F5 - Commandes LTM pour la création de nodes, pools et virtual server
Alasta 5 Juillet 2015 f5 cli network F5
Description : Nous allons voir quelques commandes pour créer des nodes, pools et VS en cli/tmsh
Partie Nodes :
# Monitor par défaut
tmsh> create ltm node N-HTTP-EU-010 address 1.1.1.10 monitor default
tmsh> create ltm node N-HTTP-EU-011 address 1.1.1.11 monitor default
# Avec un monitor spécifique
tmsh> create ltm node N-HTTP-EU-013 address 1.1.1.13 monitor https_443
# Modification du monitor
tmsh> modify ltm node N-HTTP-EU-013 monitor default
# Suppresion d'un node
tmsh> delete ltm node N-HTTP-EU-013
# Liste des nodes
tmsh> list ltm node
ltm node N-HTTP-EU-010 {
address 1.1.1.10
}
ltm node N-HTTP-EU-011 {
address 1.1.1.11
}
ltm node N-HTTP-EU-012 {
address 1.1.1.12
}
# Liste node avec plus ou moins d'option
tmsh> list ltm node state
ltm node N-HTTP-EU-010 {
state unchecked
}
ltm node N-HTTP-EU-011 {
state unchecked
}
ltm node N-HTTP-EU-012 {
state unchecked
}
tmsh> list ltm node metadata ratio session
ltm node N-HTTP-EU-010 {
metadata none
ratio 1
session user-enabled
}
ltm node N-HTTP-EU-011 {
metadata none
ratio 1
session user-enabled
}
ltm node N-HTTP-EU-012 {
metadata none
ratio 1
session user-enabled
}
# Information sur un host spécifique
tmsh> list ltm node N-HTTP-EU-010 session
ltm node N-HTTP-EU-010 {
session user-enabled
}
Partie Pool :
# Création dun pool avec 2 membres, méthode de load-balancing par defaut
tmsh> create ltm pool P-HTTP-EU-002 monitor "gateway_icmp" members add { N-HTTP-EU-010:80 N-HTTP-EU-011:80 }
# Ajout d'un pool member
tmsh> modify ltm pool P-HTTP-EU-002 members add { N-HTTP-EU-012:80 }
# Suppression d'un pool member
tmsh> modify ltm pool P-HTTP-EU-002 members del { N-HTTP-EU-012:80 }
# Modification du monitor et methàde de load-balancing ajout de node
tmsh> modify ltm pool P-HTTP-EU-002 monitor "gateway_icmp" members add { N-HTTP-EU-012:80 {priority-group 2} } load-balancing-mode observed-member min-active-members 1
# Suppression d'un pool
tmsh> delete ltm pool P-HTTP-EU-001
# Affiche les pools
tmsh> ltm pool P-HTTP-EU-002 {
members {
N-HTTP-EU-010:http {
address 1.1.1.10
session monitor-enabled
state down
}
N-HTTP-EU-011:http {
address 1.1.1.11
session monitor-enabled
state down
}
N-HTTP-EU-012:http {
address 1.1.1.12
priority-group 2
session monitor-enabled
state down
}
}
monitor gateway_icmp
}
ltm pool P-HTTP-EU-003 {
members {
N-HTTP-EU-010:http {
address 1.1.1.10
session monitor-enabled
state down
}
N-HTTP-EU-011:http {
address 1.1.1.11
session monitor-enabled
state down
}
}
monitor gateway_icmp
}
# Affiche un pool spécifique
tmsh> list ltm pool P-HTTP-EU-002
ltm pool P-HTTP-EU-002 {
members {
N-HTTP-EU-010:http {
address 1.1.1.10
session monitor-enabled
state down
}
N-HTTP-EU-011:http {
address 1.1.1.11
session monitor-enabled
state down
}
N-HTTP-EU-012:http {
address 1.1.1.12
priority-group 2
session monitor-enabled
state down
}
}
monitor gateway_icmp
}
Partie Virtual Server :
tmsh> create ltm virtual VS-HTTPS-EU-001 destination 3.3.3.3:443 pool P-HTTPS-EU-001 persist replace-all-with {source_addr} vlans add {VLAN_FWL} vlans-enabled profiles replace-all-with { /Common/tcp-wan-optimized } ip-protocol tcp
# Création d'un Virtual Server
tmsh> create ltm virtual VS-HTTP-EU-001 destination 3.3.3.3:80 pool P-HTTP-EU-002 description "VS HTTP Europe URL 1" persist replace-all-with {source_addr} vlans add {VLAN_FWL} vlans-enabled profiles replace-all-with { /Common/tcp-wan-optimized } ip-protocol tcp
# Modification du pool
tmsh> modify ltm virtual VS-HTTP-EU-001 pool P-HTTP-EU-002
# Affichage des virtual server
tmsh> list ltm virtual
ltm virtual VS-HTTP-EU-001 {
description "VS HTTP Europe URL 1"
destination 3.3.3.3:http
ip-protocol tcp
mask 255.255.255.255
persist {
source_addr {
default yes
}
}
pool P-HTTP-EU-002
profiles {
tcp-wan-optimized { }
}
source 0.0.0.0/0
vlans {
VLAN_FWL
}
vlans-enabled
}
Ménage
tmsh> delete ltm virtual all
tmsh> delete ltm pool all
tmsh> delete ltm node all
Autres :
VLAN :
# Création de VLAN
tmsh> create net vlan VLAN_FWL
# Affiche un vlan avec plus ou moins d'informations
tmsh> list net vlan internal interfaces
net vlan internal {
interfaces {
1.1 {
app-service none
untagged
}
}
}
tmsh> list net vlan internal
net vlan internal {
if-index 96
interfaces {
1.1 { }
}
tag 4094
}
Monitor
# Création d'un monitor
tmsh> create ltm monitor http M_HTTP send "GET /\r\n " interval 3 timeout 4
# Affichage des monitors non F5
tmsh> list ltm monitor
ltm monitor http M_HTTP {
defaults-from http
destination *:*
interval 3
send "GET /\\r\\n "
time-until-up 0
timeout 4
}
tmsh> list ltm monitor all-properties
ltm monitor http M_HTTP {
app-service none
defaults-from http
description none
destination *:*
interval 3
manual-resume disabled
partition Common
password none
recv none
recv-disable none
reverse disabled
send "GET /\\r\\n "
time-until-up 0
timeout 4
transparent disabled
up-interval 0
username none
}
# Afficher tous les monitors de type http F5 compris
tmsh> list ltm monitor http [all-properties]
ltm monitor http M_HTTP {
defaults-from http
destination *:*
interval 3
send "GET /\\r\\n "
time-until-up 0
timeout 4
}
ltm monitor http http {
destination *:*
interval 5
send "GET /\\r\\n"
time-until-up 0
timeout 16
}
ltm monitor http http_head_f5 {
defaults-from http
destination *:*
interval 5
recv Server\\:
send "HEAD / HTTP/1.0\\r\\n\\r\\n"
time-until-up 0
timeout 16
}