://ihealth.f5.com/)
* [F5 iHealth](https://ihealth.f5.com/)
  - A diagnostic tool for **F5 BIG-IP LTM** devices to perform system health checks, collect logs, and get recommendations for system optimization.
* [F5 BIG-IP SSL Certificate Management](https://techdocs.f5.com/t/d/s/article/K11841)
* [F5 BIG-IP SSL Certificate Management](https://techdocs.f5.com/t/d/s/article/K11841)
  - This article provides information on managing **SSL certificates** for **F5 BIG-IP LTM**, including importing, configuring, and troubleshooting SSL certificates.
* [F5 DevCentral Community](https://community.f5.com/)
* [F5 DevCentral Community](https://community.f5.com/)
  - **F5 DevCentral** is an active online community for F5 professionals, offering forums, discussions, and resources about **F5 BIG-IP LTM** configuration, troubleshooting, and best practices.
* [F5 BIG-IP High Availability and Failover Configuration](https://support.f5.com/csp/article/K11897)
* [F5 BIG-IP High Availability and Failover Configuration](https://support.f5.com/csp/article/K11897)
  - An essential guide on setting up **high availability** and **failover** between F5 devices, ensuring reliability and continuous service availability.
* [F5 BIG-IP Latest Release Notes](https://support.f5.com/csp/article/K13008)
* [F5 BIG-IP Latest Release Notes](https://support.f5.com/csp/article/K13008)
  - The **release notes** for **F5 BIG-IP LTM** provide important information about new features, bug fixes, and changes in each software version.
* [F5 BIG-IP iRule Examples and Best Practices](https://devcentral.f5.com/s/articles/best-practices-for-irules-13372)
* [F5 BIG-IP iRule Examples and Best Practices](https://devcentral.f5.com/s/articles/best-practices-for-irules-13372)
  - A helpful resource with practical **iRule examples** and best practices to efficiently handle traffic manipulation and load balancing on F5 devices.


----
----


'''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]'''''
'''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]'''''

Latest revision as of 10:22, 18 February 2026


Return to Wiki Index

CHOOSE PARTITION

Enter tmsh and choose partition : 

tmsh
cd /<PARTITION_NAME>

SHOW VS CONFIG

# show running-config ltm virtual <VS_NAME>
ltm virtual <VS_NAME>_443 {
    destination 1.2.3.4%1094:443
    ip-protocol tcp
    mask 255.255.255.255
    partition LBP3-LBPFM
    pool Pool_<VS_NAME>
    profiles {
        /Common/tcp { }
        clientssl_<VS_NAME> {
            context clientside
        }
        serverssl_<VS_NAME> {
            context serverside
        }
    }
    serverssl-use-sni disabled
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address enabled
    translate-port enabled
    vs-index 147
}

SHOW POOL CONFIG

Show Configuration : 

# show running-config ltm pool <POOL_NAME>
ltm pool <POOL_NAME> {
    members {
        SERVER1:PORT {
            address 1.2.3.4
            session monitor-enabled
            state up
        }
        SERVER2:PORT {
            address 4.3.2.1
            session monitor-enabled
            state up
        }
    }
    monitor /Common/tcp
    partition PARTITION_NAME
}

SHOW POOL STATISTICS

tmsh show ltm pool <POOL_NAME>


SHOW SSL PROFILES

tmsh show sys crypto cert

tmsh show ltm profile client-ssl


SHOW VS CONNECTIONS

tmsh show sys conn cs-server-addr <IP>

Example : 

tmsh show sys conn cs-server-addr <IP> | awk '{print $1}' | cut -d ":" -f1 | sort -u

To get : 

IP SRC cliente      IP VS             Floating VS        IP node
cs-client-addr      cs-server-addr    ss-client-addr     ss-server-addr

Filters & Descriptions

  • cs-client-addr: The (client) source IP address on the clientside of the connection. Subnets are allowed by specifying an optional prefix length up to /24 and /56 for IPv4 and IPv6 respectively.
  • cs-client-port: The (client) source port on the clientside of the connection.
  • cs-server-addr: The (server) destination IP address on the clientside of the connection (i.e. the Virtual Server IP address). Subnets are allowed by specifying an optional prefix length up to /24 and /56 for IPv4 and IPv6 respectively.
  • cs-server-port: The (server) destination port on the clientside of the connection (i.e. the Virtual Server port).
  • ss-client-addr: The (client) source IP address on the serverside of the connection (i.e. the SNAT address).
  • ss-client-port: The (client) source port on the serverside of the connection (i.e. the SNAT port).
  • ss-server-addr: The (server) destination IP address on the serverside of the connection (i.e., the Pool Member address).
  • ss-server-port: The (server) destination port on the serverside of the connection (i.e., the Pool Member port).

SHOW VS LOGS

tail /var/log/ltm | grep <VS_NAME>

The /var/log/ltm will show the time according to the Time Zone configured while the tmsh show sys log ltm will show the UTC time.

SHOW VS STATISTICS

# show ltm virtual <VS_NAME>
--------------------------------------------------------------------

Ltm::Virtual Server: <VS_NAME>

--------------------------------------------------------------------

Status
  Availability     : available
  State            : enabled
  Reason           : The virtual server is available
  CMP              : enabled
  CMP Mode         : all-cpus
  Destination      : 1.2.3.4:443
  PVA Acceleration : none

Traffic                             ClientSide  Ephemeral  General
  Bits In                                26.2G          0        -
  Bits Out                              100.2G          0        -
  Packets In                             10.9M          0        -
  Packets Out                            16.0M          0        -
  Current Connections                        0          0        -
  Maximum Connections                       77          0        -
  Total Connections                       1.7M          0        -
  Evicted Connections                        0          0        -
  Slow Connections Killed                    0          0        -
  Min Conn Duration/msec                     -          -        2
  Max Conn Duration/msec                     -          -     1.8M
  Mean Conn Duration/msec                    -          -        6
  Total Requests                             -          -        0

SYN Cookies
  Status                         not-activated
  Hardware SYN Cookie Instances              0
  Software SYN Cookie Instances              0
  Current SYN Cache                          0
  SYN Cache Overflow                         0
  Total Software                             0
  Total Software Accepted                    0
  Total Software Rejected                    0
  Total Hardware                             0
  Total Hardware Accepted                    0

Message Routing Framework                   In        Out
  Message                                    0          0
  Request                                    0          0
  Response                                   0          0

CPU Usage Ratio (%)
  Last 5 Seconds                             0
  Last 1 Minute                              0
  Last 5 Minutes                             0

Return to Wiki Index

Retrieved from "https://it-arts.net/index.php?title=F5_BIG-IP_-_LTM_Survival_Guide&oldid=1138"