F5 BIG-IP LTM
Learn how to monitor F5 BIG-IP LTM devices using the F5 LTM ActiveGate extension.
Prerequisites
- F5 BIG-IP LTM device(s) with iControl® API support
- Credentials for F5 admin account or non-admin account with
iControl_REST_API_User
role - An Environment ActiveGate (version 1.155+) that has the ActiveGate plugin module installed, and isn't used for synthetic or mainframe monitoring
- One environment ActiveGate can typically support 30-50 F5 LTM devices
Interested in monitoring F5 LTM with DESK?
The quickest way to get started is by contacting a DESK ONE product specialist. Just click the chat button in the upper-right corner of the DESK menu bar.
Environment ActiveGate installation
ActiveGate plugin module installation
ActiveGate version 1.175+ has the plugin module installed by default.
Extension installation
-
Obtain the install file (
custom.remote.python.f5rest.zip
). Don't rename the file. -
Unzip
custom.remote.python.f5rest.zip
to theplugin_deployment
directory of your ActiveGate host. -
If the resulting directory structure isn't
.\plugin_deployment\custom.remote.python.f5rest\
, please make the necessary changes. -
Restart the DESK Remote Plugin Module service.
- On Linux, restart the service using the following commands with admin rights:
systemctl restart remotepluginmodule.service
- On Windows, run these two commands in a Command Prompt launched as Admin:
sc stop "DESK Remote Plugin Module"
sc start "DESK Remote Plugin Module"
- On Linux, restart the service using the following commands with admin rights:
-
Return to the DESK web UI. Click Settings, the Add new technology monitoring button, and finally the Add ActiveGate plugin button.
-
Click the Upload plugin button and upload
custom.remote.python.f5rest.zip
. -
Enter the endpoint information requested for connecting to F5 device:
- Endpoint name: Type a meaningful endpoint name.
- Username: The username for connecting to the iControl® REST API (provided account must be an admin account or non-admin account with the
iControl_REST_API_User
role) - Password: The account password
- Use token authentication: Use token authentication instead of direct connection (required for LDAP-integrated and non-admin users, but may also be used with admin accounts)
https://BIG-IP-ADDRESS/mgmt/shared/authn/login
- Hostname/IP of management interface: The hostname/IP where the management interface is listening, defaults to port
443
(HTTPS). - Require a valid SSL certificate: Select if a valid SSL certificate is required. Note that even if the certificate validation is disabled the extension will still communicate via HTTPS, if the device is configured for that.
- Path to a
CA_BUNDLE
file or directory: Add the absolute path to self-signed certificates of trusted CAs. - Enable debug logging: Leave unchecked by default, can be checked if requested by DESK ONE for investigation of an issue.
- Comma-separated virtual servers: Allows for filtering of the virtual servers that are to be monitored.
- Comma-separated pools: Allows for filtering of the pools that are to be monitored.
- Comma-separated nodes: Allows for filtering of the nodes that are to be monitored.
- Comma-separated rules: Allows for filtering of the rules that are to be monitored.
- Comma-separated profiles: Allows for filtering of the profiles that are to be monitored.
- Comma-separated interfaces: Allows for filtering of the interfaces that are to be monitored.
- Comma-separated partitions: Allows for filtering of the partitions that are to be monitored.
- Comma-separated additional IPs: Allows for filtering of any additional IPs that are to be monitored.
- Name of the group: If the device is part of a cluster, type the name here to group the devices in the DESK web UI.
Troubleshoot ActiveGate plugins
- ActiveGate troubleshooting instructions
- 404 error when connecting to F5?
Starting in BIG-IP 11.6.0, a non-admin user account may be granted with the minimum permissions required to successfully query the iControl API(iControl_REST_API_User role). This role may be granted by a BIG-IP admin, using the following command:curl -sk -u <admin_username>:<admin_password> https://localhost/mgmt/shared/authz/roles/iControl_REST_API_User -H "Content-Type: application/json" -X PATCH -d '{ "userReferences":[ {"link":"https://localhost/mgmt/shared/authz/users/<username>"}
Metrics
The IP address of all network interfaces and the ports used by the services are automatically captured, as are the following metrics:
Device
- Availability
Virtual servers (split by virtual server)
- Status
- Requests
- Ephemeral/client-side connections
- Ephemeral/client-side received bytes
- Ephemeral/client-side transmitted bytes
- Ephemeral/client-side received packets
- Ephemeral/client-side transmitted packets
- Ephemeral/client-side slow killed
- Ephemeral/client-side evicted connections
- CPU usage
- Syncookie accepts
- Syncookie rejects
Pools (split by pool)
- Status
- Requests
- Connections
- Received bytes
- Transmitted bytes
- Received packets
- Transmitted packets
- Member count
- Current sessions
Nodes (split by node)
- Status
- Requests
- Connections
- Received bytes
- Transmitted bytes
- Received packets
- Transmitted packets
Rules (split by rule)
- Executions
- Aborts
- Failures
Network interfaces (split by interface)
- Status
- Received bytes
- Transmitted bytes
- Received packets
- Transmitted packets
- Dropped packages
- Errors
Client and server SSL (split by profile)
- Common connections
- Native connections
- Fatal alerts
- Secure handshakes
- Handshake failures
- Insecure handshake accepts
- Insecure handshake rejects
- Insecure renegotiation rejects
- Requests (split by protocol)
Disks (split by disks)
- Free
- Used
- Reserved
CPU (split by CPUs)
- Idle
- IO wait
- IRQ
- Soft IRQ
- Stolen
- System
- User
Memory
- Total
- Used
HTTP stats (split by profiles)
- GET/POST requests
- 2xx responses
- 3xx responses
- 4xx responses
- 5xx responses