Applies To:

Show Versions Show Versions

Manual Chapter: BIG-IP v9.0 New and Updated Commands: Managing the BIG-IP System
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>


3

Managing the BIG-IP System


Introducing BIG-IP system management

The BIG-IP system includes several command-line tools that you can use to perform routine system management tasks such as creating and managing administrative user accounts, displaying traffic statistics, and managing BIG-IP units in a redundant system configuration.

With these tools, you can manage many parts of the system:

  • The management port
  • BIG-IP host name and IP address
  • Global system properties
  • High Availability
  • User configuration archives
  • System services (for example, SSH and HTTP)
  • SNMP
  • Logging
  • qkview and tcpdump (diagnostic tools)
  • Serial console
  • Real-time statistics

For information on configuring the BIG-IP system to control local application traffic, see Chapter 4, Managing Local Application Traffic .

Understanding BIG-IP system management tools

The tools that you can use to manage the BIG-IP system are:

  • config command
  • bigpipe utility
  • bigtop utility
  • bigstart command
  • halt command
  • reboot command
  • hostname command
  • printdb command
  • ssh and scp commands

Table 3.1 provides a concise listing of the commands that you use to manage the BIG-IP system. For more details on these commands, see the online man pages.

Table 3.1 Commands for BIG-IP system management 
Command Description
config Command
config
Configures the IP address, network mask, and gateway on the management (MGMT) port. Use this command prior to licensing the BIG-IP system and do not confuse it with the bigpipe config command or the BIG-IP Configuration utility.
bigpipe Commands
config
Synchronizes the /config/bigip.conf between the two BIG-IP units in a redundant system.
conn
Prints a list of current connections.
daemon
Manages the failover settings of various BIG-IP system daemons.
db
Loads configuration information into the bigdb database and displays bigdb information.
global
Sets global variable definitions and resets global statistics.
-h and help
Displays online help for bigpipe command syntax.
ha
Displays the HA (high availability) table.
http
Displays statistics related to HTTP traffic.
icmp
Displays statistics related to ICMP traffic.
ip
Displays statistics related to IP traffic.
load
Loads the BIG-IP system configuration, and resets it.
memory
Displays memory statistics.
merge
Loads a saved BIG-IP system configuration without resetting the current configuration.
mgmt
Modifies the settings of the management (MGMT) port.
nat
Resets statistics for network address translations (NATs).
node
Displays nodes, resets statistics for nodes, and removes nodes from service.
reset
Clears the BIG-IP system configuration and counter values.
save
Writes the current configuration to a file.
snat
Manages secure network address translations (SNATs).
unit
Displays the unit number assigned to a particular BIG-IP system.
verify
Parses the command line and checks syntax without executing the specified command.
version
Displays the bigpipe utility version number.
virtual
Displays status and statistical information for virtual servers, resets virtual server statistics, and removes virtual servers from service.
bigtop Commands
bigtop
Displays real-time statistics.
Other Commands
halt
Shuts down the BIG-IP software application.
bigstart
Displays and configures BIG-IP system services. Examples of system services are MCPD, TMM, and SOD.
printdb
Prints the values of one or more entries in the bigdb database.
ssh and scp
Access command line interfaces on other SSH-enabled devices, and copy files to or from a BIG-IP system.

 

Performing BIG-IP system management tasks

Table 3.2 lists the tasks that you can perform to maintain the BIG-IP system. For each task, the table shows the commands or utilities you use to perform that task.

Important

The command syntax shown in Table 3.2 is not exhaustive. For each command, see the corresponding man page for the correct syntax..
Table 3.2 System management tasks 
Tasks to manage your BIG-IP system Command or utility to use
Modify the IP address, network mask, and management route of the designated management port for the BIG-IP system.
config or bigpipe mgmt
Modify the host name of the BIG-IP system.
Setup utility. Use the browser-based Configuration utility.
Modify the IP address of the BIG-IP system.
Setup utility. Use the browser-based Configuration utility.
Specify whether the BIG-IP system is a single device or part of a redundant pair.
Setup utility. Use the browser-based Configuration utility.
Modify the time zone of the BIG-IP system time.
Setup utility. Use the browser-based Configuration utility.
Change the password of the root account.
Setup utility. Use the browser-based Configuration utility.
Change the password of the admin account.
Use the browser-based Configuration utility.
Enable or disable the support account.
Use the browser-based Configuration utility.
Allow console access for a user.
Use the browser-based Configuration utility.
Specify the IP addresses from which an SSH user can access the BIG-IP system.
Use the browser-based Configuration utility.
Manage the web certificate-key pair for a server.
openssl utility. For more information, see Chapter 4, Managing Local Application Traffic .
Enable or disable the hardware monitor.
Use the browser-based Configuration utility.
Designate action in the event of an SSL Accelerator failure.
Use the browser-based Configuration utility.
Designate action in the event of a switch board failure.
Use the browser-based Configuration utility.
Designate action in the event of a BIG-IP daemon failure.
bigpipe daemon help
Designate action in the event of a VLAN failure.
bigpipe vlan help
Manage configuration archives.
bigpipe config
Start or stop various BIG-IP system services.
bigstart help
View status/history of BIG-IP system services.
bigstart status
Start or stop the SNMP agent.
bigstart shutdown snmpd
Display performance statistics for the BIG-IP system, such as uptime and total number of connections.
bigpipe global
Reset statistics for one or all virtual servers.
bigpipe virtual <name> stats reset
Reset statistics for one or all nodes.
bigpipe node [<ip_address><service>] stats reset
Reset statistics for one or all virtual ports.
bigpipe service [<service>] stats reset
Reset statistics for one or all SNATs.
bigpipe snat [<original_address>] stats reset
Reset statistics for one or all NATs.
bigpipe nat [<original_address>] stats reset
Reset statistics globally.
bigpipe global stats reset
Display connection information.
bigpipe conn
Display statistical information for a service
Use the browser-based Configuration utility.
Enable or disable a service.
Use the browser-based Configuration utility.
Display real-time statistics.
bigtop <options>
Power down the BIG-IP software application.
halt
Reboot the BIG-IP software application.
reboot
Reload the BIG-IP configuration.
bigpipe load
Display system properties such as host name, version, and CPU count.
hostname, bigpipe version, bigpipe global
Boot the BIG-IP system from the network on next boot.
bigpipe db Boot.NetReboot enable
Enable or disable the LCD System menu.
Use the browser-based Configuration utility.
Specify the time servers that the system uses to update the system time.
Use the browser-based Configuration utility.
Specify the name servers that the system uses to validate DNS lookups and resolve host names.
Use the browser-based Configuration utility.
Enable or disable VLAN-keyed connections.
bigpipe db Connection.VlanKeyed enable | disable
List the maximum transmission unit (MTU) that the system can send over a path without fragmenting TCP packets.
bigpipe mgmt route [<mgmt route key list> | all] mtu [show]
bigpipe route mtu show
bigpipe vlan <vlan_name> mtu show
Specify the percentage of memory usage at which the system stops allowing new connections.
bigpipe db Connection.AdaptiveReaper.Hiwater <num>
Specify the percentage of memory usage at which the system begins silently purging stale connections without sending reset (RST) packets to clients.
bigpipe db Connection.AdaptiveReaper.Lowwater <num>
Specify the number of new or untrusted TCP connections that can be established before the system activates the SYN Cookies authentication method for subsequent TCP connections.
bigpipe db Connection.SynCookies.Threshold <num>
Enable or disable SNAT packet forwarding.
bigpipe global snats any_ip enable | disable
Manage destination address entries in the routing table, the ARP cache, and the L2 forwarding table.
Use the browser-based Configuration utility.
View information on service-related events.
Use the browser-based Configuration utility to vew the System, Packet Filter, and Local Traffic logs. These logs are stored in the directories /var/log/messages, /var/log/pktfilter, and /var/log/ltm.
View messages logged by the Syslog-ng utility.
Use the browser-based Configuration utility to vew the system log.This log is stored in the directory /var/log/messages.
View information on packet filters.
Use the browser-based Configuration utility to vew the packet filter log.This log is stored in the directory /var/log/pktfilter.
Set logging options for local-traffic events.
Use the browser-based Configuration utility.
Set logging options for auditing events.
Use the browser-based Configuration utility.
View list of existing user accounts.
No command line interface. Use the browser-based Configuration utility.
Create a user account.
No command line interface. Use the browser-based Configuration utility.
Modify a user account.
No command line interface. Use the browser-based Configuration utility.
Specify the location of user authentication data.
No command line interface. Use the browser-based Configuration utility.
Assign user role to a remote user account.
No command line interface. Use the browser-based Configuration utility.
Run a QKView report.
qkview
Run a TCP dump report.
See solution report SOL2246 on http://tech.f5.com.

In addition to the tasks that you can perform with BIG-IP utilities and commands, there are tasks that you perform by directly editing certain files with your favorite text editor, such as the LINUX vi editor. Table 3.3 lists these tasks and the system configuration files you edit to perform them. For more information on system configuration files, see Viewing and modifying system configuration files .

Table 3.3 Other BIG-IP maintenance tasks 
Other BIG-IP system maintenance tasks File Name
Create or modify an SNMP trap record.
/etc/alertd/alert.conf
Deny UDP connections to the SNMP agent.
/etc/hosts.deny
Define hosts that are allowed to access the SNMP agent.
/etc/hosts.allow
Configure the SNMP agent.
/config/snmp/snmpd.conf
Specify whether to send an SNMP trap based on a regular expression.
/etc/alertd/alert.conf
Configure the Syslog-ng utility to pipe specified message types through the alert system.
/etc/syslog-ng.conf

 

The following sections describe some of the system management tasks that you can perform on the BIG-IP system.

Configuring the MGMT port

Before you license the BIG-IP system, you must configure the management port (MGMT). You do this by running the config command at the command line prompt.

Configuring the management port for the first time

  1. Run the config command.
  2. Specify the IP address of the management (MGMT) port.
  3. Specify a network mask for the IP address.
  4. Specify an IP address for the management route.

Modifying management port settings

If you have licensed the BIG-IP product and want to go back and modify the settings that you configured with the config command, you can use the bigpipe mgmt command.

Setting failover for BIG-IP system services

You can use the bigpipe daemon command to define the action that you want the BIG-IP system to take when certain system services fail. Table 3.4 lists these services.

Table 3.4 BIG-IP system services with failover settings
Service Definition
mcpd
Messaging and configuration
tmm
Traffic Management
bigd
Health Monitors
sod
Failover
bcm56xxd
Switch hardware driver

 

Displaying protocol statistics

You can use the bigpipe utility to display statistics for various types of network traffic. You can use these commands to display protocol-related statistics:

  • bigpipe http
  • bigpipe icmp
  • bigpipe ip
  • bigpipe tcp
  • bigpipe udp

You can also display global statistics using the bigpipe global command.

Working with the bigtop utility

The bigtop™ utility is a real-time statistics display utility. The display shows the date and time of the latest reboot, and lists activity in bits, bytes, or packets. The bigtop utility accepts options you use to customize the display of information. For example, you can set the interval at which the data is refreshed, and you can specify a sort order. The bigtop utility displays the statistics as shown in Figure 3.1 .

Figure 3.1 The bigtop screen display
                   |  bits  since       |  bits in prior     |   current
                   |  Nov 28 18:47:50   |  3 seconds         |   time
BIG-IP      ACTIVE |---In----Out---Conn-|---In----Out---Conn-|   00:31:59
227.19.162.82          1.1G  29.6G 145     1.6K     0      0
virtual ip:port        |---In----Out---Conn-|---In----Out---Conn-|-Nodes Up--
217.87.185.5:80       1.0G  27.4G 139.6K   1.6K     0      0       2
217.87.185.5:20      47.5M  2.1G    3.1K     0      0      0       2
217.87.185.5:20      10.2M 11.5M    2.6K     0      0      0       2
NODE  ip:port      |---In----Out---Conn-|---In----Out---Conn-|--State----
129.186.40.17:80    960.6M  27.4G  69.8K   672      0      0      UP
129.186.40.17:20     47.4M   2.1G   3.1K     0      0      0      UP
129.186.40.18:80    105.3M 189.0K  69.8K   1.0K     0      0      UP
129.186.40.17.21      9.4M  11.1M   1.3K     0      0      0      UP
129.186.40.18:21    700.8K 414.7K   1.3K     0      0      0      UP
129.186.40.18:20      352    320      1      0      0      0      UP

 

Using bigtop command options

The syntax for the bigtop command is as follows:

bigtop [options...]

Table 3.5 lists and describes the options you can use with the bigtop command.

Table 3.5 bigtop command options
Option Description
-bytes
Displays counts in bytes (the default is bits).
-conn
Sorts by connection count (the default is to sort by byte count).
-delay <value>
Sets the interval at which data is refreshed (the default is four seconds).
-delta
Sorts by count since last sample (the default is to sort by total count).
-help
Displays bigtop help.
-nodes <value>
Sets the number of nodes to print (the default is to print all nodes).
-nosort
Disables sorting.
-once
Prints the information once and exits.
-pkts
Displays the counts in packets (the default is bits).
-scroll
Disables full-screen mode.
-virtuals <value>
Sets the number of virtual servers to print (the default is to print all virtual servers).

 

Using runtime commands in bigtop

Unless you specified the -once option, the bigtop utility continually updates the display at the rate indicated by the -delay option. You can also use the following runtime options at any time:

  • The u option cycles through the display modes: bits, bytes, and packets.
  • The q option quits the bigtop utility.

Exiting the bigtop utility

To exit the bigtop utility, simply type q at the command line prompt.

Configuring SNMP on a BIG-IP system

SNMP configuration files

The SNMP options that you specify in the Configuration utility are written to one or more of the following configuration files. If you prefer, you can configure SNMP by directly editing the appropriate files with a text editor rather than using the Configuration utility.

  • hosts.deny
    This file denies all UDP connections to the SNMP agent.
  • hosts.allow
    This file specifies which hosts are allowed to access the SNMP agent.
  • snmpd.conf
    This file configures the SNMP agent.
  • snmptrap.conf
    For the BIG-IP system, the configuration in /etc/snmptrap.conf determines which messages generate traps, and what those traps are. Edit this file only if you want to add traps.
  • syslog-ng.conf
    Configure /etc/syslog-ng.conf to pipe specified message types through the alert system.

/etc/hosts.deny

This file must be present to deny by default all UDP connections to the SNMP agent. The contents of this file are as follows:

ALL : ALL

/etc/hosts.allow

The /etc/hosts.allow file is used to specify which hosts are allowed to access the SNMP agent. There are two ways to configure access to the SNMP agent with the /etc/host.allow file. You can type in an IP address, or list of IP addresses, that are allowed to access the SNMP agent, or you can type in a network address and mask to allow a range of addresses in a subnetwork to access the SNMP agent.

For a specific list of addresses, type in the list of addresses you want to allow to access the SNMP agent. Addresses in the list must be separated by blank space or by commas. The basic syntax is as follows:

daemon: <IP address> <IP address> <IP address>

For example, you can type the following line which sets the SNMP agent to accept connections from the IP addresses specified:

bigsnmpd: 128.95.46.5 128.95.46.6 128.95.46.7

For a range of addresses, the basic syntax is as follows, where daemon is the name of the daemon, and IP/MASK specifies the network that is allowed access. The IP must be a network address:

daemon: IP/MASK

For example, you might use the following line which sets the bigsnmpd daemon to allow connections from the 128.95.46.0/255.255.255.0 address:

bigsnmpd: 128.95.46.0/255.255.255.0

The preceding example allows the 254 possible hosts from the network address 128.95.46.0 to access the SNMP daemon. Additionally, you may use the keyword ALL to allow access for all hosts or all daemons.

Note

192.168.1/24 CIDR syntax is not allowed.

The /etc/snmpd.conf file

The /etc/snmpd.conf file controls most of the SNMP agent. This file is used to set up and configure certain traps, passwords, and general SNMP variable names. A few of the necessary variables are listed below:

  • System Contact Name
    The System Contact is a MIB-II simple string variable defined by almost all SNMP boxes. It usually contains a user name, as well as an email address. This is set by the syscontact key.
  • Machine Location (string)
    The Machine Location is a MIB-II variable that almost all boxes support. It is a simple string that defines the location of the box. This is set by the syslocation key.
  • Community String
    The community string clear text password is used for basic SNMP security. This also maps to VACM groups, but for initial read/only access it is limited to only one group.
  • Trap Configuration
    Trap configuration is controlled by these entries in the /etc/snmpd.conf file:
    • trapsink <host>
      This sets the host to receive trap information. The <host> is an IP address.
    • trapport <port>
      This sets the port on which traps are sent. There must be one trapport line for each trapsink host.
    • trapcommunity <community string>
      This sets the community string (password) to use for sending traps. If set, it also sends a trap upon startup: coldStart(0).
    • authtrapenable <integer>
      Setting this variable to 1 enables traps to be sent for authentication warnings. Setting it to 2 disables it.
    • data_cache_duration <seconds>
      This is the time in seconds during which data is cached. The default value for this setting is one second.
Note

A trapport line controls all trapsink lines that follow it until another trapport line appears. Therefore, to change the trap port for a trap sink, the new trapport line must be inserted before the trap sink's trapsink line, with no other trapport lines in between. The same logic follows for trapcommunity lines.

/etc/snmptrap.conf

This configuration file includes OID, trap, and regular expression mappings. The configuration file specifies whether to send a specific trap based on a regular expression. An excerpt of the configuration file is shown in Figure 3.2 .

Figure 3.2 Excerpt from the /etc/snmptrap.conf file
# Default traps.
.1.3.6.1.4.1.3375.1.1.110.2.6 (ROOT LOGIN) ROOT LOGIN
.1.3.6.1.4.1.3375.1.1.110.2.5 (denial) REQUEST DENIAL
.1.3.6.1.4.1.3375.1.1.110.2.4 (BIG-IP Loading) SYSTEM RESET
.1.3.6.1.4.1.3375.1.1.110.2.3 (Service detected UP) SERVICE UP
.1.3.6.1.4.1.3375.1.1.110.2.2 (Service detected DOWN) SERVICE DOWN
#.1.3.6.1.4.1.3375.1.1.110.2.1 (error) Unknown Error
#.1.3.6.1.4.1.3375.1.1.110.2.1 (failure) Unknown Failure

 

Some of the OIDs have been permanently mapped to BIG-IP system specific events. The OIDs that are permanently mapped for the BIG-IP system include:

  • Root login
  • Request denial
  • System reset
  • Service up
  • Service down

You may, however, insert your own regular expressions and map them to the 110.1 OID. The /etc/snmptrap.conf file contains two examples for mapping your own OIDs:

  • Unknown error
  • Unknown failure

By default, the lines for these files are commented out. Use these OIDs for miscellaneous events. When lines match your expression, they are sent to your management software with the 110.2.1 OID.

If you change this file, restart the SNMP agent bigsnmpd as follows:

bigstart restart bigsnmpd

For the 3-DNS Controller, the configuration in /etc/3dns_snmptrap.conf determines which messages generate traps and what those traps are. Edit this file only if you want to add traps.

Configuring snmpd to send responses out of different ports or addresses

You can configure the snmpd to respond on different ports or bind the daemon to a specific interface. Use the following syntax to configure snmpd:

snmpd -p [(udp|tcp):]port[@address][,...]

Use this command to make the agent list on the specified list of sockets instead of the default port, which is port 161. Separate multiple ports by commas. You can specify transports by prepending the port number with the transport name (udp or tcp) followed by a colon.

To bind to a particular interface, you can specify the address you want it to bind with. For example, you can specify the following command to make the agent listen on UDP port 161 for any address, TCP port 161 for any address, and UDP port 9161 on only the interface associated with the localhost address.

snmpd -p 161,tcp:161,9161@localhost

Note

The -T flag changes the default transport mapping to use (in the previous example, the default transport mapping is UDP).

Working with the bigdb database

The bigdb™ database holds certain configuration information for the BIG-IP system. Most BIG-IP system utilities use the configuration stored in the bigdb database. You can load configuration information into this bigdb database.

Setting values for bigdb variables

Using the bigpipe db command, you can view a bigdb variable, set a new value for a variable, or reset a variable to the default value. If you want to modify the values of variable attributes, such as the variable's data type, you must modify the bigdb database directly. For more information, see Setting values for bigdb attributes .

To view the value of a bigdb variable

To view the value of a bigdb variable, type the bigpipe db command along with the key name. If you do not specify a key name, the system displays variable values.

bigpipe db [<key>] [show]

To set the value of a bigdb variable

To set a variable to a specific value, type the bigpipe db command along with the key name and a value:

b db <key> <value>

To set a variable to the default value, type the bigpipe db command with the key name and the reset keyword:

b db <key> reset

Setting values for bigdb attributes

You can modify the values of the attributes that are associated with a bigdb variable in the bigdb database. To do this, you must directly edit the file /config/bigDB.dat, using your favorite text editor. For a printout of bigdb database entries, see Figure 3.4 .

The attributes associated with a bigdb variable are:

  • Variable name (key)
    The name for the variable (key). An example is Bigip.Failover.ActiveMode.
  • Value
    The value associated with variable. The system stores this value as a string.
  • Default value
    The value that the system uses when the variable is otherwise <.
  • Type
    The data type that the system uses to constrain and validate the value. Types are not case-sensitive and can be any of the following: string, integer (for signed integer), unsigned_integer, ipaddress, or enum.
  • Realm
    An attribute indicating where a value is relevant (not case-sensitive). Allowed values are: Local or Common. The system persists both Local and Common variables, and transfers Common variables to a peer during config sync operations.
  • Minimum value
    The minimum value for variables of type integer and unsigned_integer. This is the shortest length for strings.
  • Maximum value
    The maximum value for variables of type integer and unsigned_integer. This is the maximum length for strings.
  • Enumerated value
    A list of values allowed. The first character is a delimiter for items.

Figure 3.3 shows an example of the format of variable entries in the /config/bigDB.dat file.

[Bigstart.ChildWaitSec]
value=15
default=10
type=unsigned_integer
min=0
max=32767
realm=common
#
# Open a debug output file for each of the respective monitor
# when set to "true" or "yes"
#
[Bigip.HttpAgents.WMI.LogEnabled]
default=true
realm=local
type=enum
enum=|true|false|yes|no|

Figure 3.3 The format of the /config/bigDB.dat file

To modify bigdb variable attributes

  1. Use the bigstart command to shut down the bigdb service:
    bigstart shutdown bigdbd
  2. Using a text editor, edit one or more attribute values in the /config/bigDB.dat file.
  3. Use the bigstart command to restart the bigdb service:
    bigstart startup bigdbd

Printing bigdb variables

You can print the values of any bigdb variable and its attributes, using the printdb command. You can tailor your printout to print by realm, variable name, or variable name range.

Figure 3.4 shows an example of the output from the printdb command.

********************************************************
 
Name: Bigdb.LogLevel
          Realm:          common
        	  Type:           unsigned_integer
        		  Default:        6
        		  Min:        	   0
		   Max:		           7
 
********************************************************
 
Name: Bigdb.UpdatePause
        		  Realm:          common
        		  Type:           unsigned_integer
        		  Default:        30
        		  Min:            0
		   Max:            30

Figure 3.4 Sample printout of bigdb entries

Working with the Syslog-ng utility

The BIG-IP system supports logging using the Syslog-ng utility. The system generates logs automatically, and saves them in user-specified files. These logs contain all changes made to the BIG-IP system configuration, such as those made with the bigpipe virtual command, or other bigpipe commands, as well as all critical events that occur in the system.

Note

You can configure the Syslog-ng utility to send mail or activate pager notification based on the priority of the logged event.

The Syslog-ng log files track system events based on information defined in the /etc/syslog-ng.conf file. You can view the log files in a standard text editor, or with the less file page utility.

Table 3.6 shows sample Syslog-ng messages for events that are specific to the BIG-IP system.

.

Table 3.6 Sample Syslog-ng messages
Sample message
Description
bigd: allowing connections on port 20
A user specifically allowed connections on virtual port 20.
bigd: node 192.168.1.1 detected up
The 192.168.1.1 node address was successfully pinged by the BIG-IP system.
bigd: added service port 20 to node 192.168.1.1
A user defined a new node, 192.168.1.1:20.
kernel: security: port denial 207.17.112.254:4379 -> 192.168.1.1:23
A client was denied access to a specific port. The client is identified as coming from 207.17.112.254:4379, and the destination node is 192.168.1.1:23.

 

Removing and returning items to service

Once you have completed the initial configuration on the BIG-IP system, you may want to temporarily remove specific items from service for maintenance purposes. For example, if a specific network server needs to be upgraded, you may want to disable the nodes associated with that server, and then enable them once you finish installing the new hardware and bring the server back online.

If you specifically disable the nodes associated with the server, the BIG-IP system allows the node to go down only after all the current connections are complete. During this time, the BIG-IP system does not attempt to send new connections to the node. Although the BIG-IP system monitoring features would eventually determine that the nodes associated with the server are down, specifically removing the nodes from service can prevent interruptions on long duration client connections.

You can remove the entire BIG-IP system from service, or you can remove the following individual items from service:

  • irtual servers
  • Virtual addresses
  • Virtual ports
  • Nodes

Removing the BIG-IP system from service

The BIG-IP system offers a Maintenance mode, which allows you to remove the BIG-IP system from network service. This is useful if you want to perform hardware maintenance, or make extensive configuration changes. When you activate Maintenance mode, the BIG-IP system no longer accepts connections to the virtual servers it manages. However, it allows the existing connections to finish processing so that current clients are not interrupted.

The bigpipe maint command toggles the BIG-IP system into or out of Maintenance mode. Use the following command to put the BIG-IP system into maintenance mode:

bigpipe maint

If the BIG-IP system runs in Maintenance mode for less than 20 minutes and you return the machine to the normal service, the BIG-IP system quickly begins accepting connections. However, if the BIG-IP system runs in Maintenance mode for more than 20 minutes, returning the unit to service involves updating all network ARP caches. This process can take a few seconds, but you can speed the process up by reloading the /config/bigip.conf file using the following command:

bigpipe load -f /config/bigip.conf

Removing individual virtual servers and virtual addresses from service

The BIG-IP system also supports taking only selected virtual servers, and virtual addresses out of service, rather than removing the BIG-IP system itself from service. Each bigpipe command that defines virtual servers and their components supports enable and disable keywords, which allow you to remove or return the elements from service.

When you remove a virtual address from service, it affects all virtual servers associated with the virtual address.

Enabling and disabling virtual servers and virtual addresses

The bigpipe virtual command allows you to enable or disable individual virtual servers, as well as virtual addresses.

To enable or disable a virtual server

To enable or disable a virtual server, use the appropriate command syntax:

bigpipe virtual <virtual addr>:<virtual port> enable | disable

To enable or disable a virtual address, use the appropriate command syntax:

bigpipe virtual <virtual addr> enable | disable

Removing individual nodes from service

You can enable or disable individual and nodes from the command line.

To enable and disable nodes

The bigpipe node command allows you to enable or disable individual nodes.

To enable or disable a node, use the appropriate command syntax:

b node <node addr>:<node port> up

b node <node addr>:<node port> down

Viewing the currently defined virtual servers and nodes

When used with the show parameter, bigpipe commands typically display currently configured elements. For example, the bigpipe virtual show command displays all currently defined virtual servers, and the bigpipe node show command displays all nodes currently included in virtual server mappings.

Viewing and modifying system configuration files

The BIG-IP system contains several configuration files that store essential information. You can use your favorite text editor to view or modify these files. Modifying a configuration file is sometimes necessary when there is no browser-based or command line interface to configure a feature. Table 3.7 lists the configuration files on the BIG-IP system.

Table 3.7 BIG-IP system configuration files
File
Description
/etc/alertd/alert.conf
Stores definitions of SNMP traps (system default alerts).
/config/user_alert.conf
Stores definitions of SNMP traps (user-defined alerts).
/config/bigip.conf
Stores all configuration objects for managing local application traffic, such as virtual servers, load balancing pools, profiles, and SNATs.
/config/bigip_base.conf
Stores BIG-IP self IP addresses and VLAN and interface configurations.
/config/bigip.license
Stores authorization information for the BIG-IP system.
/etc/bigconf.conf
Stores the user preferences for the Configuration utility.
/usr/share/ssl/openssl.cnf
Holds the configuration information for how the SSL library interacts with browsers, and how key information is generated.
/config/user.db
Holds various configuration information. This is known as the bigdb database.
/config/httpd/conf/httpd.conf
Holds configuration information for the web server.
/config/bigconfig/users
The web server password file. Contains the user names and passwords of the people permitted to access whatever is provided by the webserver.
/etc/hosts
Stores the hosts table for the BIG-IP system.
/etc/hosts.allow
Stores the IP addresses of workstations that are allowed to make administrative shell connections to the BIG-IP system.
/etc/hosts.deny
Stores the IP addresses of workstations that are not allowed to make administrative shell connections to the BIG-IP system.
/etc/rateclass.conf
Stores rate class definitions. Note: This file does not exist on some systems.
/config/snmp/snmpd.conf
Stores SNMP configuration settings.
/config/ssh/sshd_config
Contains the SSH configuration and key files.
/etc/sshd_config
This is the configuration file for the secure shell server (SSH). It contains all the access information for people trying to get into the system by using SSH.
/config/routes
Contains static route information.

 



Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)