F5

From KeegansWiki
Jump to navigation Jump to search

Command line utils

tmsh

  • Save config: save sys config partitions all
  • Get tmsh output for parsing: echo "cd /tol; show ltm profile http-compression all" | /usr/bin/tmsh
  • Create node with name 'xxx': create ltm node /ims/xxx { address 1.1.1.1 }
  • Create pool:
tmsh create ltm pool /demo-dashboard/ddsdemo-webapp02-7_http_pool members add { /demo-dashboard/ddsdemo-webapp02-7:80 } monitor http load-balancing-mode observed-node
  • Add member to pool
tmsh modify ltm  pool  /hms/hms_drone_ent_api_sql_pool members add { /hms/hms-ASHDBDRONE04:48040 }
  • Create VS:
tmsh create ltm virtual /demo-dashboard/ddsdemo-web_http_VS { destination 10.93.53.128:80 rules { automap_snat_23_network } \
pool /demo-dashboard/ddsdemo-web_http_pool ip-protocol tcp profiles add { /Common/http } }
  • Create vlans
create net vlan frm_inside interfaces add { trunk_1 { tagged } } tag 570
  • Create Self Ips:
tmsh create net self 10.93.93.$SELF { address 10.93.93.$SELF/24 allow-service all traffic-group traffic-group-local-only vlan frm_inside_beta }
tmsh create net self 10.93.93.$FLOAT { address 10.93.93.$FLOAT/24 allow-service all vlan frm_inside_beta traffic-group traffic-group-3
  • Get virtual address info with traffic groups
ltm virtual-address 
show running-config /lme/* one-line
  • Get Profile Statistics
tmsh show ltm profile http-compression /tol/tol-http-min-compression-win
show ltm profile http-compression all

bigpipe

Delete pool

b pool foo_pool delete

Saving configs

  • use bigpipe load if you make a manual change to the config
  • use bigpipe save if you use the bigpipe command to make changes

tcpdump

tcpdump -ni tol_dmz host 10.93.66.8 and host 10.93.66.26 and icmp

Move VS to new TG

Note: virtual address and partition must be on the same TG to hit VS

  • Update partition to point to new TG
  • Update each Virtual Address to point to new TG
    • tmsh modify ltm virtual-address /hack/10.92.254.20 traffic-group traffic-group-1
  • Update floating IP to use new TG


Add new Parititon

  • Systems > users > Partition List

Setup F5 VE

  • username: root, password: default
  • to change the ip, run 'config' at the command line

Adding new Subnet to the Ashburn F5

Create the Vlan

  • go to Network -> VLANs on the left, then click Create
  • Scroll down to the last Available Interface (P6506-1_T1), move it to tagged

Add Self IP

  • go to Self IPs on the left, click Create
  • Assign IP based off first 3 octets, eg 10.251.28.7, add apropriate netmask
  • Select new vlan from list
  • Repeat for 10.251.28.9
    • Select Floating IP, then Unit ID 1

Create Node

  • Name EG_INSIDE_fw_gw
  • IP 10.251.28.1

Create Pool

  • Name EG_INSIDE_fw_gw_pool
  • Add gateway_icmp health check
  • Add newly created node
  • Port is All Services

Create VS

  • Name EG_INSIDE_fw_gw_fvs
  • Type Network
    • Both address and mask are 0.0.0.0
  • Type is Layer 4
  • All ports
  • Protocol is All
  • Chose vlan created in step 1

Issues

Unable to sync

  • One of our active LTMs was unable to receive syncs. Evidently best practice dictates not syncing to active HA members. TO resolve this, I was able to force the ltm to standby, and that worked. However, F5 support says to clear the mcpd database if that doesn't work in the future, along with rebooting. rm -f /var/db/mcp*. KB SOl 13030.

As an alternative:

  • touch /service/mcpd/forceload; reboot

These are safe to do as long as the ltm is not processing traffic.


Support

  • Open a case for the ltm VE: system > license > reactivate, use the last section of the base registration key as the serial number for support.

AOM

  • ssh as root to the config, then ssh aom
  • cat > /etc/config/eth0.conf
dhcp=no
address=10.93.120.47
netmask=255.255.255.0
broadcast=10.93.120.255
gateway=10.93.120.1    
nameserver=10.93.7.20
  • /etc/init.d/network reload
  • ssh to the aom ip, then run hostconsch to log in to the console