F5 BIG-IP - LTM Survival Guide
From IT-Arts.net
CHOOSE PARTITION
Enter tmsh and choose partition :
tmsh cd /<PARTITION_NAME>
SHOW VS CONFIG
# show running-config ltm virtual <VS_NAME>
ltm virtual <VS_NAME>_443 {
destination 1.2.3.4%1094:443
ip-protocol tcp
mask 255.255.255.255
partition LBP3-LBPFM
pool Pool_<VS_NAME>
profiles {
/Common/tcp { }
clientssl_<VS_NAME> {
context clientside
}
serverssl_<VS_NAME> {
context serverside
}
}
serverssl-use-sni disabled
source 0.0.0.0/0
source-address-translation {
type automap
}
translate-address enabled
translate-port enabled
vs-index 147
}
== SHOW POOL CONFIG ==
Show Configuration :
<nowiki>
# show running-config ltm pool <POOL_NAME>
ltm pool <POOL_NAME> {
members {
SERVER1:PORT {
address 1.2.3.4
session monitor-enabled
state up
}
SERVER2:PORT {
address 4.3.2.1
session monitor-enabled
state up
}
}
monitor /Common/tcp
partition PARTITION_NAME
}
== SHOW POOL STATISTICS ==
<nowiki>
tmsh show ltm pool <POOL_NAME>
SHOW SSL PROFILES
tmsh show sys crypto cert
tmsh show ltm profile client-ssl
SHOW VS CONNECTIONS
tmsh show sys conn cs-server-addr <IP>
Example :
tmsh show sys conn cs-server-addr <IP> | awk '{print $1}' | cut -d ":" -f1 | sort -u
To get :
IP SRC cliente IP VS Floating VS IP node cs-client-addr cs-server-addr ss-client-addr ss-server-addr
- Filter # Description
- cs-client-addr
- The (client) source IP address on the clientside of the connection. Subnets are allowed by specifying an optional prefix length up to /24 and /56 for IPv4 and IPv6 respectively.
- cs-client-port
- The (client) source port on the clientside of the connection
- cs-server-addr
- The (server) destination IP address on the clientside of the connection (i.e. the Virtual Server IP address). Subnets are allowed by specifying an optional prefix length up to /24 and /56 for IPv4 and IPv6 respectively.
- cs-server-port
- The (server) destination port on the clientside of the connection (i.e. the Virtual Server port)
- ss-client-addr
- The (client) source IP address on the serverside of the connection (i.e. the SNAT address)
- ss-client-port
- The (client) source port on the serverside of the connection (i.e. the SNAT port)
- ss-server-addr
- The (server) destination IP address on the serverside of the connection (i.e., the Pool Member address)
- ss-server-port
- The (server) destination port on the serverside of the connection (i.e., the Pool Member port)
SHOW VS LOGS
<nowiki>
tail /var/log/ltm | grep <VS_NAME><nowiki>
The /var/log/ltm will show the time according to the Time Zone configured while the tmsh show sys log ltm will show the UTC time.
SHOW VS STATISTICS
<nowiki>
- show ltm virtual <VS_NAME>
Ltm::Virtual Server: <VS_NAME>
Status
Availability : available State : enabled Reason : The virtual server is available CMP : enabled CMP Mode : all-cpus Destination : 1.2.3.4:443 PVA Acceleration : none
Traffic ClientSide Ephemeral General
Bits In 26.2G 0 - Bits Out 100.2G 0 - Packets In 10.9M 0 - Packets Out 16.0M 0 - Current Connections 0 0 - Maximum Connections 77 0 - Total Connections 1.7M 0 - Evicted Connections 0 0 - Slow Connections Killed 0 0 - Min Conn Duration/msec - - 2 Max Conn Duration/msec - - 1.8M Mean Conn Duration/msec - - 6 Total Requests - - 0
SYN Cookies
Status not-activated Hardware SYN Cookie Instances 0 Software SYN Cookie Instances 0 Current SYN Cache 0 SYN Cache Overflow 0 Total Software 0 Total Software Accepted 0 Total Software Rejected 0 Total Hardware 0 Total Hardware Accepted 0
Message Routing Framework In Out
Message 0 0 Request 0 0 Response 0 0
CPU Usage Ratio (%)
Last 5 Seconds 0 Last 1 Minute 0 Last 5 Minutes 0
USEFUL LINKS
- [F5 BIG-IP LTM Command Line Interface (CLI) Guide](https://my.f5.com/manage/s/article/K40033505)
- This guide provides an overview of **F5 BIG-IP LTM CLI commands** and their usage, ideal for network administrators working with F5 load balancers.
- [F5 BIG-IP LTM Troubleshooting and Logs](https://my.f5.com/manage/s/article/K53851362)
- A detailed article covering various **troubleshooting techniques** for F5 BIG-IP LTM, including analyzing logs, inspecting performance statistics, and diagnosing issues.
- [F5 BIG-IP LTM Configuration Examples](https://my.f5.com/manage/s/article/K28245234)
- A collection of useful **configuration examples** for **F5 BIG-IP LTM**. This includes virtual server, pool, SSL, and other common configuration scenarios.
- [F5 BIG-IP iRule Documentation](https://support.f5.com/csp/article/K19240)
- Documentation on **iRules** for customizing traffic handling, load balancing, SSL offloading, and other network-level operations in **F5 BIG-IP LTM**.
- [F5 Knowledge Base](https://support.f5.com/csp/)
- The official **F5 Knowledge Base** for accessing articles, troubleshooting tips, and frequently asked questions (FAQs) related to **F5 BIG-IP** products.
- [F5 BIG-IP System Performance Monitoring](https://techdocs.f5.com/t/d/s/article/K85011825)
- Information on how to monitor the **performance** of your **F5 BIG-IP LTM** system, including system stats, metrics, and performance tuning guidelines.
- [F5 SSL Offloading Configuration](https://techdocs.f5.com/t/d/s/article/K15153940)
- Step-by-step guide for **SSL offloading** using **F5 BIG-IP LTM**, which helps optimize the decryption of HTTPS traffic.
- [F5 iHealth](https://ihealth.f5.com/)
- A diagnostic tool for **F5 BIG-IP LTM** devices to perform system health checks, collect logs, and get recommendations for system optimization.
- [F5 BIG-IP SSL Certificate Management](https://techdocs.f5.com/t/d/s/article/K11841)
- This article provides information on managing **SSL certificates** for **F5 BIG-IP LTM**, including importing, configuring, and troubleshooting SSL certificates.
- [F5 DevCentral Community](https://community.f5.com/)
- **F5 DevCentral** is an active online community for F5 professionals, offering forums, discussions, and resources about **F5 BIG-IP LTM** configuration, troubleshooting, and best practices.
- [F5 BIG-IP High Availability and Failover Configuration](https://support.f5.com/csp/article/K11897)
- An essential guide on setting up **high availability** and **failover** between F5 devices, ensuring reliability and continuous service availability.
- [F5 BIG-IP Latest Release Notes](https://support.f5.com/csp/article/K13008)
- The **release notes** for **F5 BIG-IP LTM** provide important information about new features, bug fixes, and changes in each software version.
- [F5 BIG-IP iRule Examples and Best Practices](https://devcentral.f5.com/s/articles/best-practices-for-irules-13372)
- A helpful resource with practical **iRule examples** and best practices to efficiently handle traffic manipulation and load balancing on F5 devices.
