F5 101 – Part 3: Maintaining Application Delivery Controller (ADC) Part 4

12. Traffic Flow Interpretation Demo Part 2

Now, let’s talk about traffic reports. We’ll go to statistics, performance reports, traffic report, and as you can see, we have three categories. We have the system utilization, the throughput, and the connections. Now, this report or this graph is today, June 3, 3rd, 2020. At this time of this recording, it was June 3, 2020. And as you can see on the right pane, it will gives us the average percentage of both CPU and memory. Now, if we hover my mouse on the graph, you will see that it’s changing the percentage. From the memory, it went down as low as 33%.

And as I move it to the right, it’s going up 35, 36, and the highest is 37. So the 35% average is just fine. And for the CPU, it is going down to 3%. It went to 22, it went down again to two, but it went max at 39%. Now, if we check the throughput here, it averaged five bytes in and eleven bytes up, both on the client and the server side. If I check our graph, it reached maximum 44 bites, but it went average of eleven bytes. Because there was a time that it was really low. On this specific time, it was zero. This time it was only five bytes. Now, on the connections, well, the good thing about this is we can also select some of the properties here.

I will select Active and SSL. It is currently zero, but this is on the current time being. Now, what I’m going to do is I’m going to move this time option here. I will not only select the current date, June 3, let’s select also from May 28. There you go. Now, the graph looks better because we’re not just talking about one day or a few hours, we’re talking about at least three days. As you can see, our system utilization graph is averaging 33% for the memory, 5% CPU.

For the memory, it’s always around 30 plus percent. But for the CPU, like what we showed you earlier, it goes down to zero or less than 5%, but it can also go up up to 39%. Okay, now let’s go to the connections. For the connections, as you see, we have the highest active number of connections. This is 57 on both the client and the server. Maybe this was the time that we were doing load balancing and we were doing many SSH transactions around 57. How about the active? All right, so it reached 22 Active connections for the SSL. We didn’t test much of SSL, but yeah, sometimes you get one, but the average is zero because we don’t have much testing for the SSL, you.

13. Understanding ADC services Part 1

Object status. These are the status or the symbols of our local traffic objects such as nodes, fool members, pools and even virtual servers. So we have different symbols under meaning. First, we have green circle which is also known as available or Online. This simply means that the big IP is is constantly monitoring or tracking this pool member and it is also constantly responding successfully. So we’ve already talked about this under help monitor discussion. We also have blue square which is also known as Unknown. This is the default and if you don’t associate help monitor to a pool or to a node, this is your symbol. This is the symbol of the objects. We also have yellow triangle. It says enable, but unavailable. Well, just to make it short, this will only happen if you set a connection limit to your pool member. If the connection limit hits the maximum, you will get yellow triangle.

Now again, this is per pool member configuration. If all pool members hits the maximum or all pool members become yellow triangle, the pool becomes also yellow triangle as well as the virtual server. We’re going to demonstrate this later in the lab. We also have red diamond which is offline. So if you associate the help monitor and if the server is not responding successfully based on the help monitor configurations or settings, the big IP will mark that server as offline. Okay? We also have disabled. Now, when I say disabled, this is a black icon. It can be black square, black circle or black triangle. It just means that you disabled this object. It can be a pool member or it can be a node or even virtual server. We also have force offline.

Now, force offline is also black, but it is diamond. Okay? The difference between force offline and disabled will be discussed in the next slide. We also have gray icons. Now, gray icons is also equivalent to disabled. It’s just that it became disabled based on its parent status. So if you disable a node, the pool member will become gray disabled and the node will get a black disabled symbol. Disabled versus force Offline so I’m going to add a whiteboard discussion here. Let’s say I have a big IP and we have two servers, server One and server Two.

The first server is set to disable, the second server is set to force offline. Okay? It says both disable and force offline. Both will no longer accept new connection but will still accept traffic from an active connection such as SSH, FTP and other applications. Let’s say we have an existing SSH for the first pool member as well as the second pool member. So SSH is already been established. You can do commands like Lscd, PWD, doesn’t matter. Okay? So there’s already an existing traffic and even if it’s disabled and force offline, you can still continue working to the first and second pool member. So there is no difference at all. Also it has the same effect if there is a new SSH connection let’s say this is SSH three. Since both are not online and it’s also not blue Square, it is disabled and force offline, the third SSH connection will be dropped.

There is no way you can enter or you can establish SSH on the two full members. Why? Because there are disabled and force offline. Now, here’s the difference between disabled and force offline. Let’s say we have a persistence record. Persistence record and both is for server one and two. Let’s say 170 216 20 dot one and 170 216 22 so persistence record exists on both servers. Okay, here’s the question if I continue sending traffic to pool member one, which is already persisted, will it still accept the traffic and the connection? The answer is yes, it will not go to another pool member. Let’s say we have a third pool member. Let’s say I have a third pool member. Here the connection to pool number one will still maintains but for pool member two, even if there is already an existing persistence record, the big IP will say hey, your force offline, I have to look for another available server which in this case the third pool member. So the big difference is disabled will still accept traffic from a connection that is already persisted, while force offline will not do that. If you’re force offline, new connections, even if it’s persisted, will not be accepted. Instead it will look for another active pool number.

We also have manual resume. Here’s how it works I have our big IP, we also have two servers. Now, one is normal default settings and one is manual resume. Here’s how it works let’s say we associated monitor to the pool and it’s inherited by the pool member and you rebooted both servers rebooted simultaneously. What happens is during the reboot or the downtime, the status will become offline. And this is very obvious, right? It become red diamond, it become offline. Now, as it’s starting to put again, the first server goes back to available status, meaning it’s up again. The big IP can start forwarding traffic to this server. How about the second server? AHA, it will not go back to green circle or available status. In this case, you have to select that pool member and manually enable it that’s the manual regime works. And maybe you’re thinking why do we want to do that? Well, this is more useful if, let’s say your server is having problems and literally it’s doing maintenance.

So while you’re fixing the server and you already know that it’s not working properly, it is best to make it offline. Even we know that it may respond to the monitor. Now, when everything is fixed, the server is working properly. Now we resolve the issue. That is the time you can do manual resume and if it’s working, working properly, everything is fixed. You can disable manual.

14. Understanding ADC services Part 2

You may be asked in the exam what services running in our big IP device. We will use a command called NestAT and this can be executed in our advanced shell or in Linux batch. Again, NestAT is a command that provides information on the services running in our local system. We’re not going to use Nets tot only command, but we’re also going to add some flaps. These are T U LPN and we’re also going to filter with a string listen, so that we can only view the services that are currently listening. We’re going to demonstrate this command but the TNU. This means we’re going to add protocols running on TCP on UDP. Again, this slides allows us to provide the name of the services that is currently running in our system and it also maps the services on which ports. Now, here’s the example. As you can see here, we have different services running. We have named D.

Which is our Bind or DNS? It’s running on both TCP nine, five three and TCP 53, which is the default port. There are also some services that are currently running like MCPD. We also have running on port 80. We also have IP version six or ports running in our IP version six. Now, we also have other ports running in UDP such as Alert, D, again named which is Bind. We also have NTP, Ntpd which is the network time protocol and many more common services that are running in our Fib IP device includes the following we have TCP and UDP running on port 4353 here and these are I query services. Now, maybe you’re thinking what is I query services? Well, I query services.

These are the services that is running during our clustering and high availability. This works together with the network Failover which is running on UDP port 1026. Management applications such as Https and SSH is also a common applications running in our F five VIP IP device monitoring protocol SNMP on both TCP and UDP is also a common application as well as DNS. Now, if you look at our table, we also have network and routing protocol. These are IGMP, OSPF and PM as well as Rip running on UDP Port 520.

Now, if you think about it, Rip is running under the UDP transport. Why is IGMP OSPF and PM doesn’t have a transport? This means that they carry their own transport. They own an IP protocol which is for IGMP it’s two, for OSPF is 89 because Enigma is 88, OSPF is 89 and for PM is 103. Now, if you recall our port lockdown configuration for our external self IPS, by default it is set to none, meaning there are no applications or services allowed. And in our demonstration we allowed port 22 or TCP port 22 so that we can access our Fib IP via CLI or via SSH.

Now, this services this are default allowed to port lockdown in our internal self IP address. So in our lab, this self IP address are running in 170, 216, 131 and 133. We are here in our advanced shell Linux bash, and we’re going to execute a command Netstat. Now, if I execute Netstat command, these are too many outputs. We need to do some filtering. Not only that, the service ports are not also converted to names. So here’s what I’m going to do. I am going to add help to see what are the flags that we can add. We have T, which is TCP and U which is UDP, because we want to view what ports running in both UDP and TCP transport. We also have L A, which will display the listening server socket. We’re also going to add P, which also display the program name for the sockets. And lastly, we have N. Okay? This means that we also not going to resolve names. Now let’s do it. And we’re going to do tu LPN. We’re going to also filter listen because we want to only view the services that are currently listening. So if I hit enter, you will see the services such as Named, which is by for DNS. We also have device management. This is proprietary services or protocol for our F five B IP. We also have httpd SSD, again http port four, four three for a secure protocol. And some are IP version six services.

15. Understanding ADC services Demo Part 1

And I am back in my Fib IP GUI and we have two tabs. The first tab is all about configuration. So we’re going to configure our nodes, pools and virtual servers. And the second tab is used solely for monitoring purposes. As you can see, we have our network map and we we have three applications. All three applications has no help monitor associated. So you will all see the objects with a blue square or unknown status. Now let’s enable Help monitors and discuss the different types of object status. Now I’m going to go to Pools and I’m going to select Http pool. I’m going to enable Http default help monitors. So I’m going to click Update and I’m going back to my second tab. If I hit refresh, you will see that it’s not only Http pool who has a new status which is green circle equivalent to available or online, all three pool members because by default, pool members inherit the help monitor from the pool. And as you can see, the virtual server is also inheriting the status from the pool. Okay, so we’ve already discussed this. What we’re going to do next is I am going to click one of the pool members and I will use a different help monitor to make it offline.

So I’m going to select UDP Help monitor because we know this servers doesn’t run any UDP application. So I’m going to click Update now and if I go to our network map, hit Refresh. As you can see, the pool member three is now offline. So this is very basic. What I’m going to do next is I’m going to make all three full members offline. As you see, the Http pool has still a green circle or available status because there is at least one pool member with an available status. So if there is one, even one, one out of 100 or one out of one out of 1000 pool member, if there is one online, pool member will see it. Excuse me, the pool will see it and it will say, okay, there’s one available pool member online. I will make myself online and this will be inherited by the virtual server.

Okay, but what happens if all pool members become offline? So what I will do is I’m going to make this inherit from pool, click Update. It should go back to Online or available. If I go to Properties and I will select UDP from the pool. Again, not pool member. This will make all three pool members offline, all three. So the result is the pool will recognize there is no pool member that is available. Every pool member is offline. I’m going to put myself in an offline status and this will be seen by the virtual server. And as you can see, virtual server has an offline status as well. So that was the effect of offline versus available online. So I will go back and select Http because we want our pool members as well as pool and virtual servers to be all online.

So the next example will be disabled. I am going to disabled one of the pool members and I will go to pool. If I click one pool member disabled, what happens? It’s one disabled. As you can see here, it went to disable, which is it’s a black circle because the original shape is already circled. Disable means it’s black. And what I’m going to do is I will also disabled one of these pool number under Https pool. So I will go to Https pool and I will disable one pool number.

Okay? I will click network map. As you can see, both are disabled, but the difference is one is box square and one is black circle. Okay? Now, there is no difference when it comes to feature or the actual receiving of the connection. We’re going to talk about what a disabled object will receive and will not receive in a bit. The major difference between a black square and a black circle is this. I’m going to make all three pool members disabled. Okay? This is under Https and all three pool members are now black square. I will go back to my Http underscore pool and we know that all three pool members are circle, meaning before disabled, it was green circle equivalent to available. I’m going to disable it now. Okay, now, there’s a difference between these two.

And if I go to Network Map, as you can see, all three pool members are disabled. But look at the status of the pool. It’s still unavailable. Or blue square, also with Https virtual server, both are unknown blue square. But if you look at the Http and Http pool and the virtual server it went to, what? This is not blue square nor is not green circle. It is grayed out. The color is gray and it’s still circled. This means that its parent is disabled. So it just inherited. Like, oh, all of the three of you are disabled. So I will make myself disabled, but in a different color, which is gray. And the parent of the virtual server is Http. It just inherited the status, which is gray circle. So that is the difference between unknown versus available. Now, I will enable all of the pools now. I mean, pool members. If I click Network map. All right, it all went back to normal.

16. Understanding ADC services Demo Part 2

Next is I’m going to enable connection limit so that we can see the yellow Triangle status. So I will go to my pool, I will select SSH pool and this time I’m going to click Members. And as you can see, by default, the connection limit of every pool member is zero. So I am going to simply change this to let’s say two. I will click Update, select the second pool member connection limit to two and the last pool member connection limit to two. Now we already have the ratio settings and then the priority group. So I’ll just disable the priority group and make the load balancing method round robin. So we expect that if we establish connection to our Sshvs, it will load balance to all pool members. And as you can see, each pool member has a connection limit of two. So we will only have two SSH session per pool member maximum six. And we will see then the network.

Under Network Map you will see the status will change to Yellow Triangle. So let’s do that. I’m going to establish connection now to the SSH. There you go. So we only have a total of six and the next few connections are dropped. Now I’m going to open a new tab and this time I will go to Statistics Module, statistics, Local Traffic and I’m going to select Pools and I will reset the statistics for SSH pool. And as you can see, the current active connection is total of six to each pool member. Now, if I go to Network Map, which is we already seen in the statistics page, all pool members has the same status which is unavailable. And this is Yellow Triangle. Since all three pool members are unavailable, it will be inherited by the SSH pool and the SSH Vs. Okay, so all I need to do to make this go back to normal or two hour default is change the connection limit to zero, which is the default. And if I go back to our Windows client, I can now establish new SSH connections. If I go to statistics, if I click Refresh Now we are establishing more than six SSH connections.

Now if I go to Network Map, you’ll see that Https and SSH applications all have unknown status. And we’ve already talked about this in our previous discussion. It’s not only the virtual servers, pools and pool members has an unknown or blue square. Even the notes if I hover my mouse to this pool members, yeah, the pool member has available status, but the node, as you can see, is still blue square. The reason for this is the node has a different help monitor versus the pool members. Okay, now I will go to our node configuration and I’m going to change the default monitor for the entire nodes, meaning all three.

IP address 170 216 one excuse me, 170 216 21 two one three. I’m going to select ICMP. Now if I go back to my network map and hit refresh, you will see no changes at all. But if I hover my mouse, as you can see to every single pool member, you will see the difference. All nodes are now in green circle or available status. Okay? All right. And this is how powerful node help monitor is. If I select all nodes and hit disable if I go to network map, what happens? All pool members become disabled as well. But this time it’s not black color, it is gray. Because because the parent is now the nodes. If I hover my mouse, you will see that the node has the black color. Okay? The node has the disabled status, the original disabled status. The pool member is just inheriting the status from the node.

17. Understanding ADC services Demo Part 3

Now let’s enable all nodes and compare this able versus force offline. So this is our network map. I’ll go back to nodes configuration and I will click this tick box. This will allows us to select all nodes in the list. So I’m going to click enable, go back to our network map, verify that goes back to green circle Https and the SSH pool goes back to blue square or unknown status. And here’s what I am going to do. I will go to my Http pool and I am going to verify that all pool members are in a normal state, which is available green circle. Okay? And here’s what I’m going to do. Let’s verify oh, no, we should go to SSH pool first. SSH pool, there you go. I will select members and verify that we’re using round robin load balancing and connection limit is now zero. All right, so we’re going to establish connections to our SSH virtual servers. And before that, I will make sure that the statistics will all go back to zero. Okay? Hit refresh and there you go. All are zero.

Now what I’m going to do is I will go to our Windows client and I’m going to establish multiple SSH connections. And this is the normal settings like round robin load balancing. We didn’t disable or force offline any pool member. So if I two more, okay, 123456. So if I check our statistics page, we have six Sh connections. It load balance to all three pull members, which is pretty normal. I’m going to do is I’m going to select all three pool members under SSH pools and I’m going to click Disable. Okay, take note. We have six active connections, two per pool, and I’m going to disable it. I’m going to disable now. There you go. It’s now disabled. And if I go back to our Windows PC, every single SSH connections are still alive. I can do LS, Pawls, I can do CDCD or CD. I can still continue what I’m doing. Even these full members are already disabled. Okay, CD, so pretty. All guaranteed, all pool members that is SSH active is still working. It didn’t drop the connection. Why is this? Because this is how Disable works. Even if it’s already in the disabled state, it will still become active.

The active connection will still be up. Now, this still works the same if I do force offline. And here’s the difference. It’s not about the active connections. As you can see, it’s force offline. And as you can see, the active connections, in this case, it’s SSH applications are still active, still working. What is not working is if life tried to establish a new connection, see, it is all dropped. And this is both the same for disabled and force offline. What differs between force offline and disabled is for persistence. And what I’m going to do is I will simply close all these six connections, right? So it’s gone. And this time I will use okay, it’s now zero. And as you see, all three are forced offline. Now I’m going to re enable them, all three pool members.

Okay? I will now use Http virtual server. And before we test the persistence and the difference between force offline and disabled, let’s verify first if our load balancing is working for our Http virtual server. So I will connect to 1010 100, which is our Http virtual server. It’s currently connected to server one. If I click refresh, it connects to server two. Now it’s server three. If I click source IP address link, you will see that it’s still load balancing to node one, two and three. Okay? So everything is good. Here’s what I’m going to do. Next, I will enable persistence. I’m going to select the system defined persistence source underscore adder and click update. I will go back to my Windows client and I’m going to hit refresh multiple times. As you see the node or the server doesn’t change, it’s still 170, 216, 23.

And the reason for this is because we are using source address persistence, it persists the first connection. So therefore, if I pass the load balancing and if we go to our tmSh, if I do, I’ll go to LTM module first. And if I do show persistence, persistence records, I see that it’s persisting to server number three, which is expected. Okay, now here’s what I’m going to do. Next. Under pools, I’m going to click Http pool and under pool members, I am going to select pool member three, because pool member three is the one which is being persisted. Okay? I’m going to hit refresh because we don’t want to expire this persistence. I’m going to disable this pool member again. I’m going to disable it. Why? Because we want to test if disable maintains the persistence record or it will look for another available pool member. I’m going to click disable now and we’ll go back to our Windows client. Now, based on our discussion, if we hit disable and persistence record exists, it will still maintains the connection to that persistent pool member. Okay? So I’m going to hit refresh.

Now look at that, it didn’t change. It’s still persisting to the pool member. 170, 216 23. Okay, so our theory works. How about if I change this to force offline? If I change this to force offline, what will happen is even if there is a persistence record, okay, still persisting to the third pool member, no problem. But this time I choose to force offline this pool member. If I go back to our Windows client and if I hit refresh, since this is not disabled anymore, it’s now force offline. It doesn’t look for persistence record. It will say hey, you’re offline, even though I still accept active connection. But this time you’re just doing persistence. And Http, by the way, is not a long live connection. So it’s already killed the connection. So once the client receives a response page, that means connection is not established anymore. So here’s what I’m going to do. I’m going to hit refresh. And look at that. It didn’t maintain to the third pool member, it went to the first pool member. So our disabled versus forced offline comparison is working properly.

18. Introduction to iHealth

What is an ihelp? It’s a big IP diagnostics tool and it saves to monitor the status of your big IP device. And when I’m talking about the status, this means not just configuration, not just object status such as pool vs. Are they available, are they offline? No. When I say status everything that you see in your big IP device. This includes performance, traffic, grabs, even high availability status or even other information of your big IP appliance. The good thing about ihealth is it can also fix issues quickly. What issues are you talking about? This can be security related issues, this can be also bugs, or it can also issues that can be resolved to enhance and optimize performance. Ihealth can also gain insight to improve search functionality ASM violation list and extends graphing capabilities.

Ease of management well, ihealth is not only accessible via your big IP GUI, it can also be accessible from a third party software application through the use of Rest API. It can also extend reporting diagnostics available in CSV and PDF file format. The steps on generating or viewing the health of your big IP device is quite easy. First thing you need to do is log in in your big IP GUI and under system you go to support and this is located on the very bottom of the left pane. If you reach the support page you will select Generate QK view and download. Once you download the QK view file, this is the file that you need to upload in ihelp portal. When you go to ihealth portal which is iheld fan you need to log in user your ihealth account. Upon uploading your QK view file you will see a new entry.

You will also see your big IP hostname. Once you click it, you will get to the ihealth page to view diagnostics new ihealth features available. In version 13 you can upload the QK view to ihealth directly from the big IP GUI. This requires F five user credentials. So what you do here is under health utility you select generate and upload QK view to ihealth and this will ask you for your ihealth credentials. Okay, you input your user ID and password and what happens is this it will generate the QK view and it will automatically upload to your iheld portal. And as you can see under your f five iheld, you will now see the new big IP instance. Okay, this is big IP one f ytrn. com. Well for me this is almost the same, it’s just easier and shorter process iheld. The land six allows us to see alerts and lists vulnerabilities, provide resolution and fixes and link to related article.

So as you can see these are the issues. It can be bugs, it can be security related issues and there are also some suggestions. Some of the suggestions is just requiring upgrade, some is a configuration related task. But the good thing about this is there is already an article that explains us. Why do we need to solve this issue? And what is the effects of these bugs or security related problems? It’s not only security vulnerabilities and fixes Ihealth provides, but the entire big IP system platform. And all of the information you need can be seen in Ihealth. As you can see, under System Vice House, you can view the resources information such as memory, CPU and disk TMOs information, software or hardware related information as well. So in a bit I will demonstrate to you more eye health features in our demo section.

19. iHealth Demo Part 1

I’m here in our FIP IP GUI and we’re going to download our QK view file. Then we’re going to access our ihealth portal. We’re going to upload the QK view file that we downloaded to see the current state of our fib IP device and also see the diagnosis information. So let’s go to our system module and as I mentioned from our previous discussion, the last option here the support. This is where we can download our QK view file. All we need to do is click the new support snapshot button here on the upper right. And from the options next to help utility we can select Generate QK view file. Now this is the old way. The new option that is introduced in version 13 software is generate and upload UK view to ihelp. So from this page you don’t need to access the ihelp portal.

It will automatically upload the QK view file that we’re supposed to download. But in this demonstration, we’re going to do it the manual way. So I am going to select the Generate QK view option and we’re not going to exclude some of the files. We’re just going to leave it default. I’m going to click start. Now, as you can see, it’s starting to generate QK view file. Let’s wait. This will only take less than a minute. All right, the generation of the QK view file is complete. Now we’re going to click Download. It’s starting to download the file now. Let’s just wait for a few more seconds.

We have successfully downloaded our QK view file. Now let’s access our hell portal. I’m going to open a new tab. I’m going to type iheld fi. com click Enter. We are asked to log in. Now I will just use my username, my credentials and I’m going to click Login. We have successfully logged in in our iheld portal. And as you can see, we already have an entry.

This is BigIP example. And look at the version. It’s ten 10. It is generated last June 6, 2020 because this is the first time we access iheld. Now if I click this hostname, the bagpipe example, this just shows us a high health portal, looks like. But the information we’re going to get is nothing real. We have virtual servers, we have information such as modules, such as logs. But as I mentioned, we didn’t pull this from any big IP device. This is already added by default.

So I am going to go back and we’re going to upload our QK view file. So here in our home page, I will click Upload, I will click choose, I will select support two k view file. And this is the file we just downloaded. I’m going to click Open and I’m going to click upload QK view and it’s starting to upload our QK view file now. All right, upload has been completed and we see our big IP hostname as a new entry. As you can see, is now normalizing. Now our big IP instance is added to our Ihealth portal.

20. iHealth Demo Part 2

Let’s click our Fibig IP hostname bigipip One fibern. com. First thing that you will see in Ihealth instance is the status. Under status, we have diagnostics file, quick links, configuration tools and system information. Now, let’s first talk about the diagnostic. We have three types of results. We have ten under high, medium and low alerts. For the evaluation, it says a large number of issues found and it is recommended to upgrade to a higher version. In this case, it’s version 15 one two. We also have an option to download this information via PDF and CSV file. Now, this is uploaded by this account, which is my email. And this is the file name on the right page or on the right page, we have Quick links. This allows us to go to some of the files such as Bigip. com, Big IP underscore Page and log files such as LTM, TM, GTM, APM and ASM. And all of these are residing in our bar log directory.

Now, we also have a summary of our configuration objects. We have three revertible servers, three nodes, three pulls, 59 rows. But all of these are system generated or system defined rules as well as monitor instances. Nas, we didn’t create one, so these are all zeros. Now, for the system. Well, we’ve configured this so we all know the value, such as host name, the time zone, the statuses. It’s currently standalone because we reverted it. We deleted the High Availability configuration, and I repeated this less than a couple of hours ago. So, as you can see, some time is 1 hour. Okay, now, we also have software information such as the release. This is the software version 31 Three. And what are the modules that are licensed and provision? We have few modules that are licensed, but we only provision local traffic. Now, this is the summary. If we want to go in detail, we can select some of the links here. For example, hardware.

We already know that this big IP is running in Virtual Edition, so we don’t see any hardware information. But if I click Appliances, we see appliance information such as the model for Virtual Edition. The model number will always be Z 100. The memory would be 3. 86 gig and the CPUs data is not available. But on the hardware that we’re running, which is the new that I showed you, it is I five running an I 570 to 60 CPU at 220 gigahertz. And we have two hard drive. HD one and HD two. Now, if I look at the software information, f Five licensed version is 13 one three. This is our running software. We have the registration keys, and we already know that High Availability is not enabled under Licensing. This is just the information we’ve seen on the first page. As you can see, some of the modules are licensed. Now, we can also check the configurations running in our F Five Big IP device by clicking the config explorer I can select LTM and from here I can pull configurations from LTM running in different objects like monitors, nodes, policies, profiles, virtual servers. If I click Virtual Servers you will see that we have three Vs with the name of SSH, Https and Http underscore Vs. These are the ports they’re running, the addresses and the status. We all know in our previous demonstration that only Http underscore Vs has an available status. The two others are unknown.

They are in Blue Square. Now, if I go back to our configure Explorer, I can also view the configuration of our network module. And as you can see we have the external and internal VLANs that we created. I can also go to the commands. This also allows us to view configurations of our LTM network modules and the others. I will click tmSh and under tmSh, let’s click LTM. Now if I scroll down, you see there are many options. I can view whatever option of the configurations available here in this page. Let’s say I want to view list LTM all properties. Now we didn’t talk about much with All Properties options. If you include all Properties when you do a list, this will includes all other configurations including the defaults. And look at the configuration display we have. There are many configuration objects here such as mirrors, partition, rate class you don’t need to know all of these because these are already the default configurations. But just to provide you a summary, we are viewing our three Vs configuration http Vs, Https underscore Vs and SSH underscore Vs.

Now if I go to our left pane again and this time I’m going to click Graphs. This allows us to view many different options for graph viewing. I’m going to select active connections. I’m also going to select Http request memory used and system CP usage. So the first two selection, this is all about network and connections and memory and system usage. This is all about system resources. I’m going to click view selected. If I scroll down you will see a graph of those four options that I selected. We have Active Connections and you see the graph. It was busy with this state and this state and as you can see we are currently in a 30 day graph view and it’s actually quite long. So I will just select the seven day view. As you can see, as I mentioned, it was busy on this day for the Active Connections. Now for the Http request you may not see much because the Http request we had in our demonstration is not so high and it was scary. If you see the black lines, this is how not so busy it was. Now, under Memory Use, we have three types of memory TM memory which is black. We have Swap Memory as well which is blue and the neon green is other Memory Used.

And as you can see, it seems that the other memory and swap memory were the busiest for the CPU. Usage wasn’t that busy, but during this day it reached around 40% usage. Now this was seven day. If I click one day view you will see another, well, a different format of the graph because this is just 24 hours and you can see 24 hours ago we see how busy active connections this is because we are testing SSH connections now under Http request. We don’t see much, but if you look carefully there’s a block mark here which makes it which we verified. There were Http requests the day before or a few hours before as I mentioned memory use, it was busy using other memory and swap memory for the CPU. It was busy yesterday, a little less than 24 hours.

21. iHealth Demo Part 3

Now, if I click diagnostics we will able to view the reported vulnerabilities. And if you scroll down there are many reported vulnerabilities here. And the good thing about this reported vulnerability are there are already recommended foundations. This is fixed on this software module 5114 123 and 15 10. Now, there’s also an article link and there’s also details. So if you want to view more information about this vulnerability, you may click the link. So I’m going to open the link now for the big IP tmSh vulnerability. All right, so this shows us the impact of the vulnerability for both big IP and big IQ. Now, if I scroll down it also tells us how to mitigate this vulnerability.

We just go to user configuration under system module and we disable this terminal access option because again, this is recommended for non-administrator roles to not grant administrative or tmSh access to our Fib IP device. Another vulnerability we have here is this password policy and if we want to view more information we can just click the link. All right, so this is also showing us how to mitigate this vulnerability. So this is all about secure password enforcement. So to enable this you go to user authentication under this is the modules and under the password policy locate secure password enforcement and enablement. There are many vulnerability alerts and information shown in this page.

Now, the most common task for you is to upgrade your software or you can resolve it manually from the configuration recommendations and most of the time the link on the task is already provided. Now, let’s also go to bug tracker. Now, there are reported three bugs. The first one is Evaluation and demonstration license to expire. Well, this is given because our license is based on an evaluation license. So we can disregard this.

We also have big IPT Mm vulnerability and the issue is already found. We have diagnostic information and it can be fixed by upgrading our software version to the following options. We also have TMM pass L four vulnerability like the others. We also have Diagnostic information, CVE Identifiers and it can be fixed by upgrading our big IP software versions. Now. This is I help. As you can see, there are many ways to dig and collect information from our current VIP instances. Now it is recommended, at least me personally, it is recommended to upload our QK view to our high I health and analyze check what is reported diagnosis. You check the bugs, you can check many things. You can do this twice or twice a year. Now, there are also other options that we didn’t check. These are log search, security files and IOPS. This is also helpful options and you can pull many information that can be used for troubleshooting and optimizing your big IP performance.