For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Macaron's avatar
Macaron
Icon for Nimbostratus rankNimbostratus
Oct 09, 2020
Solved

Script to find virtual servers with connection mirroring enabled

Hi All,

I am working on to turn off connection mirroring on all the legacy VIPs which are causing application performance degradation. Is there a way to automate and discover virtual server with connection mirroring enabled via script? and also disable automatically?

 

Thanks

application delivery
BIG-IP
LTM
security
  • Dario_Garrido's avatar
    Dario_Garrido
    Oct 16, 2020

    Hello Macaron.

    You need to perform bash engineering. Some examples:

    tmsh list ltm virtual mirror | grep -B1 enabled
tmsh list ltm virtual mirror | grep -B1 enabled | grep ltm | awk '{print $3}'
tmsh list ltm virtual one-line all-properties | grep "mirror enabled" | awk '{print $3}'
tmsh -q -c "cd / ; list ltm recursive one-line all-properties" | grep "mirror enabled" | awk '{print $3}'
# This last one to capture VS located in different partitions.

    Regarding the 1000 records, you should not have any problem, but it's better to execute it when CPU/RAM consumption in management plane is low.

    Regards,

    Dario.

8 Replies

  • Dario_Garrido's avatar
    Dario_Garrido
    Icon for Noctilucent rankNoctilucent
    Oct 10, 2020

    Hello Macaron.

    ā€‹

    You can use some of these commands

    ## Check Mirroring Enabled
tmsh show sys connection type mirror
tmsh show sys ha-mirror

    Regards,

    Dario.

    • Macaron's avatar
      Macaron
      Icon for Nimbostratus rankNimbostratus
      Oct 12, 2020

      The first command returned 1200 plus connection records for 37 VIPs in total on F5. I need to identify VIPs which has connection mirroring enabled. Is there any command for that?

      • Dario_Garrido's avatar
        Dario_Garrido
        Icon for Noctilucent rankNoctilucent
        Oct 14, 2020

        Hello Macaron.

        You can check what SNAT IPs are mirroring with the next command:

        tmsh list ltm snat mirror

        The same for those VS that are mirroring their connections:

        tmsh list ltm virtual mirror

        And finally, the same for those VS that are mirroring their persistence records:

        tmsh list ltm virtual mirror persist { $(tmsh list ltm persistence one-line all-properties | grep "mirror enabled" | awk '{print$4}') }

        For disabling mirroring, you just need to modify the 'mirror' option as expected.

        REF - https://support.f5.com/csp/article/K13478

        Please, don't forget to mark this answer as the best to help me for this contribution.

        Regards,

        Dario.