BigIP Report Old
Problem this snippet solves:
This codeshare has been deprecated due to a hosting platform corruption. I have moved code and conversation to a new record (on the same original URL) https://devcentral.f5.com/s/articles/bigip-report
can be Overview
This is a script which will generate a report of the BigIP LTM configuration on all your load balancers making it easy to find information and get a comprehensive overview of virtual servers and pools connected to them.
This information is used to relay information to our NOC and developers to give them insight in where things are located and to be able to plan patching and deploys. I also use it myself as a quick way get information or gather data used as a foundation for RFC's, ie get a list of all external virtual servers without compression profiles.
The script has been running on 13 pairs of load balancers, indexing over 1200 virtual servers for several years now and the report is widely used across the company and by many companies and governments across the world.
It's easy to setup and use and only requires guest permissions on your devices.
Demo/Preview
Please note that it takes time to make these so sometimes they're a bit outdated and they only cover one HA pair. However, they still serve the purpose of showing what you can expect from the report.
Interactive demo
http://loadbalancing.se/bigipreportdemo/
Screen shots
The main report:
The device overview:
Certificate details:
How to use this snippet:
This codeshare has been deprecated due to a hosting platform corruption. I have moved code and conversation to a new record (on the same original URL) https://devcentral.f5.com/s/articles/bigip-report
Installation instructions
BigipReport REST
This is the only branch we're updating since middle of 2020 and it supports 12.x and upwards (maybe even 11.6).
Download: https://loadbalancing.se/downloads/bigipreport-v5.5.4.zip
Documentation, installation instructions and troubleshooting: https://loadbalancing.se/bigipreport-rest/
Docker support
This will be the recommended way of running bigipreport in the near future. It's still undergoing testing but it's looking really good so far.
https://loadbalancing.se/2021/01/05/running-bigipreport-on-docker/
BigipReport (Legacy)
Older version of the report that only runs on Windows and is depending on a Powershell plugin originally written by Joe Pruitt (F5).
BigipReport (Stable):
https://loadbalancing.se/downloads/bigipreport-5.3.1.zip
BigipReport (BETA): https://loadbalancing.se/downloads/bigipreport-5.4.0-beta.zip
iControl Snapin: https://loadbalancing.se/downloads/f5-icontrol.zip
Documentation and installation instructions:
https://loadbalancing.se/bigip-report/
Upgrade instructions
Protect the report using APM and active directory
Written by DevCentral member Shann_P:
https://loadbalancing.se/2018/04/08/protecting-bigip-report-behind-an-apm-by-shannon-poole/
Got issues/problems/feedback?
Still have issues? Drop a comment below. We usually reply quite fast. Any bugs found, issues detected or ideas contributed makes the report better for everyone, so it's always appreciated.
---
Also trying out a Discord channel now. You're welcome to hang out with us there:
Code :
85931,86647,90730
Tested this on version:
13.0
974 Comments
esloanNimbostratus
@Mike,
How would this handle Forwarding(IP) layer 3 vips since they don't have the option for an HTTP profile?
@Patrik,
I'm wondering: 1st is it exposed via icontrol? 2nd If it is just as simple as including the get_type while building the data does it make sense to include. 3rd If we include it where do we put it on the table? under the virtual server?
Basically my requirement is to use the bigipreport to let security know which vips are handling their own SSL protocols, ciphers, certs, etc. as an auditing tool.
E
Mike_Perez_6161E,
we have Forwarding(IP) for each one our Route Domains as pass-through VS and are showing HTTP Profile as No in the column.
shown on the LTM config for pass_through_rd111
Hi guys!
Many questions at once (nice to get some activity!). :)
Mike:
The code is "open source" so you may do what you like. You can even contribute on Github like Tim Riker has done. :) To solve your issue I think it would be beneficial to have a Skype call, perhaps tomorrow?
Esloan:
One way to sort out virtual servers that are offloading SSL is to sort on SSL = Yes as a column filter. If that does not work I could add an additional column to my backlog, or add which VIP type it is in the virtual server details in which case it could easily be exported/filtered via the json files.
/Patrik
- Mike_Perez_6161
Hello Patrik,
Skype would work for me. I am in Arizona currently on Pacific Time Zone. Let me know what time works for you?
- jba3126
Cirrostratus
So this is probably one of the largest asks and I understand if this is not on your roadmap or too difficult to do, but what are the chance that you might incorporate SSL/TLS statics? So every company that uses F5 and provides services in which they have to protect PCI/PAN/PII data (Username/Passwords/Personal Info/CreditCards/etc) are having to adhere to the new PCI regulations which state that you have to be off TLS 1.0 by June 30th 2018. I as are many of my colleges are being asked to provide SSL/TLS stats. The problem is, the stats are accumulative from the last time the F5 was rebooted, so you have to poll the stats in real-time. Below are by in large the stats most are focused on to meet these requirements. Any suggestions are more than welcome by myself and thousands of Admins like myself. In closing this tool you have built is absolutely amazing and I'm floored by the time you have invested. I've started sharing with some of my peers within my org and once I get this secured with APM, I'm planning to share it with peers outside. Thank you!
[jeff@EC-LB2:Active:In Sync] ~ tmsh show ltm profile client-ssl /Test/ClientPROD* | egrep -E 'Ltm|Proto' Ltm::ClientSSL Profile: /Test/Client-0120-PROD-SSL
Protocol
SSL Protocol Version 2 0 SSL Protocol Version 3 0 TLS Protocol Version 1.0 7 TLS Protocol Version 1.1 0 TLS Protocol Version 1.2 16 DTLS Protocol Version 1 0 Hi Jeff!
Thank you for your kind words. It's feedback that's been fueling the development over the years. :)
Gathering statistics is a different beast altogether. BigIPReport is a 100% clientside application (except the generation). Adding a database would be possible, but would make the installation much harder. Of course, I could utilize flat files for statistics, but that would make large installations either take way to long to generate, or to load depending on if the flat files would be processed client side or during the report generation.
However, I recently did a similar exercise with both SSLv3 and TLS1.0 so this might help you. Created a blog post about it here:
https://loadbalancing.se/2018/04/19/gather-cipher-statistics-from-your-f5-device/
It's not 100% of the answer, but if you have some kind of infrastructure in place for log management and visualization you will find that this is a piece of cake.
/Patrik
- TimRiker
Cirrocumulus
I've reworked Patrik's datatables implementation to use client side rendering for the main table. Client side load times are much faster. My pull request does not support rendering orphan pools. Is this an important feature for folks?
Patrik has been reviewing my changes and integrating them. We have found BIG-IP Report very useful in our organization.
Thanks!
- Mike_Perez_6161
Hi Tim,
I find the Orphan Pool feature helpful. Recently used as a quick cleanup effort. If there alternative way to quickly find them, I am open to use that route.
Thanks, Mike
- TimRiker
OK. Added orphan pools into virtualservers.json and now they show up in the report again.
