F5 BIG-IP LTM

Learn how to monitor F5 BIG-IP LTM devices using the F5 LTM ActiveGate extension.

Prerequisites

• F5 BIG-IP LTM device(s) with iControl® API support
• Credentials for F5 admin account or non-admin account with iControl_REST_API_User role
• An Environment ActiveGate (version 1.155+) that has the ActiveGate plugin module installed, and isn't used for synthetic or mainframe monitoring
  • One environment ActiveGate can typically support 30-50 F5 LTM devices

Interested in monitoring F5 LTM with DESK?

The quickest way to get started is by contacting a DESK ONE product specialist. Just click the chat button in the upper-right corner of the DESK menu bar.

Environment ActiveGate installation

• Installation instructions

ActiveGate plugin module installation

ActiveGate version 1.175+ has the plugin module installed by default.

• Installation instructions

Extension installation

1. Obtain the install file (custom.remote.python.f5rest.zip). Don't rename the file.

2. Unzip custom.remote.python.f5rest.zip to the plugin_deployment directory of your ActiveGate host.

3. If the resulting directory structure isn't .\plugin_deployment\custom.remote.python.f5rest\, please make the necessary changes.

4. Restart the DESK Remote Plugin Module service.

   • On Linux, restart the service using the following commands with admin rights:
     • systemctl restart remotepluginmodule.service
   • On Windows, run these two commands in a Command Prompt launched as Admin:
     • sc stop "DESK Remote Plugin Module"
     • sc start "DESK Remote Plugin Module"

5. Return to the DESK web UI. Click Settings, the Add new technology monitoring button, and finally the Add ActiveGate plugin button.

6. Click the Upload plugin button and upload custom.remote.python.f5rest.zip.

7. Enter the endpoint information requested for connecting to F5 device:

   • Endpoint name: Type a meaningful endpoint name.
   • Username: The username for connecting to the iControl® REST API (provided account must be an admin account or non-admin account with the iControl_REST_API_User role)
   • Password: The account password
   • Use token authentication: Use token authentication instead of direct connection (required for LDAP-integrated and non-admin users, but may also be used with admin accounts)
     • https://BIG-IP-ADDRESS/mgmt/shared/authn/login
   • Hostname/IP of management interface: The hostname/IP where the management interface is listening, defaults to port 443 (HTTPS).
   • Require a valid SSL certificate: Select if a valid SSL certificate is required. Note that even if the certificate validation is disabled the extension will still communicate via HTTPS, if the device is configured for that.
   • Path to a CA_BUNDLE file or directory: Add the absolute path to self-signed certificates of trusted CAs.
   • Enable debug logging: Leave unchecked by default, can be checked if requested by DESK ONE for investigation of an issue.
   • Comma-separated virtual servers: Allows for filtering of the virtual servers that are to be monitored.
   • Comma-separated pools: Allows for filtering of the pools that are to be monitored.
   • Comma-separated nodes: Allows for filtering of the nodes that are to be monitored.
   • Comma-separated rules: Allows for filtering of the rules that are to be monitored.
   • Comma-separated profiles: Allows for filtering of the profiles that are to be monitored.
   • Comma-separated interfaces: Allows for filtering of the interfaces that are to be monitored.
   • Comma-separated partitions: Allows for filtering of the partitions that are to be monitored.
   • Comma-separated additional IPs: Allows for filtering of any additional IPs that are to be monitored.
   • Name of the group: If the device is part of a cluster, type the name here to group the devices in the DESK web UI.

Troubleshoot ActiveGate plugins

• ActiveGate troubleshooting instructions
• 404 error when connecting to F5?
  Starting in BIG-IP 11.6.0, a non-admin user account may be granted with the minimum permissions required to successfully query the iControl API(iControl_REST_API_User role). This role may be granted by a BIG-IP admin, using the following command: curl -sk -u <admin_username>:<admin_password> https://localhost/mgmt/shared/authz/roles/iControl_REST_API_User -H "Content-Type: application/json" -X PATCH -d '{ "userReferences":[ {"link":"https://localhost/mgmt/shared/authz/users/<username>"}

Metrics

The IP address of all network interfaces and the ports used by the services are automatically captured, as are the following metrics:

Device

• Availability

Virtual servers (split by virtual server)

• Status
• Requests
• Ephemeral/client-side connections
• Ephemeral/client-side received bytes
• Ephemeral/client-side transmitted bytes
• Ephemeral/client-side received packets
• Ephemeral/client-side transmitted packets
• Ephemeral/client-side slow killed
• Ephemeral/client-side evicted connections
• CPU usage
• Syncookie accepts
• Syncookie rejects

Pools (split by pool)

• Status
• Requests
• Connections
• Received bytes
• Transmitted bytes
• Received packets
• Transmitted packets
• Member count
• Current sessions

Nodes (split by node)

• Status
• Requests
• Connections
• Received bytes
• Transmitted bytes
• Received packets
• Transmitted packets

Rules (split by rule)

• Executions
• Aborts
• Failures

Network interfaces (split by interface)

• Status
• Received bytes
• Transmitted bytes
• Received packets
• Transmitted packets
• Dropped packages
• Errors

Client and server SSL (split by profile)

• Common connections
• Native connections
• Fatal alerts
• Secure handshakes
• Handshake failures
• Insecure handshake accepts
• Insecure handshake rejects
• Insecure renegotiation rejects
• Requests (split by protocol)

Disks (split by disks)

• Free
• Used
• Reserved

CPU (split by CPUs)

• Idle
• IO wait
• IRQ
• Soft IRQ
• Stolen
• System
• User

Memory

• Total
• Used

HTTP stats (split by profiles)

• GET/POST requests
• 2xx responses
• 3xx responses
• 4xx responses
• 5xx responses