F5 BIG-IP - LTM Survival Guide: Difference between revisions
From IT-Arts.net
| (8 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
'''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]''''' | '''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]''''' | ||
== | == Choose Partition == | ||
=== TMSH Mode === | |||
Enter tmsh and choose partition : | Enter tmsh and choose partition : | ||
| Line 11: | Line 13: | ||
cd /<PARTITION_NAME></nowiki> | cd /<PARTITION_NAME></nowiki> | ||
== | === Linux Mode === | ||
List the partitions with the command : | |||
<nowiki> | |||
tmsh -q -c 'cd /; list net route-domain recursive all'</nowiki> | |||
Note the partition ID you need, then : | |||
<nowiki> | |||
rdsh <PARTITION_ID></nowiki> | |||
== Show VS Config == | |||
<nowiki> | <nowiki> | ||
| Line 40: | Line 55: | ||
}</nowiki> | }</nowiki> | ||
== | == Show Pool Config == | ||
Show Configuration : | Show Configuration : | ||
| Line 62: | Line 77: | ||
}</nowiki> | }</nowiki> | ||
== | == Show Pool Statistics == | ||
<nowiki> | <nowiki> | ||
| Line 68: | Line 83: | ||
== | == Show SSL Profiles == | ||
<nowiki> | <nowiki> | ||
| Line 78: | Line 93: | ||
== | == Show VS Connections == | ||
<nowiki> | <nowiki> | ||
| Line 91: | Line 106: | ||
cs-client-addr cs-server-addr ss-client-addr ss-server-addr</nowiki> | cs-client-addr cs-server-addr ss-client-addr ss-server-addr</nowiki> | ||
=== Filters & | === Filters & Descriptions === | ||
* '''cs-client-addr''': The (client) source IP address on the clientside of the connection. Subnets are allowed by specifying an optional prefix length up to /24 and /56 for IPv4 and IPv6 respectively. | |||
* '''cs-client-port''': The (client) source port on the clientside of the connection. | |||
* '''cs-server-addr''': The (server) destination IP address on the clientside of the connection (i.e. the Virtual Server IP address). Subnets are allowed by specifying an optional prefix length up to /24 and /56 for IPv4 and IPv6 respectively. | |||
* '''cs-server-port''': The (server) destination port on the clientside of the connection (i.e. the Virtual Server port). | |||
* '''ss-client-addr''': The (client) source IP address on the serverside of the connection (i.e. the SNAT address). | |||
* '''ss-client-port''': The (client) source port on the serverside of the connection (i.e. the SNAT port). | |||
* '''ss-server-addr''': The (server) destination IP address on the serverside of the connection (i.e., the Pool Member address). | |||
* '''ss-server-port''': The (server) destination port on the serverside of the connection (i.e., the Pool Member port). | |||
== Show VS Logs == | |||
In Linux mode use tail or cat/zcat command : | |||
<nowiki> | <nowiki> | ||
tail /var/log/ltm | grep <VS_NAME><nowiki> | tail /var/log/ltm | grep <VS_NAME> | ||
cat /var/log/ltm /var/log/ltm.1 | grep <VS_NAME> | |||
zcat /var/log/ltm*.gz | grep <VS_NAME></nowiki> | |||
The /var/log/ltm will show the time according to the Time Zone configured while the tmsh show sys log ltm will show the UTC time. | The /var/log/ltm will show the time according to the Time Zone configured while the tmsh show sys log ltm will show the UTC time. | ||
== Show VS Statistics == | |||
== | |||
<nowiki> | <nowiki> | ||
| Line 173: | Line 184: | ||
Last 5 Seconds 0 | Last 5 Seconds 0 | ||
Last 1 Minute 0 | Last 1 Minute 0 | ||
Last 5 Minutes 0 | Last 5 Minutes 0</nowiki> | ||
== Dump VS Traffic == | |||
Be sure to be in the good partition, and use the tcpdump command. | |||
Eg : | |||
<nowiki> | |||
tcpdump -nni any src or dst 1.2.3.4 and src or dst 5.6.7.8</nowiki> | |||
The backend servers ip/port can be tested with the telnet command. | |||
== | == Usefull Links == | ||
* [F5 BIG-IP LTM Command Line Interface (CLI) Guide](https://my.f5.com/manage/s/article/K40033505) | * [F5 BIG-IP LTM Command Line Interface (CLI) Guide](https://my.f5.com/manage/s/article/K40033505) | ||
* [F5 BIG-IP LTM Troubleshooting and Logs](https://my.f5.com/manage/s/article/K53851362) | * [F5 BIG-IP LTM Troubleshooting and Logs](https://my.f5.com/manage/s/article/K53851362) | ||
* [F5 BIG-IP LTM Configuration Examples](https://my.f5.com/manage/s/article/K28245234) | * [F5 BIG-IP LTM Configuration Examples](https://my.f5.com/manage/s/article/K28245234) | ||
* [F5 BIG-IP iRule Documentation](https://support.f5.com/csp/article/K19240) | * [F5 BIG-IP iRule Documentation](https://support.f5.com/csp/article/K19240) | ||
* [F5 Knowledge Base](https://support.f5.com/csp/) | * [F5 Knowledge Base](https://support.f5.com/csp/) | ||
* [F5 BIG-IP System Performance Monitoring](https://techdocs.f5.com/t/d/s/article/K85011825) | * [F5 BIG-IP System Performance Monitoring](https://techdocs.f5.com/t/d/s/article/K85011825) | ||
* [F5 SSL Offloading Configuration](https://techdocs.f5.com/t/d/s/article/K15153940) | * [F5 SSL Offloading Configuration](https://techdocs.f5.com/t/d/s/article/K15153940) | ||
* [F5 iHealth](https://ihealth.f5.com/) | * [F5 iHealth](https://ihealth.f5.com/) | ||
* [F5 BIG-IP SSL Certificate Management](https://techdocs.f5.com/t/d/s/article/K11841) | * [F5 BIG-IP SSL Certificate Management](https://techdocs.f5.com/t/d/s/article/K11841) | ||
* [F5 DevCentral Community](https://community.f5.com/) | * [F5 DevCentral Community](https://community.f5.com/) | ||
* [F5 BIG-IP High Availability and Failover Configuration](https://support.f5.com/csp/article/K11897) | * [F5 BIG-IP High Availability and Failover Configuration](https://support.f5.com/csp/article/K11897) | ||
* [F5 BIG-IP Latest Release Notes](https://support.f5.com/csp/article/K13008) | * [F5 BIG-IP Latest Release Notes](https://support.f5.com/csp/article/K13008) | ||
* [F5 BIG-IP iRule Examples and Best Practices](https://devcentral.f5.com/s/articles/best-practices-for-irules-13372) | * [F5 BIG-IP iRule Examples and Best Practices](https://devcentral.f5.com/s/articles/best-practices-for-irules-13372) | ||
---- | ---- | ||
'''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]''''' | '''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]''''' | ||
Latest revision as of 11:34, 20 March 2026
Choose Partition
TMSH Mode
Enter tmsh and choose partition :
tmsh cd /<PARTITION_NAME>
Linux Mode
List the partitions with the command :
tmsh -q -c 'cd /; list net route-domain recursive all'
Note the partition ID you need, then :
rdsh <PARTITION_ID>
Show VS Config
# show running-config ltm virtual <VS_NAME>
ltm virtual <VS_NAME>_443 {
destination 1.2.3.4%1094:443
ip-protocol tcp
mask 255.255.255.255
partition LBP3-LBPFM
pool Pool_<VS_NAME>
profiles {
/Common/tcp { }
clientssl_<VS_NAME> {
context clientside
}
serverssl_<VS_NAME> {
context serverside
}
}
serverssl-use-sni disabled
source 0.0.0.0/0
source-address-translation {
type automap
}
translate-address enabled
translate-port enabled
vs-index 147
}
Show Pool Config
Show Configuration :
# show running-config ltm pool <POOL_NAME>
ltm pool <POOL_NAME> {
members {
SERVER1:PORT {
address 1.2.3.4
session monitor-enabled
state up
}
SERVER2:PORT {
address 4.3.2.1
session monitor-enabled
state up
}
}
monitor /Common/tcp
partition PARTITION_NAME
}
Show Pool Statistics
tmsh show ltm pool <POOL_NAME>
Show SSL Profiles
tmsh show sys crypto cert
tmsh show ltm profile client-ssl
Show VS Connections
tmsh show sys conn cs-server-addr <IP>
Example :
tmsh show sys conn cs-server-addr <IP> | awk '{print $1}' | cut -d ":" -f1 | sort -u
To get :
IP SRC cliente IP VS Floating VS IP node cs-client-addr cs-server-addr ss-client-addr ss-server-addr
Filters & Descriptions
- cs-client-addr: The (client) source IP address on the clientside of the connection. Subnets are allowed by specifying an optional prefix length up to /24 and /56 for IPv4 and IPv6 respectively.
- cs-client-port: The (client) source port on the clientside of the connection.
- cs-server-addr: The (server) destination IP address on the clientside of the connection (i.e. the Virtual Server IP address). Subnets are allowed by specifying an optional prefix length up to /24 and /56 for IPv4 and IPv6 respectively.
- cs-server-port: The (server) destination port on the clientside of the connection (i.e. the Virtual Server port).
- ss-client-addr: The (client) source IP address on the serverside of the connection (i.e. the SNAT address).
- ss-client-port: The (client) source port on the serverside of the connection (i.e. the SNAT port).
- ss-server-addr: The (server) destination IP address on the serverside of the connection (i.e., the Pool Member address).
- ss-server-port: The (server) destination port on the serverside of the connection (i.e., the Pool Member port).
Show VS Logs
In Linux mode use tail or cat/zcat command :
tail /var/log/ltm | grep <VS_NAME> cat /var/log/ltm /var/log/ltm.1 | grep <VS_NAME> zcat /var/log/ltm*.gz | grep <VS_NAME>
The /var/log/ltm will show the time according to the Time Zone configured while the tmsh show sys log ltm will show the UTC time.
Show VS Statistics
# show ltm virtual <VS_NAME> -------------------------------------------------------------------- Ltm::Virtual Server: <VS_NAME> -------------------------------------------------------------------- Status Availability : available State : enabled Reason : The virtual server is available CMP : enabled CMP Mode : all-cpus Destination : 1.2.3.4:443 PVA Acceleration : none Traffic ClientSide Ephemeral General Bits In 26.2G 0 - Bits Out 100.2G 0 - Packets In 10.9M 0 - Packets Out 16.0M 0 - Current Connections 0 0 - Maximum Connections 77 0 - Total Connections 1.7M 0 - Evicted Connections 0 0 - Slow Connections Killed 0 0 - Min Conn Duration/msec - - 2 Max Conn Duration/msec - - 1.8M Mean Conn Duration/msec - - 6 Total Requests - - 0 SYN Cookies Status not-activated Hardware SYN Cookie Instances 0 Software SYN Cookie Instances 0 Current SYN Cache 0 SYN Cache Overflow 0 Total Software 0 Total Software Accepted 0 Total Software Rejected 0 Total Hardware 0 Total Hardware Accepted 0 Message Routing Framework In Out Message 0 0 Request 0 0 Response 0 0 CPU Usage Ratio (%) Last 5 Seconds 0 Last 1 Minute 0 Last 5 Minutes 0
Dump VS Traffic
Be sure to be in the good partition, and use the tcpdump command. Eg :
tcpdump -nni any src or dst 1.2.3.4 and src or dst 5.6.7.8
The backend servers ip/port can be tested with the telnet command.
Usefull Links
- [F5 BIG-IP LTM Command Line Interface (CLI) Guide](https://my.f5.com/manage/s/article/K40033505)
- [F5 BIG-IP LTM Troubleshooting and Logs](https://my.f5.com/manage/s/article/K53851362)
- [F5 BIG-IP LTM Configuration Examples](https://my.f5.com/manage/s/article/K28245234)
- [F5 BIG-IP iRule Documentation](https://support.f5.com/csp/article/K19240)
- [F5 Knowledge Base](https://support.f5.com/csp/)
- [F5 BIG-IP System Performance Monitoring](https://techdocs.f5.com/t/d/s/article/K85011825)
- [F5 SSL Offloading Configuration](https://techdocs.f5.com/t/d/s/article/K15153940)
- [F5 iHealth](https://ihealth.f5.com/)
- [F5 BIG-IP SSL Certificate Management](https://techdocs.f5.com/t/d/s/article/K11841)
- [F5 DevCentral Community](https://community.f5.com/)
- [F5 BIG-IP High Availability and Failover Configuration](https://support.f5.com/csp/article/K11897)
- [F5 BIG-IP Latest Release Notes](https://support.f5.com/csp/article/K13008)
- [F5 BIG-IP iRule Examples and Best Practices](https://devcentral.f5.com/s/articles/best-practices-for-irules-13372)
