F5 – TMOS Administration

Exam 201 Study Guide

I have included a lot of good information listed by Rich Hill at veritablenetworks.blogspot.com

http://veritablenetworks.blogspot.com/2012_12_01_archive.html
Section 1: 19% Troubleshoot basic virtual server connectivity issues
Given a connectivity troubleshooting situation, consider the packet and
Objective 1.01
virtual server processing order
- Explain how a packet is process once it arrives at a device (connection table, packet filters, etc.)
o Existing connection in connection table
o Packet filter rule
o Virtual server
 <address>:<port>
 <address>:*
 <network>:<port>
 <network>:*
 *:<port>
 *:*
o SNAT
o NAT
o Self-IP
o Drop
- Explain how a virtual server processes a request (most specific to least specific)
o When determining the order of precedence applied to new inbound connections, the BIG-IP uses an algorithm which
places a higher precedence on the address netmask and a lesser emphasis on the port. BIG-IP sets virtual server
precedence according to the following criteria:
 The first precedent of the algorithm chooses the virtual server that has the longest subnet match for the
incoming connection.
 If the number of bits in the subnet mask match, the algorithm then chooses the virtual server that has a port
match.
 If no port match is found, the algorithm uses the wildcard server, if a wildcard virtual server is defined.
 A wildcard address has a netmask length of zero, thus it has a lower precedence than any matching virtual
server with a defined address.
o SOL9038: The Order of precedence for local traffic object listeners
 http://support.f5.com/kb/en-us/solutions/public/9000/000/sol9038.html
o SOL6459: Order of precedence for the virtual server matching
 http://support.f5.com/kb/en-us/solutions/public/6000/400/sol6459.html
o Specifically:
 Specific IP address and specific port
10.0.33.199:80
 Specific IP address and all ports
10.0.33.199:*
 Network IP address and specific port
10.0.33.0:8080 Mask 255.255.255.0
 Network IP address and all ports
10.0.33.0:* Mask 255.255.255.0
 All networks and specific port
0.0.0.0:80 Mask 0.0.0.0
 All networks and all ports
0.0.0.0:* Mask 0.0.0.0
- Given a specific connectivity issue, isolate where the problem might be according to the
processing order
o Order of precedence for virtual server matching
o Overview of packet tracing with the tcpdump utility
o Overview of TCP connection set-up for BIG-IP LTM virtual server types
o Manual Chapter: Introducing BIG-IP Local Traffic Manager

Objective 1.02 Identify the reason for an unresponsive virtual server

- Determine the state of a virtual server (offline, enabled, etc.)
o At any time, you can determine the status of a virtual server or virtual address, using the
Configuration utility. You can find this information by displaying the list of virtual servers or
virtual addresses and viewing the Status column, or by viewing the Availability property of the
object.
o The Configuration utility indicates status by displaying one of several icons, distinguished by
shape and color:
 The shape of the icon indicates the status that the monitor has reported for that node.
 The color of the icon indicates the actual status of the node.
Status
Explanation
indicator

The virtual server or virtual address is enabled and able to receive traffic.

The virtual server or virtual address is enabled but is currently unavailable. However, the virtual server or
virtual address might become available later, with no user action required.
An example of a virtual server or virtual address showing this status is when the objects connection limit
has been exceeded. When the number of connections falls below the configured limit, the virtual server or
virtual address becomes available again.

The virtual server or virtual address is enabled but offline because an associated object has marked the
virtual server or virtual address as unavailable. To change the status so that the virtual server or virtual
address can receive traffic, you must actively enable the virtual server or virtual address.

The virtual server or virtual address is operational but set to Disabled. To resume normal operation, you
must manually enable the virtual server or virtual address.

The status of the virtual server or virtual address is unknown. (Status is typically “unknown” because it
does not have an object to base it’s status on (no pool assigned). Server will still accept client
connections and could almost be considered “green circle”. Some configurations use iRules or
HTTPClass profiles to select from multiple pools

- Determine if a virtual server is configured for the proper listening port (highlighted below)
- Determine if a virtual server is configured with the proper IP address configuration (highlighted
below)
 - Determine if the virtual server is configured with the appropriate profiles
o If it is an HTTP VS, it will require a TCP and HTTP profiles.
o If it is an HTTPS VS, it will require TCP, HTTP, and SSL (client) profiles.
 If SSL is required for server side communication, it will also require an SSL (server) profile
 Sometimes a VS (client) or pool member (server) gets configured for SSL, but things don’t seem to work, check
that the appropriate SSL profiles are applied.
- Determine if the pool configuration has an effect on the virtual state
o Virtual Server status is determined by assigned pool status
o Pool status is determined by pool member status (pool needs a minimum of 1 available pool member to be marked
available)
o Pool member status is determined by node status (typically just ICMP)
- Determine which tools to use in order to diagnose the issue
o Start by logging into the BIG-IP
o See if the BIG-IP can ping the host of the pool member service (node)
 If Ping success telnet to pool member (IP:Port)
 Troubleshoot health monitor
 Else troubleshoot connectivity to node
- Explain the difference between the virtual servers status definitions
o See status indicator table
- Additional troubleshooting information:
o https://devcentral.f5.com/wiki/AdvDesignConfig.TroubleshootingLtmMonitors.ashx
o http://www.fir3net.com/Big-IP-F5-LTM/big-ip-ltm-health-monitors.html

Objective 1.03 Identify the reason for an unresponsive pool member.

- Discuss the effects of health monitors on the status of pool members/nodes
- Determine the state and availability of the pool member/node in question
- Verify the pool member/node Ration configuration
- Verify the pool member/node connection configuration and count

Objective 1.04 Identify a persistence issue

- Explain the concept of “persistence”
- Verify the type of persistence of profile assigned to the virtual server in question
- Validate the expected persistence behavior
- Differentiate between fallback and primary persistence
- Use the appropriate tool to troubleshoot persistence

Section 2: 10% Troubleshoot basic hardware issues

Objective 2.01 Perform an End User Diagnostic and interpret the output
 - Reboot and F5 platform into the EUD
o SOL7172: Overview of the End User Diagnostics software
o Release Note: End-User Diagnostics Release Notes
- Download the output from the unit an EUD was run on
- Interpret the output from an EUD and determine if the test passed or failed

Objective 2.02 Interpret the LCD Warning Messages

- Locate the LCD on an F5 Platform
- Correlate the LCD message to message in the corresponding log file
- Identify which tasks the buttons on the LCD perform

Objective 2.03 Identify a possible hardware issue within the log files
- Indicate which logs would contain debugging information
/var/log/messages System Information
/var/log/pktfilter Packet Filter Information
/var/log/ltm Local Traffic Information
/var/log/gtm Global Traffic Information
/var/log/em Enterprise Manager Information

- Given a log file, determine the nature of a hardware issue

- Given a possible issue, determine which log file entries to review

Objective 2.04 Perform a failover to a standby box under the appropriate circumstances
- Explain, under which circumstances, a failover would be used to determine if an issue is
software or hardware related
- Use failover as a troubleshooting step in an appropriate situation
- Describe the consequences of performing a failover (mirrored connections, persistent
connections)
o Connection mirroring is not recommended on a virtual server with client side SSL, because the connection will have to be
renegotiated after the failover anyway.
o All other virtual servers with connection mirroring and/or persistence will be honored as those connection tables are
replicated between BIG-IP devices

Section 3: 9% Troubleshoot basic performance issues

Objective 3.01 Perform a packet capture within the context of a performance issue
- Determine an appropriate location to take the capture
o One method is to start in the middle, typically at the BIG-IP. Capture client side traffic and server
side traffic. Compare the two to discover anomalies.
o Another method (depends on configuration and resources), is a client side approach. Perform a
packet capture on the client computer while accessing application through BIG-IP and perform
another packet capture while accessing the application directly on the same client computer.
Compare the two to discover anomalies.
o Sometimes a combination of the two is required to gather a full understanding of the problem.
o Filter packet captures by interface or VLAN, and hosts in question (client IP, VIP, Server IP/s)
- Determine the appropriate time to take the capture
 o Packet capture should be performed
- Determine an appropriate tool to use
- Ensure the packet capture tool has the capacity to capture (drive/app)
- Narrow the scoped/context of information being gathered
o The full syntax of the tcpdump command may be listed by running man tcpdump on the
command line. For most troubleshooting, the –i flag to specify an interface and several filters are
sufficient. On BIG-IP, the “interface” is usually the VLAN name (although you may use eth0 to
dump on the management interface). VLAN names are case-sensitive. Some examples of filters
to use are:
 host x.x.x.x (where x.x.x.x is an IP address)
 port zz (where zz is a tcp port number)
 icmp, arp (protocol types)
o Filters may be combined with Boolean logic (and, not, or).
o So, some typical tcpdump commands would be:
 tcpdump –i internal host 10.10.1.10 and port 80
 tcpdump –i vlan502 host 10.20.1.50 and not port 22
 tcpdump –i DMZ port 25
 tcpdump –i vlan464 port 80 and not host 10.30.1.75
 tcpdump –i DMZ_Transit host 10.40.1.10 or host 10.40.1.11
o These various combinations will allow you to pinpoint the traffic flow you are trying to observe.
One session should be run on the external or transit VLAN, and another session should be run on
the internal or server-side VLAN in order to capture the entire flow of traffic back and forth.
o Tcpdump captures may also be written to a file using the –w flag. See the tcpdump man page for
further info. It is recommended to use the /var/tmp directory for the output.
- Given a scenario, determine whether a packet capture is appropriate

Objective 3.02 Use BIG-IP tools in order to identify potential performance issues
- Differentiate between performance issues types (i.e. Latency, Congestion, broken content)
- Establish the frequency of a given issue (random, continuous, isolated, intermittent, repetitive
intervals)
- Explain how to get performance statistics in addition to those shown in the dashboard
(Overview – Performance)

Section 4: 7% Troubleshoot basic device management connectivity issues

Verify remote connectivity to the box in order to determine the cause of a
Objective 4.01
management connectivity issue.
- Isolate potential causes of basic network connectivity issues, given scenarios related to:
o Client configuration
o Client network access
o Device network access
o Network topologies
- Apply connectivity troubleshooting tools (i.e. ping, traceroute, http/https availability, remote
shell access, network based console access) in the appropriate situation
 Check and interpret port lockdown settings in order to determine the cause of a
Objective 4.02
management connectivity issue
- Given a scenario, review port lockdown settings on the Self-IP to determine the cause of the
issue
- Describe appropriate use cases for the use of port lockdown

Check and interpret packet filters in order to determine the cause of a

Objective 4.03
management connectivity issue
- Determine whether a filter is enabled
o GUI: Network > Packet Filter > General >
In the properties section, a box will indicate
whether the packet filtering functionality is
enabled or not
o Bigpipe:
- Interpret a packet filter rule list in a given situation
o

Given the use of a remote authentication server, verify proper DNS settings in
Objective 4.04
order to diagnose a connectivity issue
- Given a suspected DNS issue, use appropriate tools to verify proper settings
- Given a suspected DNS issue, use appropriate tools to verify DNS response

Section 5: 14% Open a support ticket with F5

Identity the appropriate supporting components and severity levels for an F5
Objective 5.01
support ticket
- Identify the necessary components for all supporting cases (Qkview uploaded to iHealth/ or
attached to case, serial number of device, problem description, other supporting data)
- Identify severity levels and the associated response times
- Additional Information:
o http://support.f5.com/kb/en-us/solutions/public/0000/100/sol135.html

Objective 5.02 Given an issue, determine the appropriate severity

- Given an issue, determine the appropriate severity
 Objective 5.03 Provide quantitative and relevant information appropriate for a given issue
- Distinguish between qualitative/quantitative statements in order to assemble an accurate
problem description
- Distinguish between relevant/irrelevant information in order to assemble an accurate problem
description

Objective 5.04 Given a scenario, determine the proper F5 escalation method

- Given a scenario, determine the proper F5 escalation method

Section 6: 10% Identify and report current device status

Objective 6.01 Review the network map in order to determine the status of objects on the box
- Explain the status icons of objects on the map
o The network map presents a visual hierarchy of the names and status of virtual servers, pools,
pool members, and iRules defined on the system. You can click the name of IP address in the
map to open the properties screen of that object. The map shows all objects in context, starting
with the virtual servers at the top. The settings in display options determine which objects are
included. When you position the cursor over an object, the system presents hover text
containing information about the object. Although a pool or pool member might be referenced
in an iRule, they are not included on the map.
o The system arranges virtual servers alphabetically and their depending objects in a hierarchy
 Virtual Server
 Pools assigned by HTTP classes
  That pool’s members
 iRules statically assigned
 Default pool
 That pool’s members
- Explain what virtual servers, pools, nodes, and pool members are
o Each of the actual servers used for client traffic are defined on your BIG-IP system and are known
as pool members. Each pool member will include the server’s IP address and port. You can
define pool members with their host name and if the BIG-IP system can resolve the name.
Similarly, the service name can be used instead of the port value if a standard port is being used.
Frequently, servers are located within networks that use private (RFC 1918) address and
physically isolated from public networks. This allows the use of the many security features of the
BIG-IP system. Pool members are defined as you create and modify pools.
o The devices represented by the IP addresses of pool members are called nodes. Since nodes only
have an IP address, they may represent multiple pool members. Nodes are typically not defined
directly. Rather, as pool members are defined, the associated nodes are created automatically.

Status Explanation
indicator

The node is enabled and able to receive traffic.

The node is enabled but is currently unavailable. However, the node might become available
later, with no user action required. An example of an unavailable node becoming available
automatically is when the number of concurrent connections to the node no longer exceeds the
value defined in the nodes Connection Limit setting.

The node is enabled but offline because an associated monitor has marked the node as down. To
change the status so that the node can receive traffic, user intervention is required.

The node is set to Disabled, although a monitor has marked the node as up. To resume normal
operation, you must manually enable the node.

The node is set to Disabled and is down. To resume normal operation, you must manually enable
the node

The node is set to Disabled and is offline either because a user disabled it, or a monitor has
marked the node as down. To resume normal operation, you must manually enable the node.

The status of the node is unknown. Sample reasons for unknown node status are:
The node has no monitor associated with it.
Monitor results are not available yet.
The nodes IP address is misconfigured.
The node has been disconnected from the network.

o A pool is a group of pool members. With few exceptions, all the members of a given pool host
the same content. Pools are named, and like most other objects on BIG-IP systems, their names
can begin with a letter or underscore, can contain numbers and cannot contain spaces. In
addition to members, pools also have their own load balancing method, monitors and other
features that are defined when the pool is created or modified. You can also view or reset
statistics on pools and their members. When a new connection is initiated to a virtual server that
is mapped to a pool, various criteria, including the pool’s load balancing method, may be used to
determine which member to use for that request.
 o Virtual Servers are the primary mechanism the BIG-IP system uses to process and track traffic.
Each content site that a BIG-IP system manages must be associated with at least one virtual
server. Like pools, virtual server definitions include a name, and IP address and a port. Beyond
that, virtual servers have many features that allow you to choose how traffic is processed.

Objective 6.02 Use the dashboard to gauge the current running status of the system.
- Interpret each of the statistic types displayed by the dashboard
- Given a situation, predict the appropriate dashboard statistics

Objective 6.03 Review log files in order to gauge the current operational status of the device.
- Given log file snippets, describe an event sequence
- Given log file snippets, identify critical events

Objective 6.04 Use iApps Analytics to gauge the current running status of application.
- Explain the purpose of iApps Analytics
o iApps analytics provide real-time application performance statistics as well as diagnostic and
troubleshooting information such as application response time, network latency, and connection
statistics for the entire application, virtual server, pools, and nodes.
- Describe how to capture application statistics
- Given a current running status, recognize significant statistics

Section 7: 14% Maintain system configuration

Objective 7.01 Create and restore a UCS archive under the appropriate circumstances.
- Discuss scenarios in which restoring a UCS archive is appropriate
- Discuss the tasks involved in successfully restoring a UCS archive
- Given a scenario, discuss when it is appropriate to create a UCS archive

Identify the components and methods associated with automating and

Objective 7.02
scheduling tasks with the Enterprise Manager.
- Identify which tasks can be automated using EM
- Identify which sub-tasks exist (i.e. install a hotfix but not reboot into a newly upgraded volume,
etc.)
- Outline EM’s method of creating automated UCS archives
- Describe EM’s behavior when encountering task failures on specific devices

Objective 7.03 Automate and schedule tasks using Enterprise Manager.

- Discuss the strategy for deploying a hotfix from EM to multiple high availability (HA) pairs
- Discuss how EM can be used to track a configuration change on a managed device
- Discuss how to use EM to determine SSL certification expiration on managed devices

Objective 7.04 Manage software images

- Given an HA pair, describe the appropriate strategy for deploying a new software image
- Describe the potential impact of booting a device into another volume
 - Discuss common issues related to the migration of a device to a new software version

Section 8: 17% Manage existing system and application services

Objective 8.01 Modify and manage virtual servers
- Given a proposed virtual server configuration change, outline the scope of the change and for
which connections those changes will affect (active connections, new connections, persisted
sessions)
- Given a description of an application, identify the correct virtual server configured for it
(HTTP/HTTPS, TCP/UDP, VLANs-enabled, route-domain)
- Given a situation where a virtual configuration change did not appear to immediately take
effect, determine why

Objective 8.02 Modify and manage pools.

- Distinguish between disabling a member and forcing it down
o Disabling a pool member will still allow PERSISTENT or ACTIVE connections
o Forcing a pool member down will only allow ACTIVE connections
- Determine use cases for disabling a member
- Determine use cases for forcing down a member
- Given a situation where a pool member has been disabled but still appears to be receiving
traffic, determine the cause
- Articulate the characteristics of a pool member that has been disabled or forced offline (Such as
for new connections, persisted connections, etc.)