Network Security Blog

We will be working with shell mode, for shell mode type “tmsh” and hit enter. You will go to BIG IP shell mode.
Below are few cli commands used to perform basic troubleshooting in LTM to check Client-Server Connections.

Step1:
root@rajiv(Active)(/Common)(tmos)#ping <Server ip address>  -I <source_self_IP>

Step2:
root@rajiv(Active)(/Common)(tmos)#telnet <Server ip address>  <portnumber>

Step3:
Try to access server directly from your local PC  using direct server/Node ip address, this is just to check if there is any issue with the server or not.

Step4:
Test access to servers from LTM CLI, do 'quit' to exit from tmos shell mode
[root@rajiv:Active:Standalone] log #curl -v http://<Virtual Server IP>
[root@rajiv:Active:Standalone] log #curl -v https://<Virtual Server IP>

Step5:
check the list of Active connections, if require you can also delete Existing/old connections using below commands.
root@rajiv(Active)(/Common)(tmos)# show /sys connection cs-server-addr <VIRTUAL-SERVER-IP-ADDRESS>
root@rajiv(Active)(/Common)(tmos)# delete /sys connection cs-server-addr <VIRTUAL-SERVER-IP-ADDRESS>
root@rajiv(Active)(/Common)(tmos)#show /sys connection cs-client-addr <CLIENT-IP-ADDRESS>
tmsh show /sys connection ss-server-addr <NODE-IP-ADDRESS> ss-server-port <NODE-PORT-NUMBER>

for Example:
client--->VIP(LTM)Selfip--------->SERVER

cs-client-addr----->client pc ip address
cs-server-addr----->LTM Virtual Server IP address
ss-client-addr------>LTM Self IP
ss-server-addr------>Server IP address
cs-client-port---->Clinet source port number
cs-server-port----->Client Destination port number
ss-client-port----->LTM source port
ss-server-port----->LTM destination port


Step6:
root@rajiv(Active)(/Common)(tmos)#tcpdump -i <vlanname> host <ipaddress> and port <portnumber> -w /var/tmp/capture1.pcap
OR
root@rajiv(Active)(/Common)(tmos)#tcpdump src host <ipaddress> and dst host <ipaddress>  and dst port <portnumber>

Optional:-
-i <interface number> --->Interface such as 1:1 ,2:1
-i <vlan name>
-i 0.0 ---->captures on all interfaces.
-ni ---->disables name resolution
-w <capture1.pcap>----->captures the traffic to a file.


Step7:
Check LTM logs you can find it in System››Logs : Local Traffic or
[root@rajiv:Active:Standalone] log #cd /var/log/
[root@rajiv:Active:Standalone] log #cat ltm
or
root@rajiv(Active)(/Common)(tmos)#show /sys log ltm
or
root@rajiv(Active)(/Common)(tmos)#show /sys log <log> range <date range>
For example, to view ltm logs from three days ago until now, type the following command:
root@rajiv(Active)(/Common)(tmos)#show /sys log ltm range now-3d

For example, to view all ltm logs from 2019-03-05, type the following command:
root@rajiv(Active)(/Common)(tmos)#show /sys log ltm range 2019-03-05

For example, to view ltm logs from two to four days ago, type the following command:
root@rajiv(Active)(/Common)(tmos)#show /sys log ltm range now-2d--now-4d

For example, to view ltm logs from 2019-03-02 through 2019-03-05, type the following command:
root@rajiv(Active)(/Common)(tmos)#show /sys log ltm range 2019-03-02--2019-03-05

Use F5:BIGIP to Loadbalance Internet traffic:

Topology diagram:


In this example, We have Two different ISP's with public IP as follows:
ISP1: 50.1.1.1
ISP2: 100.1.1.1

In F5 BIGIP: we create two VIP's for both ISP's
VIP1 for ISP1:50.1.1.20
VIP2 for ISP2: 100.1.1.20

1.Configure ISP Vlan as shown:



2.Create Self IP's for two ISP's as shown:


3.Create Gateway pool by keeping both ISP in it member list.
under health monitors use gateway_icmp


4.Now create a default route pointing towards both the ISP's with next-hop as gateway pool



5.Create a Virtual server list with source address: <any or LAN subnets>
destination address: <any or 0.0.0.0> and apply the Pool to it.





Testing:-

Load Balance F5 BigIP :-

Topology Diagram:


R1,R2,R3 configuration:
              R1:10.1.0.11/24
              R2:10.1.0.12/24
              R3:10.1.0.13/24
              ip http server

BIG-IP Configuration:
1.Create Self-IP


2.Create Member Pool for R1,R2 and R3
Name:LAN_POOL
use Health monitors: TCP_HTTP(port:80)



STATIC
Round Robin - Evenly distributes requests to all available pool members.
Ratio - Ratio allows each server to be assigned a ratio value. This is useful for pool members that have greater or lower computing resources then others. Example : Ratio 3:2:1:1. Based upon 8 requests, 3 requests would go to 1, 2 to 2 then 1 to 1.

DYNAMIC
Least Connections - Traffic is balanced to servers with the least total of current connections.
Fastest - Connections are distributed to pool members based upon server response time.
Observed - This method is the same as ratio but the ratio is assigned by BigIP. Each ratio is calculated based upon the total number of connections currently active on each pool member. A pool member with a lower then average connection count is assigned a ratio of 3. A pool member with a higher than average count is given ratio of 2.
Predictive - Predictive is similar to observed but ratio`s are assigned using much more aggressive ratio values. A pool member with a lower then average connection count is assigned a ratio of 4. A pool member with a higher then average count is given ratio of 1.


3.Create Virtual Server
Source Address: 0.0.0.0/0 (any)
Destination Address: VIP(10.2.0.100)






Testing:-

Since we are using Load balancing method as:Round Robin






R1#debug IP http logs
R1#
*Mar  1 01:01:36.515: Fri, 01 Mar 2002 01:01:36 GMT 10.1.0.100  ok
        Protocol = HTTP/1.1 Method = GET
*Mar  1 01:01:36.515:
*Mar  1 01:01:37.207: Fri, 01 Mar 2002 01:01:37 GMT 10.1.0.100  ok
        Protocol = HTTP/1.1 Method = GET
*Mar  1 01:01:37.207:
R1#