Documente Academic
Documente Profesional
Documente Cultură
__________________________________________
Helpful commands on BIG-IP v4.5.13 device
__________________________________________
Monitor:
b monitor srini '{use "http" interval 15 timeout 31 dest *:* send "GET /" recv "
"}'
---> V4 monitor creation command
Pool:
b pool srini {member x.x.x.x:yy member x.x.x.x:yy persist simple simple_timeout
ntp
ntp
ntp
ntp
servers
servers
servers
servers
x.x.x.x add
show
none ( deletes all ntp servers)
x.x.x.x delete to delete on particular ntp server
service that works with ntp on the ltm is ntpd , to check the service ntpd -np
b virtual V_IP_Port_P-Businessname { destination x.x.x.x:yy pool <name> ip proto
col tcp }
/* vip ip creation with protocol 'standard' */
b virtual V_IP_Port_P-Businessname { persist
<persist profile name> }
/* adding persistence to a vip ip */
b virtual V_IP_Port_P-Businessname { fallback persist <persist profile name> }
/* adding fallback persistence to a vip ip */
b pool srini member x.x.x.x:yy monitor tcp
[ for node level monitor applicaton ]
b pool srini monitor all tcp
[ for pool level monitor applicaton ]
in the area where it says" allowed from xxxx"..and make changes where ever they
are in
----------------------------------------------------------------------------------------------------------------------------------------------------------http redirect rewrite all...
This feature is help full when the client to bigip connection is on
igip off loads the ssl connections -> initaites a new connectins to
tp -> server redirects to an another page with http -> then for the
to be sucessfull we need to have http redirect rewrite all on that
a https -> b
server in ht
connections
vip .
================================================================================
==========================
useful kb artciles.
https://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/ar
ticleId/353/v10--A-Look-at-Route-Domains.aspx -> route domains
https://support.f5.com/kb/en-us/solutions/public/1000/800/sol1858.html ---> runn
in Qkview
https://support.f5.com/kb/en-us/solutions/public/4000/800/sol4816.html ---> Usin
g the X-Forwarded-For HTTP header to preserve the original client IP address for
traffic translated by a SNAT
https://support.f5.com/kb/en-us/solutions/public/1000/800/sol1819.html ----> thi
s is for b config sync issues
https://support.f5.com/kb/en-us/solutions/public/3000/100/sol3169.html ---> Cre
ating an iRule that takes action upon an HTTP server response code
https://support.f5.com/kb/en-us/solutions/public/9000/800/sol9800.html ---> Usin
g an iRule to load balance HTTP requests to multiple pools
https://support.f5.com/kb/en-us/solutions/public/7000/200/sol7208.html ---> Over
view of the OneConnect profile
https://support.f5.com/kb/en-us/solutions/public/0000/100/sol175.html ---> Tran
sferring files to or from an F5 Networks system
https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10770.html ---> Th
e BIG-IP Configuration utility may render slowly when using recent versions of t
he Firefox browser
https://support.f5.com/kb/en-us/solutions/public/9000/500/sol9588.html ---> Erro
r Message: httpd: [error] server reached MaxClients setting
https://support.f5.com/kb/en-us/solutions/public/3000/000/sol3062.html ---> Usin
g SSL (Session ID) persistence ( http://support.microsoft.com/kb/265369 )
https://support.f5.com/kb/en-us/solutions/public/2000/200/sol2246.html?sr=934714
1 - tcp dump
SOL411: Overview of packet tracing with the tcpdump utility
https://support.f5.com/kb/en-us/solutions/public/0000/400/sol411.html?sr=9347093
SOL1893: Packet trace analysis
https://support.f5.com/kb/en-us/solutions/public/1000/800/sol1893.html?sr=934711
7
SOL1700: Saving large tcpdump packet traces when disk space is limited
https://support.f5.com/kb/en-us/solutions/public/1000/700/sol1700.html?sr=934718
5
http://support.f5.com/kb/en-us/solutions/public/7000/500/sol7595.html
http://support.f5.com/kb/en-us/solutions/public/2000/200/sol2211.html?sr=1469615
0 --> when a failover on the front end facing firwall bigip still redirects traf
fic to the old mac address. this can be cleared by "b connection x.x.x.x delete"
which will resend the traffic to the new mac getting learnt
https://support.f5.com/kb/en-us/solutions/public/7000/500/sol7532.html?sr=847164
->> https health monitor to user client certificate
http://support.f5.com/kb/en-us/solutions/public/11000/400/sol11438.html?sr=21671
598 ->> to create a csc with alternative name
===========================================================
F5 Build
scp <root>@<device name> <source file> <destination file>
services level :
-----------------bistart list
bigstart restart - restarts all serv if one service then issue bigstart restart
xxx (service name )s
bigstart start
bigstart stop
bigstart status -> status information of srv
bigstart memstat -> mem status of the srv
b nat xxxx to yyyyy
addning subnet to ospf
ip route 14.64.227.0 255.255.255.0 Vlan519 139.149.219.124 name SLB-VIP-pool
ip prefix-list TO-OSPF seq 30 permit 14.64.227.0/24
http://ragreport.localnet/wiki/index.php/BuildGuides
===============================================================================
TO check if the ecv monitor is returing to the hosted on which its configured
==============================================================================
echo -ne "GET XXXXXX" | nc 10.101.38.1 80 ---> to chek the ecv monitor
================================================================================
To monitor live traffic on a vip :
watch -d 'b virtual XXXXX show all'
To monitor live traffic on a pool
watch -d 'b pool XXXXX show all'
===============================================================
to check if the box is up from the full_box_reboot:
nedd to check as below
ssh sccp
uptime -> this gives the uptime
===============================================================
F5 contact : 0870 77 44 655
3dns port 3454
==================================================================
how to exit from tmos to config mode
-->>run util bash
=============================================================================
tcp dump usefull commands
destination any:any
mask 0.0.0.0
vlans external enable
}
=============================================
openssl s_client -showcerts -connect cscaogtwypr01.aust.csc.com:443
=======================================================
To modify ssh access to allow hosts.allow file
Note: Starting in BIG-IP version 9.4.2, /etc/hosts.allow is an auto-generated fi
le and should not be manually edited.
1.Log in to the command line.
2.Use the following command syntax:
tmsh modify sys sshd allow add {<ip_addr> or <ip_range> }
=================================================
==================================================
upgrading f5
http://ciscoforce.blogspot.in/2011/01/upgrading-f5-big-ip-from-version-93x-or.ht
ml