sonyscaria.com

📘 F5

Reference documentation and troubleshooting guide.

🧰 F5 BIG-IP Troubleshooting Commands

📘 Overview

These commands help troubleshoot network, traffic, performance, SSL, configuration, and system issues on an F5 BIG-IP device (LTM / ASM / DNS / APM).
They can be used in TMSH or Bash mode depending on context.

🔹 1. Basic System Health

Command Description
show sys version Displays F5 software version and build details.
show sys license Shows current license and feature details.
show sys hardware Lists CPU, memory, and hardware components.
show sys performance system Provides CPU, memory, and disk utilization.
tmsh show sys cpu Shows CPU usage per core.
tmsh show sys memory Displays memory utilization and swap.
df -h Checks disk usage across partitions.
tmsh show sys failover Displays current failover status (Active/Standby).
tmsh show sys cluster For devices in HA cluster (sync/failover group details).
tmsh show sys service Displays running services (TMM, mcpd, etc.).
bigstart status Lists state of all F5 daemons (running/stopped/restarting).
bigstart restart <service> Restarts a specific F5 service (use with caution).

🔹 2. Network Troubleshooting

Command Description
tmsh show /net interface Displays interface status, speed, and packets.
tmsh show /net vlan Lists VLAN configurations and statistics.
tmsh show /net self Displays self IPs and associated VLANs.
tmsh show /net route Displays routing table.
tmsh list /sys management-route View configured management route.
ping -I mgmt <IP> / traceroute -i mgmt <IP> Test route functionality.
ping <ip> Basic network reachability test.
traceroute <ip> Traces packet route to a destination.
ifconfig or ip addr Displays interface IP and status (in Bash).
netstat -rn Shows routing table.
arp -an Displays ARP table entries.

🔸 tcpdump – Network Packet Capture

Command Description
tcpdump -nni 0.0 Captures packets across all VLANs/TMM instances.
tcpdump -nni 0.0 host <IP> Captures all traffic to/from a specific IP.
tcpdump -nni 0.0 port 443 Captures HTTPS traffic.
tcpdump -nni 0.0 host <IP> and port <port> Captures specific host and port.
tcpdump -nni 0.0 vlan <vlan_name> Captures traffic on a specific VLAN.
tcpdump -w /var/tmp/capture.pcap -s0 -nni 0.0 Writes capture to file for Wireshark.
tcpdump -nni 0.0 -v Verbose mode.
tcpdump -nni 0.0 -A Displays payloads in ASCII (useful for HTTP).
tcpdump -nni 0.0 not port 22 Excludes SSH traffic.

Tips & Best Practices

🔹 3. Virtual Server & Pool Troubleshooting

Command Description
tmsh list ltm virtual Lists all virtual servers.
tmsh show ltm virtual Displays statistics and status.
tmsh show ltm virtual <vs_name> Shows details for a specific VS.
tmsh show ltm pool Displays all pools and member statuses.
tmsh show ltm pool <pool_name> Shows health of a specific pool.
tmsh show ltm node Lists backend nodes and status.
tmsh show ltm persistence persist-records Displays active persistence sessions.
tmsh list ltm rule Lists all iRules.
tmsh show ltm rule <rule_name> Displays iRule statistics.

Checkpoints

🔹 4. Monitor & Health Check Troubleshooting

Command Description
tmsh show ltm monitor Lists all monitors.
tmsh show ltm monitor <type> <name> Displays specific monitor status.
tail -f /var/log/ltm Checks monitor failures in real time.
tmsh modify ltm monitor http <monitor_name> debug enabled Enables HTTP monitor debugging.
tmsh show sys connection cs-server-addr <server_ip> Shows active connections to backend servers.

🔹 5. Connection & Traffic Flow Troubleshooting

Command Description
tmsh show sys connection Lists all active connections.
tmsh show sys connection cs-client-addr <ip> Filter by client IP.
tmsh show sys connection cs-server-addr <ip> Filter by server IP.
tmsh delete sys connection all Clears all connections (use with caution).
tmsh show sys tmm-info Displays TMM process info.

Use filters to narrow results.

🔹 6. SSL / TLS Troubleshooting

Command Description
tmsh list ltm profile client-ssl Lists client-side SSL profiles.
tmsh list ltm profile server-ssl Lists server-side SSL profiles.
tmsh show ltm profile client-ssl <profile_name> Displays SSL stats.
openssl s_client -connect <ip>:443 Tests SSL handshake.
tmsh list sys file ssl-cert Lists SSL certificates.
tmsh list sys file ssl-key Lists private keys.

Common SSL Issues

🔹 7. Logs & Diagnostics

Command Description
tail -f /var/log/ltm Main traffic/monitor log.
tail -f /var/log/tmm TMM logs.
tail -f /var/log/secure Authentication logs.
tail -f /var/log/audit Config and user change logs.
tmsh show sys log Displays system logs in TMSH.
b load Reloads configuration after editing bigip.conf.

🔹 8. Configuration & Sync Issues

Command Description
tmsh show cm sync-status Displays device sync status.
tmsh run cm config-sync to-group <group_name> Manually force sync.
tmsh save sys config Saves running configuration.
tmsh load sys config verify Verifies syntax.
tmsh load sys config Loads saved configuration.
tmsh show cm device Displays device trust and HA status.

🔹 9. Module-Specific (ASM / APM / DNS)

Module Command Description
ASM (WAF) tmsh show asm policy Lists active ASM policies.
tail -f /var/log/asm Monitors ASM logs.
tmsh show security log Displays security logs.
APM tmsh show apm session Displays current sessions.
tmsh delete apm session all Clears sessions.
DNS / GTM tmsh show gtm server Displays server health.
tmsh show gtm wideip Displays Wide IP stats.

🔹 10. Useful Shell Utilities

Command Description
uptime Displays uptime and load.
top Real-time CPU/memory usage.
'ps aux | grep tmm' Lists running processes and filters for tmm (Traffic Management Microkernel).
tmctl -d blade tmm/throughput_stats Displays per-blade TMM throughput statistics (in Mbps).
qkview Generates a diagnostic bundle for F5 Support.
tar -cvzf /var/tmp/qkview.tar.gz /var/tmp/qkview* Compresses the generated qkview files into a .tar.gz archive.

🧩 Bonus – Quick Health Summary

tmsh show sys version tmsh show sys performance system tmsh show sys failover tmsh show ltm virtual tmsh show ltm pool tmsh show sys connection tmsh show cm sync-status

📦 Log Locations Summary

Log File Path Description
LTM /var/log/ltm Traffic and monitor events
TMM /var/log/tmm Packet engine logs
ASM /var/log/asm WAF logs
APM /var/log/apm Access module logs
Audit /var/log/audit Change tracking
Secure /var/log/secure SSH / auth logs
System /var/log/messages General system messages

⚙️ 11. Common Troubleshooting Scenarios

🟥 Scenario 1 – Virtual Server Down

Symptoms: VS shows red diamond/offline.
Steps:

  1. tmsh show ltm virtual <vs_name>
  2. tmsh show ltm pool <pool_name>
  3. ping <node_ip>
  4. tail -f /var/log/ltm
  5. tmsh show ltm monitor http <monitor_name>

🟨 Scenario 2 – Pool Member Down

Symptoms: Member marked down.
Steps:

  1. tmsh show ltm pool <pool_name>
  2. tmsh list ltm monitor <monitor_name>
  3. curl -vk https://<node_ip>:<port>
  4. Confirm backend service listening.

🟦 Scenario 3 – SSL Handshake Failure

Symptoms: SSL_ERROR_HANDSHAKE_FAILURE.
Steps:

  1. tmsh show ltm profile client-ssl <profile_name>
  2. openssl s_client -connect <vip_ip>:443
  3. tmsh list sys file ssl-cert
  4. Confirm key and cert match.

🟩 Scenario 4 – Devices Not in Sync

Symptoms: “Out of sync” on HA pair.
Steps:

  1. tmsh show cm sync-status
  2. tail -f /var/log/ltm | grep sync
  3. tmsh run cm config-sync to-group <group_name>

🟧 Scenario 5 – High CPU or Memory Usage

Symptoms: GUI/TMSH sluggish.
Steps:

  1. tmsh show sys performance system
  2. top
  3. tmsh show sys tmm-info
  4. tail -f /var/log/tmm

🟫 Scenario 6 – Traffic Not Reaching Backend

Symptoms: Clients connect but no server-side traffic.
Steps:

  1. tcpdump -nni 0.0 host <client_ip>
  2. tmsh show sys connection
  3. Verify SNAT configuration.
  4. tmsh show net route