0%
F5 commands
! ping command without -I flag will ping from mgmt interface
ping 8.8.8.8
! ping using -I flag from data interface
! ping dest_IP -I source_IP
ping 8.8.8.8 -I 10.11.10.1
------------------------------------
! enter bash
bash
run util bash
------------------------------------
! TMSH commands
! enter tmsh mode
tmsh
------------------------------------
! view full running config
show running-config all-properties recursive
------------------------------------
! show management IP
list sys management-ip
------------------------------------
! interfaces, vlans and routes
show net interface
show net route
show net vlan
------------------------------------
! system hardware and model number
show sys hardware
------------------------------------
! License
show sys license
------------------------------------
! create a ucs archive
tmsh save sys ucs /var/tmp/UPGRADE_`date ā+%Y%m%dā`.ucs
------------------------------------
! perform failover from command line, make current node standby
run sys failover standby ! execute from active node
------------------------------------
! CPU and memory live stats
tmstat
------------------------------------
! show virtual servers
list ltm virtual | less
------------------------------------
! show connections from external clients and to the nodes
show sys connection
! Understanding command options
cs-client-addr:cs-client-port ----> cs-server-addr:cs-server-port [ VIP ]--[ F5 ]--[ Self/SNAT IP ] ss-client-addr:ss-client-port ----> ss-server-addr:ss-server-port
! Client side: client side, usually public addresses abreviated as 'cs'
! Server side: These are outgoing connections initiated by the BIG-IP as the proxy, abbreviated as 'ss'
! If you want to see all connections for a specific client's public IP address
show sys connection cs-client-addr 1.1.1.1
! If you want to see all connections to a specific virutal server then
show sys connection cs-server-addr 10.1.1.1 cs-server-port 443
! If you want to see all connections from a specific SNAT address then
show sys connection ss-client-addr 192.168.2.2
! If you want to see all connections to a specific real server which was load balanced to
show sys connection ss-server-addr 172.16.29.1
! or
show sys connection ss-server-addr 172.16.29.1 ss-server-port 443
! for detailed output per connection
show sys connection all-properties
! details for connections from a specific client IP address
show /sys connection cs-client-addr 2.2.2.2 all-properties
! delete all connections initiated from a specific client IP
delete /sys connection cs-client-addr 2.2.2.2
! delete all connections, be careful
delete /sys connection
------------------------------------
! show persistence records
show ltm persistence persist-records
------------------------------------
! F5 Upgrade commands when GUI Breaks
! find large files and delete those files
find / -size +300000000c
! start installation from GUI because it breaks after installation starts
! monitor the progress of software upgrades
watch -n 10 tmsh show sys software status
! when GUI was reachable before change started
! record which is the current volume
! and which is the destination volume
cpcfg --source=HD1.1 HD1.3
info: Getting configuration from HD1.1
info: Copying configuration to HD1.3
info: Applying configuration to HD1.3
tmsh reboot volume HD1.3
The system will be rebooted momentarily
Broadcast message from systemd-journald@CCSLO-EDGE-F5-A.vdipod.local (Fri 2024-04-12 23:11:59 BST):
overdog[5161]: 01140043:0: Ha feature software_update reboot requested.
after booting up into new location
switchboot -l
! if it still shows old boot location
switchboot -b HD1.3
! reboot if not already in that partition
reboot
------------------------------------
! Tcpdump
! view all traffic on internal vlan
tcpdump -i internal
! view traffic on all interfaces, be careful
tcpdump -i 0.0
! tcp flags and arguments
-n disables the name resolution
-nn double n will not only just disable the name resolution but also port / service name resolution
-w capture packets in a file
host - shows all the packets to and from a specific IP
src host - shows all packets from a specific source IP
dst host - shows all packets to a specific destination IP
port
src port
dst port
and
-s also called snaplen can let you specify how much of bytes to capture per packet
-s 0 will capture full packet
-c limit the number of packets to capture
-v captures and displays verbose output about traffic and tcp parameters
-vv increases verbosity
-vvv increases verbosity even more
-i interface:<noise level+p [full traffic flow[> such as -i 0.0:nnn
--n captures low details
--nn captures low and medium details
--nnn captures low, medium and high details
--p allows you to capture both sides of the connection in CS and SS world
tcpdump -ni 0.0 -w /var/tmp/capture.pcapng
! -n , no name resolution
! -i 0.0 , capture on all interfaces
tcpdump -ni 0.0 host 10.90.100.1 and port 80 -w /var/tmp/capture.pcapng
! -n , no name resolution
! -i 0.0 , capture on all interfaces
! -s200 , only capture first 200 bytes as capture is going to run for long time unattended
tcpdump -ni 0.0 -s200 host 10.90.100.1 and port 80 -w /var/tmp/capture.pcapng
! -nn , no IP and port name resolution
! -i 0.0 , capture on all interfaces
! -s200 , only capture first 200 bytes as capture is going to run for long time unattended
! -c2000 , stop capture after 2000th packet is captured
tcpdump -nni 0.0 -s200 -c2000 host 10.90.100.1 and port 80 -w /var/tmp/capture.pcapng
! stop capture
ctrl + c
! if tcpdump is running in another session which is locked and not accessible
! then kill tcpdump process
killall tcpdump
! capture all legs of the connection from client <-> VIP and from self IP <-> Pool member in a single capture - full traffic flow end to end using option p on the interface
client <--> VIP and Self IP <--->Pool Members
tcpdump -nni 0.0:nnnp -s400 -c 10000 -w /var/tmp/capture.pcap host 10.0.0.1 and port 443
-nni 0.0 means capture on all interfaces and vlans with no ip to name and port to service name resolution
:nnnp means capture traffic at highest levels of debugs and p means capture data in both directions end to end of the load balancing
-s400 means only capture first 400 bytes of per packet
-c 10000 means stop captures once 10,000 packets have been captured
-w means save packet capture
------------------------------------
! check APM logs for authenitcation issues (Jupiter)
tail -f /var/log/apm