Gheek.net

February 15, 2008

PHP Cheat Sheet

Filed under: cheatsheets, php — Tags: , , , — lancevermilion @ 3:07 pm

php_cheat_sheet

MySQL Cheat Sheet

Filed under: cheatsheets — Tags: , , — lancevermilion @ 3:06 pm

mysql_cheat_sheet

Javascript Cheat Sheet

Filed under: cheatsheets, javascript — Tags: , , , — lancevermilion @ 3:06 pm

javascript_cheat_sheet

CSS Cheat Sheet

Filed under: cheatsheets, css — Tags: , , , — lancevermilion @ 3:05 pm

css_cheat_sheet

HTML Character Cheat Sheet

Filed under: cheatsheets, html — Tags: , , , — lancevermilion @ 3:04 pm

html_characters_cheat_sheet

ASP Cheat Sheet

Filed under: asp, cheatsheets — Tags: , , , — lancevermilion @ 3:02 pm

asp_cheat_sheet

F5 commandline cheatsheet

Filed under: bigip, cheatsheets, f5 — Tags: , — lancevermilion @ 2:52 pm

Some of the stuff is relevant to existing VIPs and you would have to change the name to meet your needs.

# F5 – commandline hints

tmctl global_stats.memory_used

tmstat

# F5 – Full power cycle

To accomplish this, either power-cycle the system

or use the /usr/bin/full_box_reboot command

# F5 – 3DNS

x – 3dprint sum # to get information on principle and other 3dns settings

# Boot CDROM on separate intel server to provide Network Install for F5 device

x – option 2 (setup server to provide network installation)

x – use defaults

– be sure to have bigip/3dns on connected to same vlan

x – enable net_reboot (b global net_reboot enable) – May not be supported)

note: on 3dns must reboot and with 10 secs, push “network” pin on front

panel

x – reboot and connect to network boot server

x – login (root/default)

x – run setup

# F5 – BigIP

# Recover install to new server

x – power on

x – hook up console cable

x – login as root (password is default)

x – set date/time

x – set the passwords for root and admin

nx – run hostname and set new hostname

x – run config and setup mgmt NIC to arbitrary address

x – setup direct connection to mgt NIC and laptop (normal eth cable)

x – copy ucs file from backup on loghost1

x – copy hotfix Hotfix-BIG-IP-9.1.1-CR58090.im

x – if ucs file is zipped (has extension “.gz”) on loghost1, unzip it

x – run b config install

nx – run keyswap.sccp (to pass new keys with sccp)

nx root: default

nx admin: (?) need admin password to get into GUI

x – login and run get_dossier -b # reg_key found in /config/RegKey.license

x – go to F5 (http://license.f5.com) site and paste dossier to get new license

x – paste new license information into /config/bigip.license

x – reboot

x – connect with laptop (need to setup new IP on laptop to reflect the

production ip for mgmt device – ifconfig eth0 on bigip to get IP/network).

x – run loaddb -local /config/BigDB.dat.cs

x – im Hotfix-BIG-IP-9.1.1-CR58090.im

x – b db Pva.Acceleration none

x – reboot

x – connect to gui (using admin because radius is unavailable) and see that all is good.

OR

x – manually get old config items

b vlan list | perl -ne ‘chomp $_ unless (/}/); print;’ | while read line; do echo b $line;

b self list | perl -ne ‘chomp $_ unless (/}/); print;’ | while read line; do echo b $line;

b mgmt route list | perl -ne ‘chomp $_ unless (/}/); print;’ | while read line; do echo b $line;

b interface list | perl -ne ‘chomp $_ unless (/}/); print;’ | while read line; do echo b $line;

b route list

b inter

# Get a command version for every command.

b list | perl -ne ‘chomp; s/^}/ }\n/g; print;’

Notes:

x – console is disabled on reboot unless you have a serial cable connected

– you can override this by vi /etc/ttys and change the tty00 line to:

tty00 “/usr/libexec/getty pccons” vt100 on secure

# To verify Certs

/usr/bin/openssl x509 -enddate -noout -in /config/ssl/ssl.crt/.crt

# To get output of a tcpdump on ssl port, use the following

ssldump -i vl_140 -Aedn -N -k /config/ssl/ssl.key/webconnect.abc.com.key -p host x.x.x.x and host x.x.x.x

# To get information on wideip pool members status

3dpipe wideip cvpn.abc.com pool cvpn-pool virtual show

# Email support call to support@f5.com

# tech@f5.com, devcentral@f5.com

# Problems (tcpdumps, remember to quickly)

# tcpdump -ni -c -s 1600 -X -w /var/tmp/.dmp

tcpdump -ni external -c 500 -s 1600 -X -w /var/tmp/external.dmp

tcpdump -ni internal -c 500 -s 1600 -X -w /var/tmp/internal.dmp

tcpdump -ni int-server -c 500 -s 1600 -X -w /var/tmp/int-server.dmp

top -n5 -b >/var/tmp/top.dmp

qkview

# Logfiles

/var/log/bigip.log

/var/log/messages.log

/var/log/bigd.log

# Full box reboot

/usr/bin/full_box_reboot

# Cheat commandline items

bigtop -once

b virtual

b node

b pool

qkview (to gather stats)

b ha table show # show high avail settings

# RamCache

# ram cache setting notes:

# Age Rate 0-10 = (#mins)(2^age_rate) = Effective Age Time (in minutes)

# = (3)(2^2) = 12 minutes (using age rate of 2 after 3

# minutes)

# to list ram cache

b profile http all ramcache dump

b profile http http-canadatest ramcache dump

b profile http http-canadatest ramcache uri asp dump

# to clear ram cache entry

b profile http all ramcache reset

b profile http http-canadatest ramcache reset

b profile http http-canadatest ramcache uri /ca/images/find.gif host canadacert.abc.com reset

**********

HTTP/HTTPS

**********

HTTP – pool

===========

b pool xx-80 { monitor all tcp member xx:http }

HTTP – virtual

==============

b virtual vs_199.41.238.xx-80 { destination 199.41.238.xx:http snat automap ip protocol tcp profile http oneconnect tcp pool xx-80 }

HTTP to HTTPS – virtual

virtual vs_xx-80 { destination xx:http snat automap ip protocol tcp profile http tcp pool pl_dummy-for-irule rule ir-redir_HTTP-to-HTTPS }

HTTPS – profile

=============

b profile clientssl pr-sslcli_xx.abc.com { defaults from clientssl key \”xx.abc.com.key\” cert \”xx.abc.com.crt\” }

HTTPS – virtual

===============

b virtual vs_x.x.x.x-443 { destination x.x.x.x:https snat automap ip protocol tcp profile http oneconnect pr-sslcli_xx.abc.com tcp pool pl_xx.abc.com-80 }

***

FTP

***

FTP – pool

==========

# for external

b pool pl_xx.abc.com-21 { monitor all tcp_half_open member x.x.x.x:ftp }

# for internal

b pool pl_xx.abc.com-21 { member x.x.x.x:ftp }

FTP – virtual

==========

# for external

b virtual vs_x.x.x.x-21 { destination x.x.x.x:ftp ip protocol tcp profile ftp tcp pool pl_xx.abc.com-21 rule ir-snat_abcNets }

# for internal

b virtual vs_x.x.x.x-21 { destination x.x.x.x:ftp snat automap ip protocol tcp profile ftp tcp pool pl_xx.abc.com-21 }

******

RADIUS

******

Monitor Radius (udp)

==============

b monitor udp_1645 { defaults from radius interval 30 timeout 91 debug \”no\” password \”abc123\” secret \”mybIgIp_forradius\” username \”bigip@local\” }

Pool Radius (udp)

===========

b pool pl_radius2-proxy.abc.com-1645 { monitor all udp_1645 member x.x.x.x:datametrics }

b pool pl_radius2-proxy.abc.com-1646 { monitor all udp member x.x.x.x:sa-msg-port }

Virtual Radius (udp)

==============

b virtual vs_x.x.x.x-1645 { destination x.x.x.x:datametrics ip protocol udp pool pl_radius2-proxy.abc.com-1645 }

b virtual vs_x.x.x.x-1646 { destination x.x.x.x:sa-msg-port ip protocol udp pool pl_radius2-proxy.abc.com-1646 }

Pool SMTP (tcp)

===========

b pool pl_abcsameday.abc.com-25 { monitor all tcp member x.x.x.x:25 member x.x.x.x:25 }

Virtual SMTP (tcp)

==============

b virtual vs_x.x.x.x-25 { destination x.x.x.x:25 ip protocol tcp profile tcp pool pl_abcsameday.abc.com-25 }

IRULES

======

Here is the iRule I was trying to implement.

when CLIENT_ACCEPTED {

if {[matchclass [IP::client_addr] equals $::dg_source]} {

forward

} else {

drop

}

}

Here is what I did to troubleshoot it. It basically echo’s the result

the logs. It was very helpful.

— Troubleshoot i-rule, place the log local0. statement below the to output

information to the log.

when CLIENT_ACCEPTED {

log local0. “checking for address [IP::client_addr] in dg_source list”

if {[matchclass [IP::client_addr] equals $::dg_source]} {

log local0. “address [IP::client_addr] is being allowed through”

forward

} else {

log local0. “address [IP::client_addr] not valid, dropping connection”

drop

}

}

# Sample i-rules

#
# Traffic sourced from port 8080 and 8081
# gets a new source address by way of
# Secure NAT (10.0.0.200)
#
rule i-SNAT {
when CLIENT_ACCEPTED {
if {[UDP::client_port] == 8080} {
snat 10.0.0.200
}
if {[UDP::client_port] == 8081} {
snat 10.0.0.200
}
}
}

#
# Good when you need to do trouble shooting
# the arrows are not correct. that still needs
# some work. The arrows will all depend where
# this i-rule is places. Very handy when you need
# to know what i-rule traffic is hitting.
#
rule i-conns {
when CLIENT_ACCEPTED {
log local0. “Test1 – VN: [virtual name] CIP: [IP::client_addr]:[client_port]”
}
when SERVER_CONNECTED {
log local0. “Test1 – VN: [virtual name] CIP: [IP::server_addr]:[server_port] -> [client_addr]:[client_port]”
log local0. “Test2 – VN: [virtual name] CIP: [IP::client_addr]:[client_port] -> [server_addr]:[server_port]”
}
}

#
# Similar to the one above but a Secure NAT is made
# when the F5 receives syslog data from the network.
#
rule i-Syslog_515 {
when CLIENT_ACCEPTED {
if {[UDP::client_port] == 514} {
snat 10.0.1.95
}
when SERVER_CONNECTED {
log local0. “Test1 – VN: [virtual name] CIP: [IP::server_addr]:[server_port] -> [client_addr]:[client_port]”
log local0. “Test2 – VN: [virtual name] CIP: [IP::client_addr]:[client_port] -> [server_addr]:[server_port]”
}
}

# Scripts

#########

# to get virtual and pool information

#

b virtual pool | awk ‘/tas/ {print $3, $6}’ | while read virt pool; do echo ===========; b virtual $virt list; b pool $pool list ; done

Blog at WordPress.com.