F5 BIG-IP - LTM Survival Guide: Difference between revisions

Return to Wiki Index

Enter tmsh and choose partition :

tmsh
cd /<PARTITION_NAME>

# show running-config ltm virtual <VS_NAME>
ltm virtual <VS_NAME>_443 {
    destination 1.2.3.4%1094:443
    ip-protocol tcp
    mask 255.255.255.255
    partition LBP3-LBPFM
    pool Pool_<VS_NAME>
    profiles {
        /Common/tcp { }
        clientssl_<VS_NAME> {
            context clientside
        }
        serverssl_<VS_NAME> {
            context serverside
        }
    }
    serverssl-use-sni disabled
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address enabled
    translate-port enabled
    vs-index 147
}

Show Configuration :

# show running-config ltm pool <POOL_NAME>
ltm pool <POOL_NAME> {
    members {
        SERVER1:PORT {
            address 1.2.3.4
            session monitor-enabled
            state up
        }
        SERVER2:PORT {
            address 4.3.2.1
            session monitor-enabled
            state up
        }
    }
    monitor /Common/tcp
    partition PARTITION_NAME
}

tmsh show ltm pool <POOL_NAME>

tmsh show sys crypto cert

tmsh show ltm profile client-ssl

tmsh show sys conn cs-server-addr <IP>

Example :

tmsh show sys conn cs-server-addr <IP> | awk '{print $1}' | cut -d ":" -f1 | sort -u

To get :

IP SRC cliente      IP VS             Floating VS        IP node
cs-client-addr      cs-server-addr    ss-client-addr     ss-server-addr

• cs-client-addr: The (client) source IP address on the clientside of the connection. Subnets are allowed by specifying an optional prefix length up to /24 and /56 for IPv4 and IPv6 respectively.
• cs-client-port: The (client) source port on the clientside of the connection.
• cs-server-addr: The (server) destination IP address on the clientside of the connection (i.e. the Virtual Server IP address). Subnets are allowed by specifying an optional prefix length up to /24 and /56 for IPv4 and IPv6 respectively.
• cs-server-port: The (server) destination port on the clientside of the connection (i.e. the Virtual Server port).
• ss-client-addr: The (client) source IP address on the serverside of the connection (i.e. the SNAT address).
• ss-client-port: The (client) source port on the serverside of the connection (i.e. the SNAT port).
• ss-server-addr: The (server) destination IP address on the serverside of the connection (i.e., the Pool Member address).
• ss-server-port: The (server) destination port on the serverside of the connection (i.e., the Pool Member port).

tail /var/log/ltm | grep <VS_NAME>

The /var/log/ltm will show the time according to the Time Zone configured while the tmsh show sys log ltm will show the UTC time.

# show ltm virtual <VS_NAME>
--------------------------------------------------------------------

Ltm::Virtual Server: <VS_NAME>

--------------------------------------------------------------------

Status
  Availability     : available
  State            : enabled
  Reason           : The virtual server is available
  CMP              : enabled
  CMP Mode         : all-cpus
  Destination      : 1.2.3.4:443
  PVA Acceleration : none

Traffic                             ClientSide  Ephemeral  General
  Bits In                                26.2G          0        -
  Bits Out                              100.2G          0        -
  Packets In                             10.9M          0        -
  Packets Out                            16.0M          0        -
  Current Connections                        0          0        -
  Maximum Connections                       77          0        -
  Total Connections                       1.7M          0        -
  Evicted Connections                        0          0        -
  Slow Connections Killed                    0          0        -
  Min Conn Duration/msec                     -          -        2
  Max Conn Duration/msec                     -          -     1.8M
  Mean Conn Duration/msec                    -          -        6
  Total Requests                             -          -        0

SYN Cookies
  Status                         not-activated
  Hardware SYN Cookie Instances              0
  Software SYN Cookie Instances              0
  Current SYN Cache                          0
  SYN Cache Overflow                         0
  Total Software                             0
  Total Software Accepted                    0
  Total Software Rejected                    0
  Total Hardware                             0
  Total Hardware Accepted                    0

Message Routing Framework                   In        Out
  Message                                    0          0
  Request                                    0          0
  Response                                   0          0

CPU Usage Ratio (%)
  Last 5 Seconds                             0
  Last 1 Minute                              0
  Last 5 Minutes                             0

• [F5 BIG-IP LTM Command Line Interface (CLI) Guide](https://my.f5.com/manage/s/article/K40033505)
• [F5 BIG-IP LTM Troubleshooting and Logs](https://my.f5.com/manage/s/article/K53851362)
• [F5 BIG-IP LTM Configuration Examples](https://my.f5.com/manage/s/article/K28245234)
• [F5 BIG-IP iRule Documentation](https://support.f5.com/csp/article/K19240)
• [F5 Knowledge Base](https://support.f5.com/csp/)
• [F5 BIG-IP System Performance Monitoring](https://techdocs.f5.com/t/d/s/article/K85011825)
• [F5 SSL Offloading Configuration](https://techdocs.f5.com/t/d/s/article/K15153940)
• [F5 iHealth](https://ihealth.f5.com/)
• [F5 BIG-IP SSL Certificate Management](https://techdocs.f5.com/t/d/s/article/K11841)
• [F5 DevCentral Community](https://community.f5.com/)
• [F5 BIG-IP High Availability and Failover Configuration](https://support.f5.com/csp/article/K11897)
• [F5 BIG-IP Latest Release Notes](https://support.f5.com/csp/article/K13008)
• [F5 BIG-IP iRule Examples and Best Practices](https://devcentral.f5.com/s/articles/best-practices-for-irules-13372)

Return to Wiki Index