What CLI tools are in your toolbox for testing or troubleshooting application deployments on BIG-IP?
In trying to nail down a rate limiting solution, I reached back for my trusty apache-bench utility, ab, to push some load with concurrency at the virtual server. But...in today's SSL everywhere, discovered that ab does not have a flag to ignore SSL errors, and I don't have valid certs in my local lab, so I couldn't use that to push load. In a quick search I found hey, installed that on my ubuntu test box, and seems to be a reasonable replacement (see below). But that got me thinking...what cli tools are out there for test/troubleshooting that I'm missing out on? jrahm@unuc:~$ hey -n 10000 -c 5 https://172.16.101.50/ Summary: Total: 8.2474 secs Slowest: 0.0510 secs Fastest: 0.0023 secs Average: 0.0041 secs Requests/sec: 1212.5047 Total data: 20000 bytes Size/request: 2 bytes Response time histogram: 0.002 [1] | 0.007 [9956] |■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■ 0.012 [36] | 0.017 [2] | 0.022 [0] | 0.027 [0] | 0.032 [0] | 0.036 [0] | 0.041 [0] | 0.046 [0] | 0.051 [5] | Latency distribution: 10% in 0.0032 secs 25% in 0.0036 secs 50% in 0.0040 secs 75% in 0.0045 secs 90% in 0.0050 secs 95% in 0.0055 secs 99% in 0.0065 secs
irule Troubleshooting:
Hi guys, once i try to assign the following irule to a VS i receive this error message: 01070151:3: Rule [/Common/rule_errorpage_test] error: Unable to find pool (sorry_pool) referenced at line 21: [pool sorry_pool] when RULE_INIT { set static::sorry_pool "/Common/pool_wwbtest_sorry" set static::wartung_pool "/Common/pool_wwbtest_wartung" } when HTTP_REQUEST { log local0. "Incoming URI = [HTTP::uri]" if { [catch { [active_members [LB::server pool]] < 1}] } { if { [catch {active_members $static::wartung_pool}] > 0 } { pool wartung_pool set mypick [LB::select] log local0. "The LB choice is: $mypick" set newuri [string map {/wartung.html/ /} [HTTP::uri]] log local0. "The new URI is = $newuri" HTTP::uri $newuri eval "GET [HTTP::uri $newuri] HTTP/1.1\r\nHost: $mypick\r\n\r\n" log local0. "[HTTP::uri] [LB::server addr]" } elseif { [catch {active_members $static::sorry_pool}] > 0 } { pool sorry_pool set mypick [LB::select] log local0. "The LB choice is: $mypick" set newuri [string map {/sorry.html/ /} [HTTP::uri]] log local0. "The new URI is = $newuri" HTTP::uri $newuri eval "GET [HTTP::uri $newuri] HTTP/1.1\r\nHost: $mypick\r\n\r\n" log local0. "[HTTP::uri] [LB::server addr]" } else { HTTP::respond 200 content "Lieber Kunde,\r\ndie Seite befindet sich aktuell in der Wartung.\r\n\r\nDear Customer,\r\nthis site is down for maintenance. We are sorry for the inconvience.\r\n" noserver connection close } } } i am really puzzled and clueless what the problem might be. If you have any ideas to solve this i would be grateful 🙂 best regards David
Load Balancing to Only One Pool Member
I have an issue where all traffic in a pool is going to the fifth of 5 pool members. We are using cookie persistence and I know there can be issues with that. We are also using both an http and OneConnect profile. From the sols and DC articles I've read it seems like the problem will arise if you do NOT have a oneconnect profile assigned. I have tried pulling http/oneconnect/tcp profiles on and off, using default profiles. The only thing I haven't tried is falling back to source address persistence. That is a last resort I do not want to use. Due to the application architecture source address persistence will definitely result in uneven load. All the "custom" profiles are built from an F5 guide for the application (Epic HyperSpace Web; Link to Guide). That being said this config seems pretty straight forward, but any help would be very much appreciated. We have captured traffic and seen the cookies present in the sessions. Below is the config. ltm virtual /PARTITION/v_80 { destination /PARTITION/10.10.1.1:80 ip-protocol tcp mask 255.255.255.255 persist { /PARTITION/Custom-cookie { default yes } } pool /PARTITION/pool_80 profiles { /PARTITION/Custom-OneConnect { } /PARTITION/Custom-http { } /PARTITION/Custom-lan-optimized { } } source 0.0.0.0/0 source-address-translation { type automap } translate-address enabled translate-port enabled } ltm pool /PARTITION/Pool_80 { description "HTTP Pool" load-balancing-mode least-connections-member members { /PARTITION/001:80 { address 10.1.1.1 } /PARTITION/002:80 { address 10.1.1.2 } /PARTITION/003:80 { address 10.1.1.3 } /PARTITION/004:80 { address 10.1.1.4 } /PARTITION/005:80 { address 10.1.1.5 } } monitor /Common/http_head_f5 service-down-action reselect } Only change to custom oneconnect profile is mask is 255.255.255.255. Only change to tcp-lan-optimized profile is the idle timeout is set to 1200s. Only change to http profile is that 'Redirect Rewrite' is set to Matching. Custom cookie persistence uses default settings.
Source address persistence troubleshooting
Hi, I am looking a way to find out if source address persistence is working correctly. There are two VS (Standard TCP IP:any and Standard UDP IP:any both with pools pointing to the same nodes) with attached profile: ltm persistence source-addr lamp_persist_match_vs { app-service none defaults-from source_addr description none hash-algorithm default map-proxies enabled map-proxy-address none map-proxy-class none mask none match-across-pools disabled match-across-services disabled match-across-virtuals enabled mirror disabled override-connection-limit disabled partition Common timeout 32400 } match-across-virtuals is enabled so after first client connection to any of VSs following connections should go to the same node for at least 32400 s. I am looking a way to find out if it is working like that. So I need to figure out if given client IP is for at least defined timeout ONLY directed to the same IP. In other words I need to catch exception when given client IP is rebalanced to other IP during timeout period. Any ideas how to do that? I was thinking about using iRule with iStats but I am not so good with iStats stuff. My first approach was to create code like that: when LB_SELECTED { set node_sel [LB::server addr] log local0. "Selected node is $node_sel" ISTATS::incr "ltm.virtual [virtual name] node $node_sel client.ip [IP::client_addr] c balanced" 1 ISTATS::incr "ltm.virtual [virtual name] c [IP::client_addr]-${node_sel}" 1 ISTATS::incr "ltm.virtual [virtual name] c count_it" 1 log local0. "Currents counter is: [ISTATS::get "node $node_sel client.ip [IP::client_addr] c balanced"]" } Tried different syntax but I am not really sure if that's a way to go. Goal is to be able to collect all nodes given client IP connected during timeout period. If there is not persistence issue just one entry should be created listing client IP and selected node, if there is issue I expect that two entries will be created (pool contains two pool members). Piotr
F5 LTM upload a file issue
Hello, I'm pretty new with F5 and I'm changing an old F5 for a new one, all seems to be good, I can access to all websites and applications, but in a website there is a pop-up window that allows to upload files, I can select the file then clicked in upload but it didn't work, the pop-up windows does not show any error message and in the F5 I can't find anything relate to this in ltm logs, the file is just not uploaded. I tried to talk with dev team to ask about the communication process, but it looks like they even don't know, so, I want to know if you have any recommendation regarding in how to do the troubleshooting in here? I'll appreciate all your recommendations. RegardsTCP Ping Functionality on BIG-IP Appliance
TCP Ping Functionality on BIG-IP Appliance Hello All Please can anyone advise if it is possible to perform a TCP Ping from a BIG-IP appliance either in TMSH or TMOS? If so, please can you include any reference documentation. Many thanks for your help in advance.
HTTPS monitor suddenly stopped working. http works fine on same nodes. what could cause this, newbie here
I have a customer environment where the HTTP monitors are just fine, but the HTTPs monitors have suddenly stopped. it is using the default https monitor and the monitor is operating correctly on other https nodes. that seems to me that that would be on the customer side since the only thing specific about it is the individual node itself on port 443. if it was a monitor issue, especially a default one, it would seem the issue would be spread further. Does anyone have any insight to simple issues this could be or is everyone of the same mind that this looks like a customer side issue?
viewing HTTP header in tcpdump
Hi guys, is it possible to view the content of http headers in a tcpdump trace file? I tried: tcpdump -i /Common/ -vvvs 1024 -l -A host example.com It looks like as the device is tracing packets, but when I download them the file is empty or broken. Anyone an idea on this? I am using Version 11.3 HF8 Cheers, Merlin
