for the recent log check bigd -> cat bigd and for version its ltm

to check for specifc ip ->cat bigd | grep <ip adress>

to check logs which are zipped gunzip -cd<file name>
to check logs which are zipped with specifc ip address
-> gunzip -cd<file name> | grep <ip address>
too check the config from the last 1000 lines
tail -1000 bigd | grep 139.149.78.156
to check interface status --> ifconfig -a
to view routes ->vi /config/static_routes
route add -hostz.z.z.z -gateway X.X.X.X
route add -hosty.y.y.y -gateway X.X.X.X
The above is to add a host and send the packets related to that host to the gate
way
route add -netx.x.x.x -netmask 255.255.255.0 -gateway y.y.y.y
The above command is to add a network to the loadblancer as a static route and w
hich will redirect the traffic from the network to the gateway
To view the routing
route get -netx.x.x.x -netmask 255.255.255.0
to delete the network static route
route delete -net x.x.x.x -netmask 255.255.255.0 -gateway y.y.y.y
to delete the host from the static route
route delete -hostx.x.x.x -gateway x.x.x.x
bigstart reinit static-routes - to reinitialize the static routes
bigpipe failover standby - to send the bigpipe to standbay
bigpipe failover failback - to active it again
b version ->version of the big ip
switchboot -l -> to check the partitions loaded on the bigip
to upgrade or downgrade : im local-install-9.4.5-1049.10.im -> this command to b
e run from the local root folder ( /var/temp/local)
cpu bigip - to check the cpu utlisation
bigpipe memory - displays memory usage and allocation statistics for TMM
bigpipe global -> by using grep command we find the required output
Check interface statistics and erorrs from a Linux perspective using the netstat
command as follows; netstat -i

df -k -> to check the var partitions

to check global services : b global show
to check whehter corba ports are enabled or not : b global open_corba_ports enab
le ( this will enable the ports )

To start bigd again

bigstart reinit bigd
bigstart shutdown bigd
bigstart start bigd
bigstart restart big3d
To check the process of the bigd daemon
ps -auxwww | grep bigd
Common Commands
ifconfig -a
uname -a
[ Reflects the system version ]
bigpipe list
[ Reflects the bigip configuration ]
vmstat -m
df -k
[ shows the amount of disk space available ]
top
[ shows the memory , cpu , pid info ]
cpu bigip
bigpipe ms
bigstart status bigd
[ shows the status of bigd daemon ]
\
[ the '\' at the end of any statement will make th
e device wait for the execution ]
ifconfig -a
[ interface address family ]
b config sync show
[ shows config sync status and time last change made
V9 only ]
diff /config/bigip.conf /config/bigip.conf.bak | more
Usage: tcpdump [-adeflnNOpqRStuvxX] [ -c count ] [ -C file_size ]
[ -F file ] [ -i interface ] [ -r file ] [ -s snaplen ]
[ -T type ] [ -U user ] [ -w file ] [ -E algo:secret ] [ express
ion ]

__________________________________________
Helpful commands on BIG-IP v4.5.13 device
__________________________________________
Monitor:
b monitor srini '{use "http" interval 15 timeout 31 dest *:* send "GET /" recv "
"}'
---> V4 monitor creation command
Pool:
b pool srini {member x.x.x.x:yy member x.x.x.x:yy persist simple simple_timeout

3600 } ---> V4 pool creation command

b pool srini add { member x.x.x.x:yy }
b pool srini delete { member x.x.x.x:yy }
---> deletes the node from the pool n config if used in any other pools
Node:
b node x.x.x.x:yy z.z.z.z:rr monitor use tcp and OBS_9996
---> multiple nodes and monitor association command
b node x.x.x.x:yy monitor delete
---> deletes all monitor associations for the node instance
b node x.x.x.x:yy monitor show
---> shows the monitor configuration
b snat { vlan name to XXXX} - to do a snat to a particular vlan
______________________________________________
Helpful commands on BIG-IP v-9.4.5.1049 device
______________________________________________
bigpipe config save <filename> -> to create ucs file
b platform - to check platform details
b failover standby
b failover failback
b vlan all show all -> to check the interface and vlan details
bigpipe unit - unit pair id
bigpipe unit peer - peer pair id
b ha table - high availibility table master
b ha table peer - ha table for peer
bigpipe vlan failsafe - failsafe settings
bigpipe vlan - vlan settings
b interface show - interface settings
uptime / b failover show -> shows the up time
bigpipe
bigpipe
bigpipe
bigpipe

ntp
ntp
ntp
ntp

servers
servers
servers
servers

x.x.x.x add
show
none ( deletes all ntp servers)
x.x.x.x delete to delete on particular ntp server

service that works with ntp on the ltm is ntpd , to check the service ntpd -np
b virtual V_IP_Port_P-Businessname { destination x.x.x.x:yy pool <name> ip proto
col tcp }
/* vip ip creation with protocol 'standard' */
b virtual V_IP_Port_P-Businessname { persist
<persist profile name> }
/* adding persistence to a vip ip */
b virtual V_IP_Port_P-Businessname { fallback persist <persist profile name> }
/* adding fallback persistence to a vip ip */
b pool srini member x.x.x.x:yy monitor tcp
[ for node level monitor applicaton ]
b pool srini monitor all tcp
[ for pool level monitor applicaton ]

b pool srini member x.x.x.x:yy monitor show

[ to see the monitor applied on individual node ]
b node x.x.x.x monitor <monitor1> and <monitor2>
/* adding multiple monitors specific to nodes */
b node x.x.x.x monitor none
/* removing all monitors associated with the specific node */
b node x.x.x.x:yy monitor show
/* shows the monitor config on the particular node */
b monitor M_businessname_port '{ defaults from tcp dest *:yy send "" recv "" }'
/* custom monitor creation */
b proxy '10.105.176.214:443 {target virtual 10.105.176.214:12910 clientssl enabl
e
clientssl key Brk14-AdminTools-App-Webservice.GBEB2B.com.key
clientssl cert Brk14-AdminTools-App-Webservice.GBEB2B.com.crt
clientssl ca file intermediate.crt
}'
bigpipe config install <ucs file name> -> command to install the ucs file
tcpdump -s0 -ni 2.2 -ne -w /var/tmp/C728098_nodedown.pcap host 10.100.20.78 - t
cp on specific interface
( to install proxy)
SCP commands from f5 to ftp server / bashnd host
scp -p /var/tmp/osondemand.ordnancesurvey.co.uk.key mss-india@202.3.75.22:/mss/o
sondemand.ordnancesurvey.co.uk.key
To copy fom bigip from whoc to whoc
scp root@prsn-lo2-bigip-02:/var/tmp/prsn-lo2-bigip-02.coe.prsn-sccp-logs.tar.gz
prsn-lo2-bigip-02.coe.prsn-sccp-logs.tar.gz
echo $[(`date +%s` - `ls -l --time-style +%s /var/log/ksyms.0 | awk '{print $6}'
`) / 86400] -> to check how many days the bigip is up and running because after
497 days it start behaving werid
nice -n 19 qkview to run the command on the low process on the bigip
_____________________________________________________
Helpful commands on BIG-IP v-9.3.0.178.0smp #2 device
_____________________________________________________
b pool <name> member x.x.x.x:yy monitor none
b monitor inet_mon_http_prod_aspx '{defaults from http interval 5 timeout 16 des
t *:* send "GET /monitor/bigipchk.aspx" recv "I am" }'
find / -name <text> to find the location of a file on unix
--------------------------------------------------------------------------------------------------------To allow subnets/ ip to access via gui ... need to edit httpd.conf file and add
the file

in the area where it says" allowed from xxxx"..and make changes where ever they
are in
----------------------------------------------------------------------------------------------------------------------------------------------------------http redirect rewrite all...
This feature is help full when the client to bigip connection is on
igip off loads the ssl connections -> initaites a new connectins to
tp -> server redirects to an another page with http -> then for the
to be sucessfull we need to have http redirect rewrite all on that

a https -> b
server in ht
connections
vip .

================================================================================
==========================
useful kb artciles.
https://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/ar
ticleId/353/v10--A-Look-at-Route-Domains.aspx -> route domains
https://support.f5.com/kb/en-us/solutions/public/1000/800/sol1858.html ---> runn
in Qkview
https://support.f5.com/kb/en-us/solutions/public/4000/800/sol4816.html ---> Usin
g the X-Forwarded-For HTTP header to preserve the original client IP address for
traffic translated by a SNAT
https://support.f5.com/kb/en-us/solutions/public/1000/800/sol1819.html ----> thi
s is for b config sync issues
https://support.f5.com/kb/en-us/solutions/public/3000/100/sol3169.html ---> Cre
ating an iRule that takes action upon an HTTP server response code
https://support.f5.com/kb/en-us/solutions/public/9000/800/sol9800.html ---> Usin
g an iRule to load balance HTTP requests to multiple pools
https://support.f5.com/kb/en-us/solutions/public/7000/200/sol7208.html ---> Over
view of the OneConnect profile
https://support.f5.com/kb/en-us/solutions/public/0000/100/sol175.html ---> Tran
sferring files to or from an F5 Networks system
https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10770.html ---> Th
e BIG-IP Configuration utility may render slowly when using recent versions of t
he Firefox browser
https://support.f5.com/kb/en-us/solutions/public/9000/500/sol9588.html ---> Erro
r Message: httpd: [error] server reached MaxClients setting
https://support.f5.com/kb/en-us/solutions/public/3000/000/sol3062.html ---> Usin
g SSL (Session ID) persistence ( http://support.microsoft.com/kb/265369 )
https://support.f5.com/kb/en-us/solutions/public/2000/200/sol2246.html?sr=934714
1 - tcp dump
SOL411: Overview of packet tracing with the tcpdump utility
https://support.f5.com/kb/en-us/solutions/public/0000/400/sol411.html?sr=9347093
SOL1893: Packet trace analysis
https://support.f5.com/kb/en-us/solutions/public/1000/800/sol1893.html?sr=934711
7
SOL1700: Saving large tcpdump packet traces when disk space is limited
https://support.f5.com/kb/en-us/solutions/public/1000/700/sol1700.html?sr=934718
5
http://support.f5.com/kb/en-us/solutions/public/7000/500/sol7595.html
http://support.f5.com/kb/en-us/solutions/public/2000/200/sol2211.html?sr=1469615
0 --> when a failover on the front end facing firwall bigip still redirects traf
fic to the old mac address. this can be cleared by "b connection x.x.x.x delete"
which will resend the traffic to the new mac getting learnt
https://support.f5.com/kb/en-us/solutions/public/7000/500/sol7532.html?sr=847164
->> https health monitor to user client certificate

http://support.f5.com/kb/en-us/solutions/public/11000/400/sol11438.html?sr=21671
598 ->> to create a csc with alternative name
===========================================================
F5 Build
scp <root>@<device name> <source file> <destination file>
services level :
-----------------bistart list
bigstart restart - restarts all serv if one service then issue bigstart restart
xxx (service name )s
bigstart start
bigstart stop
bigstart status -> status information of srv
bigstart memstat -> mem status of the srv
b nat xxxx to yyyyy
addning subnet to ospf
ip route 14.64.227.0 255.255.255.0 Vlan519 139.149.219.124 name SLB-VIP-pool
ip prefix-list TO-OSPF seq 30 permit 14.64.227.0/24
http://ragreport.localnet/wiki/index.php/BuildGuides
===============================================================================
TO check if the ecv monitor is returing to the hosted on which its configured
==============================================================================
echo -ne "GET XXXXXX" | nc 10.101.38.1 80 ---> to chek the ecv monitor
================================================================================
To monitor live traffic on a vip :
watch -d 'b virtual XXXXX show all'
To monitor live traffic on a pool
watch -d 'b pool XXXXX show all'
===============================================================
to check if the box is up from the full_box_reboot:
nedd to check as below
ssh sccp
uptime -> this gives the uptime
===============================================================
F5 contact : 0870 77 44 655
3dns port 3454
==================================================================
how to exit from tmos to config mode
-->>run util bash
=============================================================================
tcp dump usefull commands

tcpdump -i internal_virt -nnvvXSs 1514 host 192.168.230.150 and host 192.168.23

0.129
tcpdump -i internal_virt -nnvvXSs 1514 host 192.168.230.150 and host 192.168.23
0.129
sudo tcpdump -i internal_virt -n -s 0 -w - | grep -a -o -E "Host\: .*|GET \/.*"
tcpdump -i internal_virt -n -s 0 -w host 192.168.230.150 and host 192.168.230.12
9
tcpdump -n -i internal_virt -s0 -X -l -c 30 host 192.168.230.129 and host 192.16
8.230.150 and port 80
====================================================================
ssl dump
====================================================================
ssldump -A -d -k <key file> -n -i <capture VLAN> <traffic expression>
-A
Print all fields
-d
Show application data when private key is provided via -k
-k
Private key file, found in /config/ssl/ssl.key/; the key file can be loc
ated under client SSL profile
-n
Do not try to resolve PTR records for IP addresses
-i
The capture VLAN name is the ingres VLAN for the TLS traffic
========================================================
how to over come ssl 3 way handshake bug
SSL bug
rule edx_ssl_renegotiation_rule {
when CLIENT_ACCEPTED {
## initialize TLS/SSL handshake count for this connection
set sslhandshakecount 0
}
when CLIENTSSL_HANDSHAKE priority 1 {
## a handshake just occurred
incr sslhandshakecount
## is this the first handshake in this connection?
if { $sslhandshakecount > 1 } {
## log (rate limited) the event (to /var/log/tmm)
log "\[VS [IP::local_addr]:[TCP::local_port] client [IP::remote_addr]:[T
CP::remote_port]\]:TLS/SSL renegotiation"
## if not, close the clientside connection
reject
}
}
}
=======================================================
To check the mac address of the interface of the bigip :
ifconfig -a
bigpipe interface show all | grep INTERFACE -==> for accesss ports
bigpipe trunk show all | grep TRUNK ->>. for trunks
==========================================================
forwarding vip
virtual ip_forwarding {

destination any:any
mask 0.0.0.0
vlans external enable
}
=============================================
openssl s_client -showcerts -connect cscaogtwypr01.aust.csc.com:443
=======================================================
To modify ssh access to allow hosts.allow file
Note: Starting in BIG-IP version 9.4.2, /etc/hosts.allow is an auto-generated fi
le and should not be manually edited.
1.Log in to the command line.
2.Use the following command syntax:
tmsh modify sys sshd allow add {<ip_addr> or <ip_range> }
=================================================
==================================================
upgrading f5
http://ciscoforce.blogspot.in/2011/01/upgrading-f5-big-ip-from-version-93x-or.ht
ml