11

Monitoring and Administration

• Monitoring and administration utilities
• Using the bigpipe utility as a monitoring tool
• Using the Configuration utility for administration and monitoring
• Working with the BIG/top utility
• Working with the Syslog utility
• Powering down the BIG-IP
• Removing and returning items to service
• Viewing system statistics and log files
• Printing the connection table
• Changing passwords
• Working with the BIG/db database
• Working with the BIG/stat utility

Monitoring and administration utilities

The BIG-IP platform provides several utilities for monitoring and administration of the BIG-IP. You can monitor system statistics, as well as statistics specific to virtual servers and nodes, such as the number of current connections, and the number of packets processed since the last reboot.

The BIG-IP platform provides the following monitoring and configuration and administration utilities:

• bigpipe
  If you type certain bigpipe commands, such as bigpipe virtual or bigpipe node, and use the show keyword in the command, the command displays statistical information about the elements that you configure using that command. You can also use bigpipe commands to selectively reset any statistic collected by the BIG-IP.
• The Configuration utility
  You can use the Configuration utility to configure any feature on the BIG-IP. You can reset any statistic, or all statistics, for virtual servers, nodes, NATs, and SNATs in the Configuration utility.
• BIG/stat
  This utility is provided specifically for statistical monitoring of virtual servers, nodes, NATs, SNATs, and services. One benefit of using BIG/stat is that you customize the display of statistical information.
• BIG/top
  BIG/top provides statistical monitoring. You can set a refresh interval, and you can specify a sort order.
• Syslog
  Syslog is the standard UNIX system logging utility, which monitors critical system events, as well as configuration changes made on the BIG-IP.
• BIG/db
  BIG/db is a database that contains various configuration information for the BIG-IP.

Using the bigpipe utility as a monitoring tool

Using the bigpipe utility, you can view information about the BIG-IP itself, as well as elements such as virtual servers, virtual addresses, virtual ports, nodes, and node addresses. Typically, the bigpipe utility provides the following statistics:

• Current number of connections
• Maximum number of concurrent connections
• Total number of connections since the last system reboot
• Total number of bits (inbound, outbound, total)
• Total number of packets (inbound, outbound, total)

Monitoring the BIG-IP

The bigpipe summary command displays performance statistics for the BIG-IP itself. This display summary includes current usage statistics, such as the amount of time a BIG-IP has been running since the last reboot. To display a summary of the performance statistics for the BIG-IP, type the following command:

b summary

The performance statistics display in the format shown in Figure 11.1 (the output has been truncated for this example).

Figure 11.1 The bigpipe summary display screen

 BIG-IP total uptime           = 1 (day) 4 (hr) 40 (min) 8 (sec)
BIG-IP total uptime (secs)    = 103208
BIG-IP total # connections    = 0
BIG-IP total # pkts           = 0
BIG-IP total # bits           = 0
BIG-IP total # pkts(inbound)  = 0
BIG-IP total # bits(inbound)  = 0
BIG-IP total # pkts(outbound) = 0
BIG-IP total # bits(outbound) = 0
BIG-IP error no nodes available          = 0
BIG-IP tcp port deny                     = 0
BIG-IP udp port deny                     = 0
BIG-IP virtual tcp port deny             = 0
BIG-IP virtual udp port deny             = 0
BIG-IP max connections deny              = 0
BIG-IP virtual duplicate syn ssl         = 0
BIG-IP virtual duplicate syn wrong dest  = 0
BIG-IP virtual duplicate syn node down   = 0
BIG-IP virtual maint mode deny           = 0
BIG-IP virtual addr max connections deny = 0
BIG-IP virtual path max connections deny = 0
BIG-IP virtual non syn                   = 0
BIG-IP error not in out table            = 0
BIG-IP error not in in table             = 0
BIG-IP error virtual fragment no port    = 0
BIG-IP error virtual fragment no conn    = 0
BIG-IP error standby shared drop         = 0
BIG-IP dropped inbound                   = 0
BIG-IP dropped outbound                  = 0
BIG-IP reaped                            = 0
BIG-IP ssl reaped                        = 0
BIG-IP persist reaped                    = 0
BIG-IP udp reaped                        = 0
BIG-IP malloc errors                     = 0
BIG-IP bad type                          = 0
BIG-IP mem pool total 96636758 mem pool used 95552 mem percent used   0.10  

Table 11.1 contains descriptions of each individual statistic included in the summary display screen.

bigpipe monitoring statistics

Statistic	Description
total uptime	Total time elapsed since the BIG-IP was last booted.
total uptime (secs)	Total uptime displayed in seconds.
total # connections	Total number of connections handled.
total # pkts	Total number of packets handled.
total # bits	Total number of bits handled.
total # pkts (inbound)	Total number of incoming packets handled.
total # bits (inbound)	Total number of incoming bits handled.
total # pkts (outbound)	Total number of outgoing packets handled.
total # bits (outbound)	Total number of outgoing bits handled.
error no nodes available	The number of times the BIG-IP tried to make a connection to a node, but no nodes were available.
tcp port deny	The number of times a client attempted to connect to an unauthorized TCP port on the BIG-IP (unauthorized port and source IP are logged in the syslog).
udp port deny	The number of times a client attempted to connect to an unauthorized UDP port on the BIG-IP (unauthorized port and source IP are logged in the syslog).
virtual tcp port deny	The number of times a client attempted to connect to an unauthorized TCP port on a virtual address (unauthorized port and source IP are logged in the syslog).
virtual udp port deny	The number of times a client attempted to connect to an unauthorized UDP port on a virtual address (unauthorized port and source IP are logged in the syslog).
max connections deny	The total number of connections denied because the maximum number of connections allowed was exceeded.
virtual duplicate syn ssl	The number of duplicate connection attempts to existing SSL connections from the same client.
virtual duplicate syn wrong dest	The number of duplicate connection attempts from the same client (address and port combination) to a different virtual server.
virtual duplicate syn node down	The number of duplicate connection attempts to a server that is down when a connection to the server was made previously.
virtual maint mode deny	The number of times a connection to a virtual server was denied while the BIG-IP is in maintenance mode.
virtual addr max connections deny	The number of virtual address connections dropped because the maximum number of connections was exceeded.
virtual path max connections deny	The number of virtual path connections dropped because the maximum number of connections was exceeded.
virtual non syn	The number of packets received which are not connection requests, and are destined to a virtual address, but not a valid virtual server (port).
error virtual fragment no port	The number of IP fragments for which there is no port.
error virtual fragment no conn	The number of IP fragments for which there is no connection.
error standby shared drop	The number of packets destined to the shared IP address in a redundant system that are received and ignored by the standby system.
dropped inbound	The total number of inbound packets dropped by the BIG-IP.
dropped outbound	The total number of outbound packets dropped by the BIG-IP.
reaped	The total number of connections that timed-out, and are deleted by the BIG-IP.
ssl reaped	The total number of SSL session ID records that timed-out, and were closed by the BIG-IP.
persist reaped	The total number of persistence records that timed-out, and were closed by the BIG-IP.
udp reaped	The total number of UDP connections that timed-out, and were closed by the BIG-IP.
malloc errors	The number of times a connection could not be created because the system is low on memory.
mem pool total	The total amount of memory available in all combined memory pools.
mem pool used	The total amount of memory, in all combined memory pools, in use by the BIG-IP.
mem percent used	The total percentage of memory in use by all combined memory pools.

Resetting statistics on the BIG-IP

The bigpipe commands allow you to selectively reset any statistic on the BIG-IP. The statistics you can reset selectively include:

• Virtual address
• Virtual server
• Node address
• Node server
• Virtual port
• Network address translations (NATs)
• Secure network address translations (SNATs)
• Global statistics

When you reset one of these items, the packets in, packets out, bytes in, and bytes out counters of the target item are reset to zero. The maximum connection count counter is also reset. The current connections counter is not reset, and the total connections counter is set equal to the number of current connections.

Note: The statistics are reset for the specified items only. Statistics for dependent items, such as node servers for a given virtual address, are not modified by these commands. The only exception is the global statistics reset option which resets traffic statistics for all items. After an item-level reset, statistics for all other dependent items do not add up.

You can create an audit trail for reset events by setting an optional system control variable. You can set this variable to generate a syslog log entry. To set this variable, type the following command:

b internal set verbose_log_level=4

To reset statistics for virtual servers and virtual addresses

Use the following syntax to reset statistics for the virtual address specified by the IP address <virtual ip>.

b virtual <virtual_ip> stats reset

For example, if you want to reset statistics for the virtual address 172.20.1.100, type the following command:

b virtual 172.20.1.100 stats reset

If you want to reset statistics for a list of virtual addresses, type the command with a list of addresses separated by spaces:

b virtual 172.20.1.100 172.20.1.101 172.20.1.102 stats reset

If you want to reset statistics for all virtual servers, use the following command:

b virtual stats reset

Use the following syntax to reset statistics for the virtual server IP:port combination <virtual_ip>:<port>.

b virtual <virtual_ip>:<port> stats reset

For example, if you want to reset statistics for the virtual address/port combination 172.20.1.100:80, type the following command:

b virtual 172.20.1.100:80 stats reset

If you want to reset statistics for a list of virtual address/port combinations, type the command with the list of addresses separated by spaces:

b virtual 172.20.1.100:80 172.20.1.100:23 172.20.1.101:80 stats reset

To reset statistics for node servers and node addresses

Use the following syntax to reset statistics for all node addresses and node servers:

b node stats reset

You can reset statistics for the node address specified by the IP address <node_ip>:

b node <node_ip> stats reset

For example, to reset the statistics for the node address 10.1.1.1, use the following syntax:

b node 10.1.1.1 stats reset

If you want to reset statistics for a list of node addresses, type the command with the list of addresses separated by spaces:

b node 10.1.1.1 10.1.1.2 10.1.1.3 stats reset

Use the following syntax to reset statistics for the node server specified by the IP:port combination <node_ip>:<port>:

b node <node_ip>:<port> stats reset

For example, to reset the statistics for the node server 10.1.1.1:80, use the following syntax:

b node 10.1.1.1:80 stats reset

If you want to reset statistics for a list of node server addresses, type the command with the list of addresses separated by spaces:

b node 10.1.1.1:80 10.1.1.2:23 stats reset

To reset statistics for virtual ports

Use the following syntax to reset statistics for all virtual ports:

b service stats reset

Use the following syntax to reset statistics for the virtual port <port>. You can specify a list of virtual ports separated by spaces:

b service <port> stats reset

For example, to reset the statistics for the virtual port 80, use the following command:

b service 80 stats reset

To reset the statistics for a list of virtual ports, use the following syntax:

b service 23 80 443 stats reset

To reset statistics for network address translations (NATs)

Use the following syntax to reset statistics for all NATs:

b nat stats reset

Use the following syntax to reset statistics for the NAT for the IP address <orig_ip>.

b nat <orig_ip> stats reset

For example, to reset the statistics for the NAT 172.20.3.101, use the following command:

b nat 172.20.3.101 stats reset

To reset the statistics for a list of origin IPs, use the following command where addresses are separated by spaces:

b nat 172.20.3.101 172.20.3.102 stats reset

To reset statistics for secure network address translations (SNATs)

Use the following syntax to reset statistics for all SNATs:

b snat stats reset

Use the following syntax to reset statistics for the SNAT for IP address <snat_ip>:

b snat <snat_ip> stats reset

For example, to reset the statistics for the SNAT 172.20.3.101, use the following command:

b snat 172.20.3.101 stats reset

To reset the statistics for a list of SNAT origin addresses, use the following command where addresses are separated by spaces:

b snat 172.20.3.101 172.20.3.102 stats reset

To reset global statistics

Use the following command to reset all statistics for all items:

b global stats reset

To reset any statistic in the Configuration utility

A Reset button is located in the Configuration utility in each of the following tables:

• Virtual address
• Virtual server
• Node address
• Node server
• Virtual port
• Network address translations (NATs)
• Global statistics

To reset a statistic for a particular item, click the Reset button next to the item in one of these tables.

Monitoring virtual servers, virtual addresses and services

You can use different variations of the bigpipe virtual command, as well as the bigpipe port command, to monitor information about virtual servers, virtual addresses, and services managed by the BIG-IP.

Displaying information about virtual servers and virtual addresses

The bigpipe virtual command displays the status of virtual servers (up, down, unchecked, or disabled), the current number of connections to each virtual server, and the status of the member nodes that are included in each virtual server mapping. The status for individual member nodes includes whether the node is up, down, unchecked, or disabled and also includes the cumulative count of packets and bits received and sent by the node on behalf of the virtual server. The BIG-IP displays the statistics as shown in Figure 11.2.

Figure 11.2 Virtual server statistics

 virtual +------> 11.11.11.50         UNIT 1     
       |            (cur, max, limit, tot) = (0, 8, 0, 370)    
       |            (pckts,bits) in = (10704, 8744872), out = (21480, 230874016)    
       +---+--> PORT http                 UP           
           |        (cur, max, limit, tot) = (0, 8, 0, 370)    
           |        (pckts,bits) in = (10704, 8744872), out = (21480, 230874016)    
           POOL appgen_11.11.11.50.80    
           MEMBER 11.12.11.100:http       UP       
                    (cur, max, limit, tot) = (0, 8, 0, 370)    
                    (pckts,bits) in = (10704, 8744872), out = (21480, 230874016)    
       
   virtual +------> 11.11.11.101        UNIT 1     
       |            (cur, max, limit, tot) = (0, 2, 0, 4)    
       |            (pckts,bits) in = (4532, 2090768), out = (6824, 82113984)    
       +---+--> PORT http                 UP           
           |        (cur, max, limit, tot) = (0, 2, 0, 4)    
           |        (pckts,bits) in = (4532, 2090768), out = (6824, 82113984)    
           POOL my_website_pool    
           MEMBER 11.12.11.100:http       UP       
                    (cur, max, limit, tot) = (0, 2, 0, 4)    
                    (pckts,bits) in = (4532, 2090768), out = (6824, 82113984)  

If you want to view statistical information about one or more specific virtual servers, simply include the virtual servers in the bigpipe virtual show command as shown below:

b virtual <virt addr>:<port> ... <virt addr>:<port> show

If you want to view statistical information about traffic going to one or more virtual addresses, specify only the virtual address information in the command:

b virtual <virt addr> ... <virt addr> show

Displaying information about services

The bigpipe port show command allows you to display information about specific virtual ports managed by the BIG-IP. You can use the command to display information about all virtual services, or you can specify one or more particular virtual services.

To view information about all virtual services, use the following syntax:

b service show

To view statistical information about one or more specific virtual services, simply include the service names or port numbers as shown below:

b service <port> ... <port> show

Monitoring nodes and node addresses

The bigpipe node command displays the status of all nodes configured on the BIG-IP. The information includes whether the specified node is up, down, disabled, or unchecked, and the number of cumulative packets and bits sent and received by each node on behalf of all virtual servers. The BIG-IP displays the statistical information as shown in Figure 11.3.

Figure 11.3 Node statistics screen

 NODE 11.12.11.100      UP       
   |        (cur, max, limit, tot) = (0, 8, 0, 374)    
   |        (pckts,bits) in = (15236, 10835640), out = (28304, 312988000)    
   +-     PORT http       UP    
            (cur, max, limit, tot) = (0, 8, 0, 374)    
            (pckts,bits) in = (15236, 10835640), out = (28304, 312988000)  

If you want to view statistical information about one or more specific nodes, simply include the nodes in the bigpipe node show command as shown below:

b node <node addr>:<port> ... <node addr>:<port> show

If you want to view statistical information about traffic going to one or more node addresses, specify only the node address information in the command:

b node <node addr> ... <node addr> show

Monitoring NATs

The bigpipe nat show command displays the status of the NATs configured on the BIG-IP. The information includes the number of cumulative packets and bits sent and received by each NAT.

To display NAT status from the command line

Use the following command to display the status of all NATs included in the configuration:

b nat show

Use the following syntax to display the status of one or more selected NATs:

b nat <node addr> [...<node addr>] show

An example of the output for this command is shown in Figure 11.4.

Figure 11.4 NAT statistics

 NAT { 10.10.10.3 to 9.9.9.9 }    
   	  (pckts,bits) in = (0, 0), out = (0, 0)    
   NAT { 10.10.10.4 to 12.12.12.12     
   	 netmask 255.255.255.0 broadcast 12.12.12.255 }    
   	  (pckts,bits) in = (0, 0), out = (0, 0)  

Monitoring SNATs

The bigpipe snat show command displays the status of the SNATs configured on the BIG-IP. The information includes connections and global SNAT settings.

To show SNAT details from the command line

Use the following bigpipe command to show SNAT mappings:

b snat [<SNAT addr>] [...<SNAT addr>] show

b snat show

Use the following command to show the current SNAT connections:

b snat [<snat_ip>...] dump [ verbose ]

b snat dump [ verbose ]

The optional verbose keyword provides more detailed output.

The following command prints the global SNAT settings:

b snat globals show

Viewing the status of the interface cards

The bigpipe interface command displays the current status and the settings for external and internal interface cards. You can also use the bigpipe interface command to view information for a specific interface card, using the following command syntax:

b interface <ifname> -show

Using the Configuration utility for administration and monitoring

You can use the Configuration utility System Admin screen to add users, customize the user interface, configure SNMP, and save and restore a current configuration.

You can use the Configuration utility to allow access to the SNMP agent and to set SNMP properties. For more information on configuring SNMP, refer to Chapter 8, Configuring SNMP.

Adding a user

You can add a user to the BIG-IP using the Configuration utility.

To add a user to the BIG-IP using the Configuration utility

1. In the navigation pane, click System Admin.
   The System Admin tabs appear.
2. Click the User Administration tab.
   The Add User screen opens. This screen contains a list of current users.
3. In the appropriate field, type the User ID, password, and access level for the user.
   For more information on the Add User screen, click the Help button.

Customizing the Configuration utility

You can customize the appearance of the Configuration utility.

To customize the Configuration utility

1. In the navigation pane, click System Admin.
   The System Admin tabs appear.
2. Click the Web UI Administration tab.
   The WEB UI Administration screen opens.
3. Select the options you want to configure.
   For more information about the options available on this screen, click the Help button.

Configuring SNMP

For information on configuring SNMP, refer to Chapter 8, Configuring SNMP.

Working with the BIG/top utility

BIG/top^TM is a real-time statistics display utility. The display shows the date and time of the latest reboot and lists activity in bits, bytes, or packets. Similar to BIG/stat, the BIG/top utility accepts options which allow you to customize the display of information. For example, you can set the interval at which the data is refreshed, and you can specify a sort order. The BIG/top displays the statistics as shown in Figure 11.5, following.

Figure 11.5 The BIG/top screen display

                    |  bits  since       |  bits in prior     |   current    
                      |  Nov 28 18:47:50   |  3 seconds         |   time    
   BIG-IP      ACTIVE |---In----Out---Conn-|---In----Out---Conn-|   00:31:59    
   227.19.162.82          1.1G  29.6G 145     1.6K     0      0    
       
   virtual ip:port        |---In----Out---Conn-|---In----Out---Conn-|-Nodes Up--    
   217.87.185.5:80       1.0G  27.4G 139.6K   1.6K     0      0       2    
   217.87.185.5:20      47.5M  2.1G    3.1K     0      0      0       2    
   217.87.185.5:20      10.2M 11.5M    2.6K     0      0      0       2    
       
   NODE  ip:port      |---In----Out---Conn-|---In----Out---Conn-|--State----    
   129.186.40.17:80    960.6M  27.4G  69.8K   672      0      0      UP    
   129.186.40.17:20     47.4M   2.1G   3.1K     0      0      0      UP    
   129.186.40.18:80    105.3M 189.0K  69.8K   1.0K     0      0      UP    
   129.186.40.17.21      9.4M  11.1M   1.3K     0      0      0      UP    
   129.186.40.18:21    700.8K 414.7K   1.3K     0      0      0      UP    
   129.186.40.18:20      352    320      1      0      0      0      UP  

Using BIG/top command options

The bigtop command supports the options and syntax outlined in Table 11.2:

bigtop [options...]

BIG/top command options

Option	Description
-bytes	Displays counts in bytes (the default is bits).
-conn	Sorts by connection count (the default is to sort by byte count).
-delay <value>	Sets the interval at which data is refreshed (the default is four seconds).
-delta	Sorts by count since last sample (the default is to sort by total count).
-help	Displays BIG/top help.
-nodes <value>	Sets the number of nodes to print (the default is to print all nodes).
-nosort	Disables sorting.
-once	Prints the information once and exits.
-pkts	Displays the counts in packets (the default is bits).
-scroll	Disables full-screen mode.
-virtuals <value>	Sets the number of virtual servers to print (the default is to print all virtual servers).

Using runtime commands in BIG/top

Unless you specified the -once option, the BIG/top utility continually updates the display at the rate indicated by the -delay option. You can also use the following runtime options at any time:

• The u option cycles through the display modes: bits, bytes, and packets.
• The q option quits the BIG/top utility.

Working with the Syslog utility

The BIG-IP supports logging using the Syslog utility. The logs are generated automatically, and saved in user-specified files. These logs contain all changes made to the BIG-IP configuration, such as those made with the bigpipe virtual command, or other bigpipe commands, as well as all critical events that occur in the system.

Note: You can configure the Syslog utility to send email or activate pager notification based on the priority of the logged event.

The Syslog log files track system events based on information defined in the /etc/syslog.conf file. You can view the log files in a standard text editor, or with the less file page utility.

Sample log messages

Table 11.3 shows sample log messages to give you an idea of how the Syslog utility tracks events that are specific to the BIG-IP.

Sample Syslog messages

Sample message	Description
bigd: allowing connections on port 20	A user specifically allowed connections on virtual port 20.
bigd: node 192.168.1.1 detected up	The 192.168.1.1 node address was successfully pinged by the BIG-IP.
bigd: added service port 20 to node 192.168.1.1	A user defined a new node, 192.168.1.1:20.
kernel: security: port denial 207.17.112.254:4379 -> 192.168.1.1:23	A client was denied access to a specific port. The client is identified as coming from 207.17.112.254:4379, and the destination node is 192.168.1.1:23.

Powering down the BIG-IP

If you want to power down, or turn off, the BIG-IP you need to complete two tasks. The first task is to shut down the BIG-IP software. After you shut down the BIG-IP software, you can turn the power to the system off.

To shut down the BIG-IP software from the command line

To complete the first task to shut down the BIG-IP software, type the following command:

halt

After the system halts, you can turn the power to the system off.

Removing and returning items to service

Once you have completed the initial configuration on the BIG-IP, you may want to temporarily remove specific items from service for maintenance purposes. For example, if a specific network server needs to be upgraded, you may want to disable the nodes associated with that server, and then enable them once you finish installing the new hardware and bring the server back online.

If you specifically disable the nodes associated with the server, the BIG-IP allows the node to go down only after all the current connections are complete. During this time, the BIG-IP does not attempt to send new connections to the node. Although the BIG-IP monitoring features would eventually determine that the nodes associated with the server are down, specifically removing the nodes from service can prevent interruptions on long duration client connections.

You can remove the entire BIG-IP from service, or you can remove the following individual items from service:

• Virtual servers
• Virtual addresses
• Virtual ports
• Nodes
• Node addresses

Removing the BIG-IP from service

The BIG-IP platform offers a Maintenance mode, which allows you to remove the BIG-IP from network service. This is useful if you want to perform hardware maintenance, or make extensive configuration changes. When you activate Maintenance mode, the BIG-IP no longer accepts connections to the virtual servers it manages. However, the existing connections are allowed to finish processing so that current clients are not interrupted.

The bigpipe maint command toggles the BIG-IP into or out of Maintenance mode. Use the following command to put the BIG-IP in maintenance mode:

b maint

If the BIG-IP runs in Maintenance mode for less than 20 minutes and you return the machine to the normal service, the BIG-IP quickly begins accepting connections. However, if the BIG-IP runs in Maintenance mode for more than 20 minutes, returning the unit to service involves updating all network ARP caches. This process can take a few seconds, but you can speed the process up by reloading the /config/bigip.conf file using the following command:

b -f /config/bigip.conf

To activate maintenance mode using the Configuration utility

1. In the navigation pane, click System.
   The Network Map screen opens.
2. Click the Properties tab.
   The Properties screen opens.
3. Check the Maintenance Mode box.
4. Click the Apply button.

Removing individual virtual servers, virtual addresses, and ports from service

The BIG-IP also supports taking only selected virtual servers, addresses, or ports out of service, rather than removing the BIG-IP itself from service. Each bigpipe command that defines virtual servers and their components supports enable and disable keywords, which allow you to remove or return the elements from service.

When you remove a virtual address or a virtual port from service, it affects all virtual servers associated with the virtual address or virtual port. Similarly, if you remove a node address from service, it affects all nodes associated with the node address.

Enabling and disabling virtual servers and virtual addresses

The bigpipe virtual command allows you to enable or disable individual virtual servers, as well as virtual addresses.

To enable or disable a virtual server from the command line

To enable or disable a virtual server, type the appropriate command:

b virtual <virtual addr>:<virtual port> enable

b virtual <virtual addr>:<virtual port> disable

To enable or disable a virtual address, type the appropriate command:

b virtual <virtual addr> enable

b virtual <virtual addr> disable

Enabling and disabling virtual ports

The bigpipe port command allows you to allow or deny traffic on a virtual port.

To allow or deny traffic on a virtual port from the command line

Use the following syntax to allow or deny traffic on a virtual port.

b service <virtual port> enable

b service <virtual port> disable

Removing individual nodes and node addresses from service

You can enable or disable individual and node addresses from the command line.

To enable and disable nodes and node addresses from the command line

The bigpipe node command allows you to enable or disable individual nodes, as well as node addresses.

To enable or disable a node, type the appropriate command:

b node <node addr>:<node port> enable

b node <node addr>:<node port> disable

To enable or disable a node address, type the appropriate command:

b node <node addr> enable

b node <node addr> disable

Viewing the currently defined virtual servers and nodes

When used with the show parameter, bigpipe commands typically display currently configured elements. For example, the bigpipe virtual show command displays all currently defined virtual servers, and the bigpipe node command displays all nodes currently included in virtual server mappings. For additional information about using bigpipe commands on the BIG-IP, see Chapter 7, bigpipe Command Reference.

Viewing system statistics and log files

The Configuration utility allows you to view a variety of system statistics and system log files. Note that from each statistics screen, you can access property settings for individual virtual servers, nodes, IP addresses, and ports by selecting the individual item in the statistics table.

Viewing system statistics

The Configuration utility allows you to view the following statistical information:

• BIG-IP system statistics, including the elapsed time since the last system reboot, the number of packets and connections handled by the system, and the number of dropped connections
• Virtual servers, including virtual servers, virtual address only, or virtual ports only
• Nodes, including nodes, node addresses only, or node ports only
• NAT statistics, such as the number of packets handled by each NAT
• SNAT statistics, such as SNAT mappings
• IP filter statistics, including the number of packets accepted and rejected by individual IP filters
• Rate filter statistics, including the number of bits passed through, delayed, and dropped by individual rate filters
• Information about illegal connection attempts, such as the source IP addresses from which the illegal connection is initiated

Statistics are displayed in real-time. You can specify the update frequency by setting an interval (in seconds), and then clicking Update.

Viewing log files

The Configuration utility allows you to display three different log files:

• The BIG-IP system log, which displays standard UNIX system events
• The BIG-IP log, which displays information specific to BIG-IP events, such as defining a virtual server
• The Pinger log, which displays status information determined by each node ping issued by the BIG-IP

Printing the connection table

The bigpipe command line utility also offers a useful diagnostic tool that prints the list of current connections. Normally, the bigpipe conn command prints the client, virtual server, and node addresses.

Changing passwords

When you run the Setup utility, you define a password that allows remote access to the BIG-IP, and you also define a password for the BIG-IP web server. You can change these passwords at any time.

To change the BIG-IP password

1. At the BIG-IP command line prompt, log on as the root user and use the passwd command.
2. At the password prompt, enter the password you want to use for the BIG-IP and press Enter.
3. To confirm the password, retype it and press Enter.

Changing passwords and adding new user IDs for the web-based Configuration utility

You can create new users for the BIG-IP web server in the Configuration utility.

The user accounts you create in the Configuration utility can have full, partial, or read-only access to the BIG-IP.

To create user accounts in the Configuration utility

1. In the navigation pane, click User Admin.
   The User Administration screen opens.
2. In the Add User section, type the following information.
   
   
   • User ID
     Type the user ID you want to assign the user.
   • Password
     Type the password you want to assign the user.
   • Retype Password
     Retype the password you want to assign the user.
3. In the Current Users list, select the access level for the user. The access levels available are:
   
   
   • Read Only
     This access level allows the user only to view information in the Configuration utility. Users with this access level do not have access to Add buttons, certain tab items, Apply buttons, or Remove buttons.
4. Partial Read/Write
   In addition to allowing the user to view information, a Partial Read/Write user can also change the status of node addresses to either enabled or disabled.
5. Full Read/Write
   This access level provides the user with full access to all administrative tasks.
6. After you select the access level for the user, click the Add button.

The Current User list on the User Administration screen contains all users configured to access the Configuration utility. You can delete any user added through the Configuration utility by clicking the Remove button next to the user in the list. The BIG-IP web server administrator account you created with the Setup utility shows up in this list. However, you cannot edit or delete this account from the Configuration utility. To edit this account, you must run the config httpd command line utility. For more information about this utility, see Chapter 2, Using the Setup Utility.

Working with the BIG/db database

The BIG/db^TM database holds certain configuration information for the BIG-IP. Most BIG-IP utilities currently use the configuration stored in BIG/db. The bigpipe db is provided for loading configuration information into BIG/db. An additional default.txt file is included with the BIG-IP which contains default information you can load into the BIG/db database.

Using the bigpipe db command

The keys are viewed and set using the bigpipe db command.

b db get <key>

b db get <reg_exp>

b db set <key>

b db set <key> = <value>

b db unset <key>

b db unset <reg_exp>

b db dump [filename]

To display current setting of a BIG/db configuration key

To display the value of a BIG/db configuration key, use the following syntax:

b db get <key>

b db get <regular_exp>

For example, the following command displays the value of Local.Bigip.FTB.HostNumber:

b db get Local.Bigip.FTB.HostNumber

The following command displays the value of all local keys:

b db get Local.*

To set a BIG/db configuration key

To create (set) a BIG/db configuration key, use the following syntax:

b db set <key>

To set a BIG/db configuration key and assign a value to it, use the following syntax

b db set <key> = <value>

For example, the following command sets Local.Bigip.FTB.HostNumber mode to on:

b db set Local.Bigip.FTB.HostNumber = 1

To unset a BIG/db configuration key

To unset the a BIG/db configuration key, use the following syntax.

b db unset <key>

b db unset <regular_exp>

For example, the following command unsets Local.Bigip.FTB.HostNumber:

b db unset Local.Bigip.FTB.HostNumber

The following command unsets all local keys:

b db unset set Local.*

Working with the default.txt file

The default.txt file documents the keys that are valid in the BIG/store database. This file is located at /config/default.txt. It contains all the possible database keys, comments that document these keys, and the default values used by programs that run on the BIG-IP.

Note: The values in the default.txt file are default values, several of the keys listed are not present in the BIG/db database.

The default.txt file is intended to serve as documentation only. Some of the records, such as those that represent IP addresses and port numbers, need to be set to values other than the default values for the system to work. Additionally, some of the key names listed are wildcard keys. These keys are not valid key names.

If you want to load default.txt into the BIG/db database, we recommend that you dump the existing database to another text file. Make a copy of default.txt, and then edit the copy so that the records which are present in your dump file match the values contained in the default.txt file. After the values match, you can load the edited copy of default.txt.

For a complete list of the keys available in the BIG/db, see Chapter 9, BIG/db Configuration Keys.

Working with the BIG/stat utility

BIG/stat^TM is a utility that allows you to quickly view the status of the following elements:

• Virtual servers
• Services (cur, max, limit, tot) (pckts,bits) in out
• Nodes (cur, max, limit, tot) (pckts,bits) in out
• Ports
• Network address translations (NATs)

You can customize the BIG/stat utility statistics display. For example, you can customize your output to display statistics for a single element, or for selected elements. You can set the display to automatically update at time intervals you specify.

The bigstat command accepts one or more options, which allow you to customize the statistical display. When you use the bigstat command without specifying any options, the BIG/stat utility displays the list of virtual servers, services, nodes, NATs, and SNATs only one time. The basic command syntax is:

bigstat [ options...]

The following table, Table 11.4, describes the options that you can use in the bigstat command.

The bigstat command options

Option	Description
-bigip	Displays totals for the BIG-IP overall.
-c <count>	Sets the interval at which new information is displayed.
-h and -help	Displays the help options.
-n	Displays data in numeric format.
-nat	Displays network address table (NAT) entries only.
-no_virtualtot	Removes virtual server totals from the display.
-no_nodetot	Removes node totals from the display.
-node	Displays nodes only.
-port	Displays ports only.
-v	Displays version information.
-virtual	Displays virtual servers only.

Figure 11.6 contains an example of the output from the bigstat command. Table 11.5 contains descriptions of each of the items in this example.

Figure 11.6 Sample output of the bigstat command

 bigip springbank          
            (cur, max, tot) = (0, 8, 374)    
            (pckts,bits) in = (15310, 10860064),  out = (28363, 313009048)    
   virtual   11.11.11.50          
            (cur, max, limit, tot) = (0, 8, 370, 370)    
            (pckts,bits) in = (10704, 8744872), out = (21480, 230874016)    
   virtual   11.11.11.50:http        UP       
            (cur, max, limit, tot) = (0, 8, 370, 370)    
            (pckts,bits) in = (10704, 8744872), out = (21480, 230874016)    
   virtual   11.11.11.101         
            (cur, max, limit, tot) = (0, 2, 4, 4)    
            (pckts,bits) in = (4532, 2090768), out = (6824, 82113984)    
   virtual   11.11.11.101:http       UP       
            (cur, max, limit, tot) = (0, 2, 4, 4)    
            (pckts,bits) in = (4532, 2090768), out = (6824, 82113984)    
   node  11.12.11.100            UP       
            (cur, max, limit, tot) = (0, 8, 374, 374)    
            (pckts,bits) in = (15236, 10835640), out = (28304, 312988000)    
   node  11.12.11.100:http       UP       
            (cur, max, limit, tot) = (0, 8, 374, 374)    
            (pckts,bits) in = (15236, 10835640), out = (28304, 312988000)    
   port  WILDCARD PORT    
            (cur, max, limit, tot, reaped) = (0, 0, 0, 0, 0)    
            (pckts,bits) in = (0, 0), out = (0, 0)    
   port  80:http    
            (cur, max, limit, tot, reaped) = (0, 8, 374, 374, 6)    
            (pckts,bits) in = (15236, 10835640), out = (28304, 312988000)  

The following table contains descriptions of each of the metrics collected for the BIG-IP.

Data displayed by the bigstat utility

BIG/stat Item	Description
BIG-IP	cur - Shows the number of current connections handled by the BIG-IP max - Shows the maximum number of connections handled by the BIG-IP tot - Shows the total number of connections handled by the BIG-IP pckts,bits in - Shows the total number of packets and bits coming into the BIG-IP pckts,bits out - Shows the total number of packets and bits going out of the BIG-IP
virtual server	cur - Shows the number of current connections handled by the virtual server max - Shows the maximum number of connections handled by the virtual server limit - Shows the connection limit reached by the virtual server tot - Shows the total number of connections handled by the virtual server pckts,bits in - Shows the total number of packets and bits coming into the virtual server pckts,bits out - Shows the total number of packets and bits going out of the virtual server
service	cur - Shows the number of current connections handled by the service max - Shows the maximum number of connections handled by the service limit - Shows the connection limit reached by the service tot - Shows the total number of connections handled by the BIG-IP service pckts,bits in - Shows the total number of packets and bits coming into the service pckts,bits out - Shows the total number of packets and bits going out of the service
nodes	cur - Shows the number of current connections handled by the node max - Shows the maximum number of connections handled by the node limit - Shows the connection limit reached by the node tot - Shows the total number of connections handled by the BIG-IP node pckts,bits in - Shows the total number of packets and bits coming into the node pckts,bits out - Shows the total number of packets and bits going out of the node
ports	cur - Shows the number of current connections handled by the port max - Shows the maximum number of connections handled by the port limit - Shows the connection limit reached by the port tot - Shows the total number of connections handled by the BIG-IP port reaped - Shows the number of connections reaped on the port pckts,bits in - Shows the total number of packets and bits coming into the port pckts,bits out - Shows the total number of packets and bits going out of the port