Forum Discussion

Yiannis_CDJ_F5's avatar
Yiannis_CDJ_F5
Icon for Altostratus rankAltostratus
Jan 05, 2023

BIGIP CMDB info export

Hello! We have incorporated the F5 BIGIP system as a basic component of our infrastructure and we migrated several applications and services behind it.

At the same time we need to insert data into a CMDB system in order to be able to know the involved technical elements in case of incidents.

Currently, the problem we have is that the only way we can export such data is manually.

What we need: We would need to know if there is a way or a tool, on BIG IP side that could help us to generate reports of all the application/service flows that cross our BIGIP systems.

 

For the moment, we gather data per VIP through LTM (Network map) in the following form:

Description

VIP

Protocol

Type

Patrition

Notes

Redirection/irule

HTTP/HTTPS OF URL

Domain/path

Servers

Redirection

VIP_DESCRIPTION_APPLICATION

VIP_IP_HERE

VIP_PORT

Performance (Layer 4)

PARTITION_HERE

 

/PARTITION/iRule_ofVIP

http

POOL_ofVIP

Servers_Here

 URL here

Here is an example: An application is pointing to a VIP:port which is also using an iRule. Then in the iRule we detect a specific domain and in that domain we filter with a path. Then for that specific path we perform a specific action (reverse proxy or redirection). For every application we need to know all the chain of elements involved to be able to involve quickly all the necessary technical teams: VIP:Port – Irule – domain-path-action.

 

We need to have a global picture of how specific applications are linked to specific servers or redirections.

The problem is that we need to do this manually for every VIP and in some cases we have many different applications and behaviours behind the same VIP(using the same irule).

We need to be able to export such data either per case/incident/application or as a global report for all the elements used and served from a specific vcmp.

"Network map" is good, but it doesn't show how a specific application is handled from an iRule (we cannot search for example with the application's domain or path). 

What would be the best way to extract such info from BIG IP systems in a clear and practical way? 

Thank you in advance for your time and support. 

8 Replies

  • This is old and I have no idea if it works any longer, but I think it aligns with what you are wanting to do. It even analyzes iRules for pool designations and maps appropriately. Might be a start for you to consider modernizing/adapting? Perl+iControl(SOAP)+Graphviz

    BIG-IP Config Visualizer

    I wrote this up a while back, there is a (grainy) image that gives you an idea what it does.

    HTH...Jason

  • Network map does tell you if a certain Virtual Server is referencing iRules, 
    but I'm afraid that application-specific parsing of your iRule code will need to be done manually as iRules are customer-created scripts, and since iRule purpose might greatly vary from one script to another those can't be "standardized" into other configuration objects for parsing.

    I was thinking that maybe iHealth tool might help you with that ... I recall that "browsing" LTM-specific objects like a VS will return the full configuration of all profiles, rules, pools etc. that are linked to that object .. I'd say it might be worth giving it a try.

    Also from iHealth you can still access all configuration files, including bigip.conf which does contain LTM iRules.  

  • Hi,

    So there are a couple of config files that you might be able to extract to maybe get what you need.
    But that's a scp sftp transfer type things manually.
    There is a restAPI on the f5 which you may be able to query to get what you need.

    The first question i would ask is "how" do you want your CMDB system to be quirying things?
    I take it not manually, but would a file do and you setup a parser to get the data you need.
    Or does the CMDB tool or something in that pipeline have the capability of using restAPI calls to identify the information you need?

    • Yiannis_CDJ_F5's avatar
      Yiannis_CDJ_F5
      Icon for Altostratus rankAltostratus

      Hi! Thank you for your answer. For the moment, we need a simplified solution and we don't need to link the exported info from F5 into the cmdb. We would just need to export the data either in a csv or in an html file (or in another way) in order to have the global info visible. Then when we would have visibility of the necessary info, that would be sufficient and we can inport data in the cmdb manually then. 

      The best example I can think is that, if a server has a problem, we need now to do the whole troubleshooting on F5 manually to find in which pool it belongs, then where is this pool used, in which VIP, if there is an irule impacting applications etc etc. On the other hand, if we could generate quickly a report, it would be much faster to track the impacted resources and see this info, even for people who are not familia with the F5. 

      So a file export with custom fileds could do the job (in this case we would need to corralate info inside iRules with info from LTM VIP, pools etc). 

      Thank you again for your help

      Kind regards,

      Yiannis

  • Yiannis_CDJ_F5 sadly nothing exists built into the F5 that would do this function automatically and would either take SSH and some command output filtering that you would feed into the location of your choice or using restAPI but still manually feeding that into a location of your choice. You could build a website similar to the way Solarwinds functions that outputs the data received using restAPI or even SNMP but not much beyond that. I would look for possible software that does this rather than building something of your own using the SSH, restAPI, or the SNMP methods.

  • Yiannis_CDJ_F5 - were you able to find a way to resolve or workaround your issue?
    If so it would be great if you could mark the reply/replies that provided the solution OR provide a quick note on how you worked around the problem?

    Thanks, Lief