Difference between revisions of "F5"
Jump to navigation
Jump to search
(→tmsh) |
(→tmsh) |
||
(4 intermediate revisions by the same user not shown) | |||
Line 6: | Line 6: | ||
* Create pool: | * Create pool: | ||
tmsh create ltm pool /demo-dashboard/ddsdemo-webapp02-7_http_pool members add { /demo-dashboard/ddsdemo-webapp02-7:80 } monitor http load-balancing-mode observed-node | tmsh create ltm pool /demo-dashboard/ddsdemo-webapp02-7_http_pool members add { /demo-dashboard/ddsdemo-webapp02-7:80 } monitor http load-balancing-mode observed-node | ||
+ | * Add member to pool | ||
+ | tmsh modify ltm pool /hms/hms_drone_ent_api_sql_pool members add { /hms/hms-ASHDBDRONE04:48040 } | ||
* Create VS: | * Create VS: | ||
tmsh create ltm virtual /demo-dashboard/ddsdemo-web_http_VS { destination 10.93.53.128:80 rules { automap_snat_23_network } \ | tmsh create ltm virtual /demo-dashboard/ddsdemo-web_http_VS { destination 10.93.53.128:80 rules { automap_snat_23_network } \ | ||
Line 31: | Line 33: | ||
* use ''bigpipe load'' if you make a manual change to the config | * use ''bigpipe load'' if you make a manual change to the config | ||
* use ''bigpipe save'' if you use the bigpipe command to make changes | * use ''bigpipe save'' if you use the bigpipe command to make changes | ||
+ | ==tcpdump== | ||
+ | tcpdump -ni tol_dmz host 10.93.66.8 and host 10.93.66.26 and icmp | ||
+ | |||
+ | =Move VS to new TG= | ||
+ | Note: virtual address and partition must be on the same TG to hit VS | ||
+ | * Update partition to point to new TG | ||
+ | * Update each Virtual Address to point to new TG | ||
+ | ** tmsh modify ltm virtual-address /hack/10.92.254.20 traffic-group traffic-group-1 | ||
+ | * Update floating IP to use new TG | ||
+ | |||
=Add new Parititon= | =Add new Parititon= | ||
Line 67: | Line 79: | ||
==Unable to sync== | ==Unable to sync== | ||
* One of our active LTMs was unable to receive syncs. Evidently best practice dictates not syncing to active HA members. TO resolve this, I was able to force the ltm to standby, and that worked. However, F5 support says to clear the mcpd database if that doesn't work in the future, along with rebooting. '''rm -f /var/db/mcp*'''. KB SOl 13030. | * One of our active LTMs was unable to receive syncs. Evidently best practice dictates not syncing to active HA members. TO resolve this, I was able to force the ltm to standby, and that worked. However, F5 support says to clear the mcpd database if that doesn't work in the future, along with rebooting. '''rm -f /var/db/mcp*'''. KB SOl 13030. | ||
+ | As an alternative: | ||
+ | * touch /service/mcpd/forceload; reboot | ||
+ | These are safe to do as long as the ltm is not processing traffic. | ||
+ | |||
+ | |||
=Support= | =Support= |
Latest revision as of 10:03, 7 January 2015
Command line utils
tmsh
- Save config: save sys config partitions all
- Get tmsh output for parsing: echo "cd /tol; show ltm profile http-compression all" | /usr/bin/tmsh
- Create node with name 'xxx': create ltm node /ims/xxx { address 1.1.1.1 }
- Create pool:
tmsh create ltm pool /demo-dashboard/ddsdemo-webapp02-7_http_pool members add { /demo-dashboard/ddsdemo-webapp02-7:80 } monitor http load-balancing-mode observed-node
- Add member to pool
tmsh modify ltm pool /hms/hms_drone_ent_api_sql_pool members add { /hms/hms-ASHDBDRONE04:48040 }
- Create VS:
tmsh create ltm virtual /demo-dashboard/ddsdemo-web_http_VS { destination 10.93.53.128:80 rules { automap_snat_23_network } \ pool /demo-dashboard/ddsdemo-web_http_pool ip-protocol tcp profiles add { /Common/http } }
- Create vlans
create net vlan frm_inside interfaces add { trunk_1 { tagged } } tag 570
- Create Self Ips:
tmsh create net self 10.93.93.$SELF { address 10.93.93.$SELF/24 allow-service all traffic-group traffic-group-local-only vlan frm_inside_beta } tmsh create net self 10.93.93.$FLOAT { address 10.93.93.$FLOAT/24 allow-service all vlan frm_inside_beta traffic-group traffic-group-3
- Get virtual address info with traffic groups
ltm virtual-address show running-config /lme/* one-line
- Get Profile Statistics
tmsh show ltm profile http-compression /tol/tol-http-min-compression-win show ltm profile http-compression all
bigpipe
Delete pool
b pool foo_pool delete
Saving configs
- use bigpipe load if you make a manual change to the config
- use bigpipe save if you use the bigpipe command to make changes
tcpdump
tcpdump -ni tol_dmz host 10.93.66.8 and host 10.93.66.26 and icmp
Move VS to new TG
Note: virtual address and partition must be on the same TG to hit VS
- Update partition to point to new TG
- Update each Virtual Address to point to new TG
- tmsh modify ltm virtual-address /hack/10.92.254.20 traffic-group traffic-group-1
- Update floating IP to use new TG
Add new Parititon
- Systems > users > Partition List
Setup F5 VE
- username: root, password: default
- to change the ip, run 'config' at the command line
Adding new Subnet to the Ashburn F5
Create the Vlan
- go to Network -> VLANs on the left, then click Create
- Scroll down to the last Available Interface (P6506-1_T1), move it to tagged
Add Self IP
- go to Self IPs on the left, click Create
- Assign IP based off first 3 octets, eg 10.251.28.7, add apropriate netmask
- Select new vlan from list
- Repeat for 10.251.28.9
- Select Floating IP, then Unit ID 1
Create Node
- Name EG_INSIDE_fw_gw
- IP 10.251.28.1
Create Pool
- Name EG_INSIDE_fw_gw_pool
- Add gateway_icmp health check
- Add newly created node
- Port is All Services
Create VS
- Name EG_INSIDE_fw_gw_fvs
- Type Network
- Both address and mask are 0.0.0.0
- Type is Layer 4
- All ports
- Protocol is All
- Chose vlan created in step 1
Issues
Unable to sync
- One of our active LTMs was unable to receive syncs. Evidently best practice dictates not syncing to active HA members. TO resolve this, I was able to force the ltm to standby, and that worked. However, F5 support says to clear the mcpd database if that doesn't work in the future, along with rebooting. rm -f /var/db/mcp*. KB SOl 13030.
As an alternative:
- touch /service/mcpd/forceload; reboot
These are safe to do as long as the ltm is not processing traffic.
Support
- Open a case for the ltm VE: system > license > reactivate, use the last section of the base registration key as the serial number for support.
AOM
- ssh as root to the config, then ssh aom
- cat > /etc/config/eth0.conf
dhcp=no address=10.93.120.47 netmask=255.255.255.0 broadcast=10.93.120.255 gateway=10.93.120.1 nameserver=10.93.7.20
- /etc/init.d/network reload
- ssh to the aom ip, then run hostconsch to log in to the console