F5 XC CE Debug commands through GUI cloud console and API

The XC Distributed Cloud SiteCLI debug commands were always available using a console connection or SSH access but now with the new Software releases you can send many of the commands using the XC GUI console or even the XC API. 

Why this feature is important and helpful?

 

  • With this capability if the IPSEC/SSL tunnels are up from the Customer Edge(CE) to the Regional Edge(RE), there is no need to log into the CE, when troubleshooting is needed. This is possible for Secure Mesh(SM) and Secure Mesh V2 (SMv2) CE deployments. As XC CE are actually SDN-based ADC/proxy devices the option to execute commands from the SDN controller that is the XC cloud seems a logical next step.

 

Using the XC GUI to send SiteCLI debug commands.

 

  • The first example is sending the "netstat" command to "master-3" of a 3-node CE cluster. This is done under Home > Multi-Cloud Network Connect > Overview > Infrastructure > Sites and finding the site, where you want to trigger the commands.

 

 

 

  • In the VPM logs it is possible to see the command that was send in API format by searching for it or for logs starting with "debug", as to automate this task. If you capture and review the full log, you will even see not only the API URL endpoint but also the POST body data that needs to be added. The VPM logs that can also be seen from the web console and API, are the best place to start investigating issues.

 

  • XC Commands reference:

Node Serviceability Commands Reference | F5 Distributed Cloud Technical Knowledge

Troubleshooting Guidelines for Customer Edge Site | F5 Distributed Cloud Technical Knowledge

Troubleshooting Guide for Secure Mesh Site v2 Deployment | F5 Distributed Cloud Technical Knowledge

 

Using the XC API to send SiteCLI debug commands.

 

 

  • The same commands can be send using the XC API and first the commands can be tested and reviewed using the API doc and developer portals. API documentation even has examples of how to run these commands with vesctl that is the XC shell client that can be installed on any computer or curl.

 

 

  • Postman can also be used instead of curl but the best option to test commands through the API is the developer portal.

 

 

  • Postman can also be used by the "old school" people 😉

 

 

  • Link reference:

F5 Distributed Cloud Services API for ves.io.schema.operate.debug | F5 Distributed Cloud Technical Knowledge

F5 Distributed Cloud Dev Portal

ves-io-schema-operate-debug-CustomPublicAPI-Exec | F5 Distributed Cloud Technical Knowledge

 

 

 

Summary:

 

The option to trigger commands though the XC GUI or even the API is really useful if for example there is a need to periodically monitor the cpu or memory jump with commands like "execcli check-mem" or "execcli top" or even automating the tcpdump with "execcli vifdump xxxx". The use cases for this functionality really are endless.

Updated Jan 25, 2025
Version 2.0
cloud
devops
Distributed Cloud
F5 XC
xc