F5

Debug health monitor for a single pool member in F5 LTM

Posted on by Shoaib Merchant

Here’s an old post that shows how to debug bigd that gets you the debugs of all the health monitors that are running on the system. The rule of thumb with debugs is that the files get too large and may have an impact on other important services that may need that extra space.

What if you want to enable the debugs for just one pool member to see what’s going on with the health monitor associated with the pool member?

Monitor logging option is a better approach than debugging the bigd for this purpose.

You can find this setting under Local Traffic > Pools > pool_name > Members > Monitor Logging

Capture

Continue reading

Using curl for troubleshooting

Posted on by Shoaib Merchant

View only response headers

curl -I only retrieves the header of the resource. The ‘I’ is case sensitive.

root@ubnsrv01:/etc/ssl/certs# curl -I https://site3.lab.com
HTTP/1.1 200 OK
Content-Length: 191
Content-Type: text/html
Last-Modified: Thu, 17 Aug 2017 21:14:18 GMT
Accept-Ranges: bytes
ETag: "40d9a1c99d17d31:0"
Server: Microsoft-IIS/7.5
Date: Sat, 02 Sep 2017 22:58:54 GMT

View response headers and content

curl -i includes the HTTP header in the output along with the site content. Since this URL is terminating on an F5, the HTTP header reports that a redirect is configured for this URL but doesn’t redirect it automatically to the URL. The ‘i’ is case sensitive.

Continue reading

Debug F5 monitor response from the server

Posted on by Shoaib Merchant

It is quite simple to see if a pool member failed it’s health check by checking the pool status via GUI/CLI and the ltm logs also give you more information on the time lines when the pool went down/up;

cd /var/log
cat ltm | grep

But what if you’ve configured a custom health monitor for a particular pool and now that pool is down and you know it’s the monitor that is failing it. You’ve verified that the F5 is indeed sending the F5 monitor traffic to the nodes. You run some captures on the interface or on an intermediary firewall and see the node is sending replies as well. Now, what if you want to check the contents of the server’s response during that time from the F5 itself?

So here’s the step-by-step instructions you need to follow to effectively get that information;

Continue reading

Licensing your BIG-IP

Posted on by Shoaib Merchant

Licensing is the first thing you would want to do when configuring your BIG-IP for the very first time. Below are two methods with which you can accomplish this.

Automatic method

Use this method if your BIG-IP has internet access.

1. BIG-IP generates a ‘dossier’. The dossier contains the hardware information of your system and the registration key which is pre-populated on the BIG-IP.
2. BIG-IP then sends the dossier to the F5 License Server.
3. If the dossier is valid, the License Server sends a license file back to BIG-IP.
4. BIG-IP stores the bigip.license file in the /config directory.

All this is done by the BIG-IP without any manual intervention.

Manual method

Use this method if your BIG-IP does not have direct internet access or is blocked by a Continue reading