Check sod memory in Chassis

Problem
Management consoles for Chassis and VCMP guests are accessible. All VIPs are marked up but the applications were not loading.

Solution
Execute the command to view sod memory usage

 #top -cbn 1 | egrep 'sod|COMMAND' |grep -v egrep
  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
 7357 root      20   0  1628  352  328 S  0.0  0.0   0:00.10 runsv sod
14597 root      20   0  988m 988m  22m S  0.0  6.2 372:24.04 /usr/bin/sod

For example, value under RES memory shows 988m. This is too high. Typically, it is expected to be 50m as per F5 support. 

Execute the command to clear out sod memory usage

#tmsh restart sys service sod

# top -cbn 1 | egrep 'sod|COMMAND' |grep -v egrep

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND

 7357 root      20   0  1628  364  328 S  0.0  0.0   0:00.11 runsv sod

 8022 root      20   0 30096  28m  22m S  0.0  0.2   0:00.12 /usr/bin/sod

Now the sod shows reduced memory footprint 28m

Parse specific query parameter value

URL: www.mydomain.com?query1=value1&query2=value2

iRule
when HTTP_REQUEST {
 log local0.  [URI::query "?[HTTP::query]" query1]
}

Output
value1

Mobile iRule - Honor user preference to view desktop site

Use case:
If the user is accessing from mobile, redirect to mobile website.
When the user choose the option to view desktop site from mobile webpage, redirect to desktop site. Keep the user in desktop site for 30 mins and put them back on mobile website.

Solution:
The solution uses cookie expiry logic.
When the user clicks "view desktop site" from mobile webpage, a query parameter (Ex: "allowMobile=y") is passed for tracking.

1) Please refer to the post mobile detection iRule on this blog. This rule is extension based on previous blog item.

2) Update or create an iRule named "mobile-rule-v2"

when HTTP_REQUEST {
 set useragent [string tolower [HTTP::header User-Agent]]
 set mobilehost "m.mydomain.com"
 set uri [HTTP::uri]
 set query [string tolower [HTTP::query]]
 set ismobile false

 if { [matchclass $useragent contains mobile-user-agents ] } {
  set ismobile true
 }
 elseif { $useragent contains "android" } {
  if { $useragent contains "mobile" } {
   set ismobile true
  }
 }

 if { $ismobile } {
   set hascookie false
   if { $query contains "allowMobile=y" } {
     if { not ( [HTTP::cookie exists "my-mobile-cookie"] ) } {
HTTP::cookie insert name "my-mobile-cookie" value "none" path "/"
HTTP::cookie expires "my-mobile-cookie" 1800
set hascookie true
     }
   }

   if { not ( $hascookie ) } {
    # Do the redirect logic here
   }
 }
}

# This response block is important
when HTTP_RESPONSE {
    if { [info exists "my-mobile-cookie"] } {
unset "my-mobile-cookie"
HTTP::cookie insert name "my-mobile-cookie" value "none" path "/"
HTTP::cookie expires "my-mobile-cookie" 1800
    }
}

Mobile Detection iRule

Use case:
Redirect www.mydomain.com (desktop website) to m.mydomain.com (mobile website)

1) Create a data group
Local Traffic > iRules > Data Group List > Create
Name: mobile-user-agents
Type: String

Add Records
Example:
String iphone
Value: (leave this empty)

Here is the list of mobile user agents I used.

avantgo
bada
bb
blackberry
blazer
bolt
compal
elaine
fennec
gobrowser
hiptop
iemobile
iphone
iris
kindle
lge
maemo
mib
midp
minimo
mmp
netfront
palm
phone
semc-browser
skyfire
symbian
teashark
teleca
uzardvodafone
wap

2) Create an iRule
Local Traffic > iRules > iRules List > Create
Name: mobile-rule-v1
Definition:

when HTTP_REQUEST {
 set useragent [string tolower [HTTP::header User-Agent]]
 set mobilehost "m.mydomain.com"
 set uri [HTTP::uri]
 set ismobile false

 if { [matchclass $useragent contains mobile-user-agents ] } {
  set ismobile true
 }
 elseif { $useragent contains "android" } {
  if { $useragent contains "mobile" } {
   set ismobile true
  }
 }

 if { $ismobile } {
   HTTP::redirect "http://$mobilehost$uri"
   # Do any other logic here
 }
}

3) Add the iRule to the virtual server

Block IPs using data group and irule

1) Create a data group

Local Traffic > Virtual Servers > iRules > Data Group List

Create data group with Type Address

Add IP address to IP field and provide description in the value field

You can add a list of IP addresses to be blocked.

2) Create an iRule

when HTTP_REQUEST {

 foreach allxforwardvalues [HTTP::header values X-Forwarded-For] {

  foreach destip [split [string map {" " ""} $allxforwardvalues] ","] {

if { [class match -- $destip equals ip_blacklist] } {  

     reject

     event disable all

     return

   }

  }

 }

}

3) Add the iRule to virtual  ip

tcpdump

tcpdump -ni 0.0:nnn -s0 host x.x.x.x and host y.y.y.y -w /var/tmp/tdump1cap

11.4 configuration load issue

Problem:
Configuration did not load properly message with a yellow bar after logging into ltm. You were able to see most of the config in spite of warning message.

Solution:
ssh into ltm
#tmsh load sys config verifyThe output will indicate the issue.

If you see no errors during verify but still getting the warning from the console, run this command.
#tmsh load sys config

Also, execute the following command to clear and rebuild the cache after next restart.
touch /service/mcpd/forceload
http://support.f5.com/kb/en-us/solutions/public/13000/000/sol13030.html?sr=32060389