Advanced grep filters for F5 logs

Posted on May 3, 2018November 24, 2018 by Shoaib Merchant

Grep X number of lines after matching pattern is found

[root@ltm02:Active:Standalone] config # zless /var/log/ltm* | grep -A 2 "16:03:23" -n
230:May  3 16:03:23 ltm02 notice bigd[5171]: 01060001:5: Service detected UP for ::ffff:172.16.4.10:80 monitor /Common/site1-http-mon.
231-May  3 16:03:24 ltm02 notice bigd[5171]: 01060001:5: Service detected UP for ::ffff:172.16.4.20:80 monitor /Common/site1-http-mon.
232-May  3 16:03:24 ltm02 notice mcpd[4647]: 01070727:5: Pool /Common/site1.dc1.networkology.net member /Common/172.16.4.10:80 monitor status up. [ /Common/site1-http-mon: up ]  [ was down for 3hrs:25mins:55sec ]

The above example greps 2 lines after the matching pattern “16:03:23” is found. Continue reading →

Troubleshooting SSL handshake in F5 BIG-IP LTM – Part 1 (SSL/TLS Protocol Mismatch)

Posted on April 29, 2018November 24, 2018 by Shoaib Merchant

How to identify if there is an SSL/TLS protocol mismatch between Client and F5 LTM?

1. Check the protocol version used by the client in wireshark captures under the “Client Hello” packet protocol mismatch wireshark capture

2. Check the SSL/TLS protocol version supported by the LTM for a particular VIP

Run curl checks if possible from a remote server

curl -Ik https://site1.dc1.networkology.net --sslv2
curl -Ik https://site1.dc1.networkology.net --sslv3
curl -Ik https://site1.dc1.networkology.net --tlsv1
curl -Ik https://site1.dc1.networkology.net --tlsv1.0
curl -Ik https://site1.dc1.networkology.net --tlsv1.1
curl -Ik https://site1.dc1.networkology.net --tlsv1.2

Check if any protocol is negated in ciphers under client-ssl profile;

Continue reading →

F5 iRules – Unconditionally redirect based on host header content and close initial connection #0

Posted on January 6, 2018January 6, 2018 by Shoaib Merchant

when HTTP_REQUEST {
 if { [string tolower [HTTP::host]] equals "site2.lab.com" }
 {
       HTTP::respond 302 noserver -reset Connection close Location http://site3.lab.com }
}

With the above iRule, the initial connection to site2.lab.com is closed when the redirect message is sent to the client. Check out the below output from curl which validates the same.

Continue reading →

F5 iRules – Unconditionally redirect to another VIP based on host header content and initial connection stays intact

Posted on January 6, 2018January 6, 2018 by Shoaib Merchant

when HTTP_REQUEST {
    if { [string tolower [HTTP::host]] equals "site2.lab.com" } {
        HTTP::redirect "http://site3.lab.com"
    }
}

With this iRule, the initial connection to site2.lab.com is not closed and kept in memory until it times out. Check out the below output from curl which validates the same.

Continue reading →

F5 iRules – If pool is down, then redirect to another VIP

Posted on January 6, 2018 by Shoaib Merchant

when HTTP_REQUEST {
  if { ( [active_members site2.lab.com-pool-80] < 1 ) } {
     HTTP::redirect http://site3.lab.com/
  }
}

Share this:

Share this:

Share this:

Share this:

Share this: