Applies To:
Show Versions
BIG-IP versions 1.x - 4.x
- 2.1.4 PTF-01, 2.1.4, 2.1.3 PTF-04, 2.1.3 PTF-03, 2.1.3 PTF-02, 2.1.3 PTF-01, 2.1.3, 2.1.2 PTF-02, 2.1.2 PTF-01, 2.1.2, 2.1.1, 2.1.0
6
Monitoring and Administration
- Monitoring utilities provided on the BIG/ip Controller
- Using the BIG/pipe command utility as a monitoring tool
- Working with the BIG/stat utility
- Working with the BIG/top utility
- Working with the Syslog utility
- Removing and returning items to service
- Viewing system statistics and log files
- Printing the connection table
- Changing passwords for the BIG/ip Controller
- Working with the BIG/store database
Monitoring and administration utilities provided on the BIG/ip Controller
The BIG/ip platform provides several utilities for monitoring and administration of the BIG/ip Controller. You can monitor system statistics, as well as statistics specific to virtual servers and nodes, such as the number of current connections, and the number of packets processed since the last reboot.
The BIG/ip platform provides the following monitoring and configuration and administration utilities:
- BIG/pipe
If you type certain BIG/pipe commands, such as bigpipe vip or bigpipe node, and use the show keyword in the command, the command displays statistical information about the elements that you configure using that command. - BIG/stat
This utility is provided specifically for statistical monitoring of virtual servers, nodes, NATs, SNATs, and services. One benefit of using BIG/stat is that it allows you to customize the display of statistical information. - BIG/top
BIG/top provides statistical monitoring. You can set a refresh interval, and you can specify a sort order. - Syslog
Syslog is the standard UNIX system logging utility, which monitors critical system events, as well as configuration changes made on the BIG/ip Controller. - BIG/store
BIG/store is a database that contains various configuration information for the BIG/ip Controller.
Using the BIG/pipe command utility as a monitoring tool
Using the BIG/pipe utility, you can view information about the BIG/ip Controller itself, as well as elements such as virtual servers, virtual addresses, virtual ports, nodes, and node addresses. Typically, the BIG/pipe utility provides the following statistics:
- Current number of connections
- Maximum number of concurrent connections
- Total number of connections since the last system reboot
- Total number of bits (inbound, outbound, total)
- Total number of packets (inbound, outbound, total)
Monitoring the BIG/ip Controller
The bigpipe summary command displays performance statistics for the BIG/ip Controller itself. This display summary includes current usage statistics, such as the amount of time a BIG/ip Controller has been running since the last reboot. Type the following command:
bigpipe summary
The performance statistics display in the format shown in Figure 6.1 (the output has been truncated for this example).
BIG/ip total uptime = 1 (day) 4 (hr) 40 (min) 8 (sec)
BIG/ip total uptime (secs) = 103208
BIG/ip total # connections = 0
BIG/ip total # pkts = 0
BIG/ip total # bits = 0
BIG/ip total # pkts(inbound) = 0
BIG/ip total # bits(inbound) = 0
BIG/ip total # pkts(outbound) = 0
BIG/ip total # bits(outbound) = 0
BIG/ip error no nodes available = 0
BIG/ip tcp port deny = 0
BIG/ip udp port deny = 0
BIG/ip vip tcp port deny = 0
BIG/ip vip udp port deny = 0
BIG/ip max connections deny = 0
BIG/ip vip duplicate syn ssl = 0
BIG/ip vip duplicate syn wrong dest = 0
BIG/ip vip duplicate syn node down = 0
BIG/ip vip maint mode deny = 0
BIG/ip virtual addr max connections deny = 0
BIG/ip virtual path max connections deny = 0
BIG/ip vip non syn = 0
BIG/ip error not in out table = 0
BIG/ip error not in in table = 0
BIG/ip error vip fragment no port = 0
BIG/ip error vip fragment no conn = 0
BIG/ip error standby shared drop = 0
BIG/ip dropped inbound = 0
BIG/ip dropped outbound = 0
BIG/ip reaped = 0
BIG/ip ssl reaped = 0
BIG/ip persist reaped = 0
BIG/ip udp reaped = 0
BIG/ip malloc errors = 0
BIG/ip bad type = 0
BIG/ip mem pool total 96636758 mem pool used 95552 mem percent used 0.10
Figure 6.1 The BIG/pipe summary display screen
Table 6.1 contains descriptions of each individual statistic included in the summary display screen.
Viewing the status of the interface cards
The bigpipe interface command displays the current status and the settings for external and internal interface cards. You can also use the bigpipe interface command to view information for a specific interface card, using the following command syntax:
interface <ifname>
Monitoring virtual servers, virtual addresses, and services
You can use different variations of the bigpipe vip command, as well as the bigpipe port command, to monitor information about virtual servers, virtual addresses, and services managed by the BIG/ip Controller.
Displaying information about virtual servers and virtual addresses
The bigpipe vip command displays the status of virtual servers (up, down, unchecked, or disabled), the current number of connections to each virtual server, and the status of the member nodes that are included in each virtual server mapping. The status for individual member nodes includes whether the node is up, down, unchecked, or disabled, and also includes the cumulative count of packets and bits received and sent by the node on behalf of the virtual server. The BIG/ip Controller displays the statistics as shown in Figure 6.2.
bigpipe vip
VIP +------> 192.168.20.100
| (cur, max, limit, tot) = (0, 0, 0, 0)
| (pckts,bits) in = (0, 0), out = (0, 0)
+---+--> PORT 23 UP
| (cur, max, limit, tot) = (0, 0, 0, 0)
| (pckts,bits) in = (0, 0), out = (0, 0)
NODE 192.168.103.30:23 UP
| (cur, max, limit, tot) = (0, 0, 0, 0)
| (pckts,bits) in = (0, 0), out = (0, 0)
+--> PORT 21 UP
| (cur, max, limit, tot) = (0, 0, 0, 0)
| (pckts,bits) in = (0, 0), out = (0, 0)
NODE 192.168.103.30:21 UP
(cur, max, limit, tot) = (0, 0, 0, 0)
(pckts,bits) in = (0, 0), out = (0, 0)
Figure 6.2 Virtual server statistics
If you want to view statistical information about one or more specific virtual servers, simply include the virtual servers in the bigpipe vip command as shown below:
bigpipe vip <virt addr>:<port>... <virt addr>:<port>
If you want to view statistical information about traffic going to one or more virtual addresses, specify only the virtual address information in the command:
bigpipe vip <virt addr>... <virt addr>
Displaying information about services
The bigpipe port command allows you to display information about specific virtual ports managed by the BIG/ip Controller. You can use the command to display information about all virtual services, or you can specify one or more particular virtual services.
To view information about all virtual services, use the following syntax:
bigpipe port
To view statistical information about one or more specific virtual services, simply include the service names or port numbers as shown below:
bigpipe port <port>... <port>
Monitoring nodes and node addresses
The bigpipe node command displays the status of all nodes configured on the BIG/ip Controller. The information includes whether or not the specified node is up, down, disabled, or unchecked, and the number of cumulative packets and bits sent and received by each node on behalf of all virtual servers. The BIG/ip Controller displays the statistical information as shown in Figure 6.3.
bigpipe node
| NODE 192.168.103.20 UP
| (cur, max, limit, tot) = (0, 0, 0, 0)
| (pckts,bits) in = (0, 0), out = (0, 0)
+---PORT 23 UP
(cur, max, limit, tot) = (0, 0, 0, 0)
(pckts,bits) in = (0, 0), out = (0, 0)
Figure 6.3 Node statistics screen
If you want to view statistical information about one or more specific nodes, simply include the nodes in the bigpipe node command as shown below:
bigpipe node <node addr>:<port>... <node addr>:<port>
If you want to view statistical information about traffic going to one or more node addresses, specify only the node address information in the command:
bigpipe vip <node addr>... <node addr>
Monitoring NATs
The bigpipe nat show command displays the status of the NATs configured on the BIG/ip Controller. The information includes the number of cumulative packets and bits sent and received by each node on behalf of all virtual servers. Use the following command to display the status of all NATs included in the configuration:
bigpipe nat show
Use the following syntax to display the status of one or more selected NATs:
bigpipe nat <node addr> [...<node addr>] show
An example of the output for this command is in Figure 6.4.
NAT { 10.10.10.3 to 9.9.9.9 }
(pckts,bits) in = (0, 0), out = (0, 0)
NAT { 10.10.10.4 to 12.12.12.12
netmask 255.255.255.0 broadcast 12.12.12.255 }
(pckts,bits) in = (0, 0), out = (0, 0)
Monitoring SNATs
The bigpipe snat show command displays the status of the SNATs configured on the BIG/ip Controller. The information includes connections and global SNAT settings. Use the following bigpipe command to show SNAT mappings:
bigpipe snat [<SNAT addr>] [...<SNAT addr>] show
bigpipe snat show
Use the following command to show the current SNAT connections:
bigpipe snat [<SNAT addr>] [...<SNAT addr>] dump [ verbose ]
bigpipe snat dump [ verbose ]
The optional verbose keyword provides more detailed output.
The following command prints the global SNAT settings:
bigpipe snat globals show
Working with the BIG/stat utility
BIG/statTM is a utility that allows you to quickly view the status of the following elements:
- Virtual servers
- Services
- Nodes
- Network address translations (NATs)
You can customize the BIG/stat utility statistics display. For example, you can customize your output to display statistics for a single element, or for selected elements. You can set the display to automatically update at time intervals you specify.
The bigstat command accepts one or more options, which allow you to customize the statistical display. When you use the bigstat command without specifying any options, the BIG/stat utility displays the list of virtual servers, services, nodes, NATs, and SNATs only one time. The basic command syntax is:
bigstat [ options...]
The following table, Table 6.2, describes the options that you can use in the bigstat command.
Working with the BIG/top utility
BIG/topTM is a real-time statistics display utility. The display shows the date and time of the latest reboot and lists activity in bits, bytes, or packets. Similar to BIG/stat, the BIG/top utility accepts options which allow you to customize the display of information. For example, you can set the interval at which the data is refreshed, and you can specify a sort order. The BIG/top displays the statistics as shown in the following figure, Figure 6.5.
| bits since | bits in prior | current
| Nov 28 18:47:50 | 3 seconds | time
BIG/ip ACTIVE |---In----Out---Conn-|---In----Out---Conn-| 00:31:59
227.19.162.82 1.1G 29.6G 145 1.6K 0 0
VIP ip:port |---In----Out---Conn-|---In----Out---Conn-|-Nodes Up--
217.87.185.5:80 1.0G 27.4G 139.6K 1.6K 0 0 2
217.87.185.5:20 47.5M 2.1G 3.1K 0 0 0 2
217.87.185.5:20 10.2M 11.5M 2.6K 0 0 0 2
NODE ip:port |---In----Out---Conn-|---In----Out---Conn-|--State----
129.186.40.17:80 960.6M 27.4G 69.8K 672 0 0 UP
129.186.40.17:20 47.4M 2.1G 3.1K 0 0 0 UP
129.186.40.18:80 105.3M 189.0K 69.8K 1.0K 0 0 UP
129.186.40.17.21 9.4M 11.1M 1.3K 0 0 0 UP
129.186.40.18:21 700.8K 414.7K 1.3K 0 0 0 UP
129.186.40.18:20 352 320 1 0 0 0 UP
Figure 6.5 The BIG/top screen display
Using BIG/top command options
The bigtop command uses the syntax below, and it supports the options outlined in Table 6.3:
bigtop [options...]
Using runtime commands in BIG/top
Unless you specified the -once option, the BIG/top utility continually updates the display at the rate indicated by the -delay option, and you can also use the following runtime options at any time:
- The u option cycles through the display modes; bits, bytes, and packets.
- The q option quits the BIG/top utility.
Working with the Syslog utility
The BIG/ip Controller supports logging via the Syslog utility. The logs are generated automatically, and saved in user-specified files. These logs contain all changes made to the BIG/ip Controller configuration, such as those made with the bigpipe vip command, or other BIG/pipe commands, as well as all critical events that occur in the system.
Note: You can configure the Syslog utility to send email or activate pager notification based on the priority of the logged event.
The Syslog log files track system events based on information defined in the /etc/syslog.conf file. You can view the log files in a standard text editor, or with the less file page utility.
Sample log messages
The following sample log messages give you an idea of how the Syslog utility tracks events that are specific to the BIG/ip Controller.
Removing and returning items to service
Once you have completed the initial configuration on the BIG/ip Controller, you may want to temporarily remove specific items from service for maintenance purposes. For example, if a specific network server needs to be upgraded, you may want to disable the nodes associated with that server, and then enable them once you finish installing the new hardware and bring the server back online.
If you specifically disable the nodes associated with the server, the BIG/ip Controller allows the node to go down only after all the current connections are complete. During this time, the BIG/ip Controller does not attempt to send new connections to the node. Although the BIG/ip Controller's monitoring features would eventually determine that the nodes associated with the server are down, specifically removing the nodes from service prevents interruptions on client connections.
You can remove the entire BIG/ip Controller from service, or you can remove the following individual items from service:
- Virtual servers
- Virtual addresses
- Virtual ports
- Nodes
- Node addresses
Removing the BIG/ip Controller from service
The BIG/ip platform offers a Maintenance mode, which allows you to remove the BIG/ip Controller from network service. This is useful if you want to perform hardware maintenance, or make extensive configuration changes. When you activate Maintenance mode, the BIG/ip Controller no longer accepts connections to the virtual servers it manages. However, the existing connections are allowed to finish processing so that current clients are not interrupted.
The bigpipe maint command toggles the BIG/ip Controller into or out of Maintenance mode. The command syntax is simply:
bigpipe maint
If the BIG/ip Controller runs in Maintenance mode for less than 20 minutes and you return the machine to the normal service, the BIG/ip Controller quickly begins accepting connections. However, if the BIG/ip Controller runs in Maintenance mode for more than 20 minutes, returning the Controller to service involves updating all network ARP caches. This process can take a few seconds, but you can speed the process up by reloading the /etc/bigip.conf file using the following command:
bigpipe -f /etc/bigip.conf
Removing individual virtual servers, virtual addresses, and ports from service
The BIG/ip Controller also supports taking only selected virtual servers, addresses, or ports out of service, rather than removing the BIG/ip Controller itself from service. Each BIG/pipe command that defines virtual servers and their components supports enable and disable keywords, which allow you to remove or return the elements from service.
When you remove a virtual address or a virtual port from service, it affects all virtual servers associated with the virtual address or virtual port. Similarly, if you remove a node address from service, it affects all nodes associated with the node address.
Enabling and disabling virtual servers and virtual addresses
The bigpipe vip command allows you to enable or disable individual virtual servers, as well as virtual addresses. To enable or disable a virtual server, type the appropriate command:
bigpipe vip <virtual addr>:<virtual port> enable
bigpipe vip <virtual addr>:<virtual port> disable
To enable or disable a virtual address, type the appropriate command:
bigpipe vip <virtual addr> enable
bigpipe vip <virtual addr> disable
Enabling and disabling virtual ports
The bigpipe port command allows you to allow or deny traffic on a virtual port:
bigpipe port <virtual port> enable
bigpipe port <virtual port> disable
Removing individual nodes and node addresses from service
Enabling and disabling nodes and node addresses
The bigpipe node command allows you to enable or disable individual nodes, as well as node addresses.
To enable or disable a node, type the appropriate command:
bigpipe node <node addr>:<node port> enable
bigpipe node <node addr>:<node port> disable
To enable or disable a node address, type the appropriate command:
bigpipe node <node addr> enable
bigpipe node <node addr> disable
Viewing the currently defined virtual servers and nodes
When used without any parameters, BIG/pipe commands typically display currently configured elements. For example, the bigpipe vip command displays all currently defined virtual servers, and the bigpipe node command displays all nodes currently included in virtual server mappings. The following sections provide BIG/pipe command syntax associated with configuration. For information about using BIG/pipe commands for monitoring your existing system, refer to Appendix B, BIG/pipe commands.
Viewing system statistics and log files
The F5 Configuration utility allows you to view a variety of system statistics and system log files. Note that from each statistics screen, you can access property settings for individual virtual servers, nodes, IP addresses, and ports by selecting the individual item in the statistics table.
Viewing system statistics
The F5 Configuration utility allows you to view the following statistical information:
- BIG/ip system statistics, including the elapsed time since the last system reboot, the number of packets and connections handled by the system, and the number of dropped connections.
- Virtual servers, including virtual servers, virtual address only, or virtual ports only.
- Nodes, including nodes, node addresses only, or node ports only.
- NAT statistics, such as the number of packets handled by each NAT.
- SNAT statistics, such as SNAT mappings.
- IP filter statistics, including the number of packets accepted and rejected by individual IP filters.
- Rate filter statistics, including the number of bits passed through, delayed, and dropped by individual rate filters.
- Information about illegal connection attempts, such as the source IP addresses from which the illegal connection is initiated.
Statistics are displayed in real-time. You can specify the update frequency by setting an interval (in seconds), and then clicking Update.
Viewing log files
The F5 Configuration utility allows you to display three different log files:
- The BIG/ip system log, which displays standard UNIX system events
- The BIG/ip log, which displays information specific to BIG/ip events, such as defining a virtual server
- The Pinger log, which displays status information determined by each node ping issued by the BIG/ip Controller
Printing the connection table
The BIG/pipe command line utility also offers a useful diagnostic tool that prints the list of current connections. Normally, the bigpipe dt command prints the client, virtual server, and node addresses. In Transparent Node Mode, the bigpipe dt command also prints the final destination address.
Changing passwords for the BIG/ip Controller
During the First-Time Boot utility, you define a password that allows remote access to the BIG/ip Controller, and you also define a password for the BIG/ip web server. You can change these passwords at any time.
Changing the BIG/ip Controller password
- At the BIG/ip Controller command line prompt, log on as root user and use the passwd command.
- At the password prompt, enter the password you want to use for the BIG/ip Controller and press Return.
- To confirm the password, retype it and press Return.
Changing passwords and adding new user IDs for the BIG/ip web server
You can create new users for the BIG/ip web server, change a password for an existing user, or recreate the password file altogether, without actually going through the BIG/ip web server configuration process.
Creating new users and changing passwords for existing users
The following command creates a new user ID, or changes the password for an existing user ID. In place of the <username> parameter, enter the user ID for which you want to create a password:
/var/f5/httpd/bin/htpasswd /var/f5/httpd/basicauth/users \ <username>
Once you enter the command, you are prompted to enter the new password for the named user.
Creating a new password file
The following command recreates the BIG/ip web server password file, and defines one new user ID and password. In place of the <username> parameter, enter the user ID that you want to create:
/var/f5/httpd/bin/htpasswd -c /var/f5/httpd/basicauth/users \ <username>
Once you enter the command, you are prompted to enter the new password for the named user.
Working with the BIG/store database
The BIG/storeTM database holds certain configuration information for the BIG/ip Controller. Two utilities currently use the configuration stored in BIG/store: the State Mirroring daemon and sod. The bigdba utility is provided for loading configuration information into BIG/store. An additional default.txt file is included with the BIG/ip Controller which contains default information you can load into the BIG/store database.
Using bigdba
Use the bigdba utility to modify the BIG/store database. The bigdba utility allows you to create a database and insert and modify keys and values. All values are entered into BIG/store as strings.
Accessing and modifying the default database
The default BIG/store database is created when you run the First-Time Boot utility. To use bigdba from the command line run bigdba with the name of the database.
bigdba /var/f5/bigdb/user.db
Database "/var/f5/bigdb/user.db" opened.
Using bigdba commands
Table 6.5 describes the commands you can use in bigdba.
Working with the default.txt file
The default.txt file documents the keys that are valid in the BIG/store database. This file is located at /var/f5/bigdb/default.txt. This text file, which can be loaded with the bigdba program, contains all the possible database keys, comments that document these keys, and the default values used by programs that run on the BIG/ip Controller.
Note: The values in the default.txt file are default values, several of the keys listed are not present in the BIG/store database.
The default.txt file is intended to serve as documentation only. Some of the records, such as those that represent IP addresses and port numbers, need to be set to values other than the default values for the system to work.
If you want to load default.txt into the BIG/store database, it is recommended that you dump the existing database to another text file. Make a copy of default.txt, and then edit the copy so that the records which are present in your dump file match the values contained in the default.txt file. After the values match, you can load the edited copy of default.txt.
Supported configuration options
Currently, the only configuration options supported by BIG/store are network-based fail-over and state mirroring for fail-over. For information about setting up network-based fail-over, see Using network-based fail-over, on page 5-25. For information about setting up state mirroring, see Mirroring connection and persistence information, on page 5-20