For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Prashanth_10473's avatar
Prashanth_10473
Icon for Nimbostratus rankNimbostratus
May 28, 2013

F5 GTM sync group

In F5 GTM, how to identify which other device configured into same sync group by loggining to GTM

 

5 Replies

  • you could check the trusted device certificates, check log messages in var/log/gtm for iquery messages, or check the sync group name on the GTMs in question.

     

     

    Is there a specific issue you are trying to solve?
  • thanks...

     

    in trusted device certificates or in gtm logs, we have many ltm's configured...how do I identify gtm belonging to my sync group..?

     

    Whole idea between this is to create device inventory pertain to sync groups.
  • Interesting question. At first I was going to point you at System->Configuration->Global Traffic->General, but that only tells you which sync group the unit you're on is in. And that's not really your question. I'm only running 10.2.4, and I don't know of any way to determine this using the admin gui or any TMSH commands. However, I think you can figure this out using a secondary method:

     

    This article has a useful nugget:

     

    http://support.f5.com/kb/en-us/solutions/public/13000/700/sol13734.html "TCP port 4353 must be allowed between devices BIG-IP GTM synchronization group members use TCP port 4353 to communicate. You must verify that port 4353 is allowed between BIG-IP GTM devices."

     

    So you can do a tcpdump looking at port 4353, and you should see all the other F5 devices communicating through iquery. If you have some LTMs in there, you'll have to filter those out. It looks like you can also use netstat. This command gave me the output I was expecting for my environment - it showed the local GTM and the only other GTM in its sync group:

     

    netstat -antp |grep 4353 |grep big3d

     

    • Terry_Pike's avatar
      Terry_Pike
      Icon for Nimbostratus rankNimbostratus
      simple script to run from the command line of a GTM: will display other F5's connected on port 4353 echo " " echo " These are the GTM systems currently connected to THIS sych group and listening on 4353 " echo " " echo " " _connected=`netstat -antp |grep 4353 |grep big3d | grep ffff | awk -F: '{print $8}'` for file in $_connected do nslookup $file | grep name done