F5 BIG-IP V9产品的故障处理手册
采用VLAN名称作为-i参数的局限性在于,由于PVA四层加速芯片时位于BIG-IP的交换板(Swithboard)上,并不需要经由主机板与交换机板的内部接口到达中央CPU,因此TCPDUMP无法抓取这些四层加速的数据包。
因此采用VLAN名称作为-i的参数一般是用于对采用Standard作为Virtual Server类型的应用抓包时采用。
注:如果Virtual Server是用PVA四层加速芯片作加速处理,则在Virtual Server的属性中PVA Acceleration显示为Full。
(The PVA handles accelerated traffic in the following order:
The PVA receives accelerated traffic from the switch subsystem ? The PVA transforms the packet in order to redirect the packet to the appropriate pool member
? The PVA sends the packet back to the switch subsystem
?
Fully accelerated traffic never reaches the internal trunk and is not processed by TMM. )
如果采用接口编号作为-i的参数,则进出该接口的数据包将先被镜像给SCCP(SCCP是BIG-IP的管理子系统),然后送到主机板上通过TCPDUMP抓包。由于是直接镜像了端口,因此经由四层加速芯处理的数据包也能被TCPDUMP获取。
采用接口编号作为-i的参数的局限性在于,由于数据包是经由SCCP(管理子系统)转发给主机板,数据包的处理速度有限,每秒只能处理200个数据包。因此采用接口编号作为-i的参数一般是用于做基本网络故障诊断时。
(When tcpdump is run on an interface, the packet is copied on switch ingress to the SCCP, which then sends it to the host to be captured by tcpdump. Limitations
Running tcpdump on a switch interface is rate-limited to 200 packets per second. Therefore, if you run tcpdump on an interface that is processing
2014-3-17
F5 Networks China
第27页, 共44页
F5 BIG-IP V9产品的故障处理手册
more than 200 packets per second, the captured tcpdump file will not include all of the packets.
For example, the following command will capture PVA accelerated traffic, but the syntax will result in a rate limit of 200 packets per second。)
注:对于采用了PVA四层加速芯片加速处理的Virtual,而且网络流量又比较大时,如果需要进行抓包分析,建议在上一级交换机作端口镜像,将网络流量输出到外部的抓包主机上处理。
4.11. TCPDUMP 命令中出现“pcap_loop: Error: Interface packet
capture busy”错误信息?
同时执行多个TCPDUMP,出现“pcap_loop: Error: Interface packet capture busy”错误,例如:
[root@bigip1:Active] config # tcpdump: listening on 1.1
[root@bigip1:Active] config # tcpdump -ni 1.3 -s 1600 -X -w/var/tmp/v741-E13.dmp port 22 & [3] 6813
tcpdump: listening on 1.3
[root@bigip1:Active] config # tcpdump -ni 1.4 -s 1600 -X -w/var/tmp/v742-E14.dmp port 22 & [4] 6820
tcpdump: listening on 1.4
[root@bigip1:Active] config # tcpdump: pcap_loop: Error: Interface packet capture busy
tcpdump: pcap_loop: Error: Interface packet capture busy
这种情况一般只发生在TCPDUMP -i参数采用接口编号时。原因主要在于当采用接口编号作为-i参数时,是通过BIG-IP的二层芯片将该接口的数据包镜像到中央CPU作处理。而BIG-IP的二层芯片的接口镜像功能不支持多个接口同时镜像,因此如果同时执行多个用接口名称作-i参数的TCPDUMP命令,就会出现Interface packet capture busy的信息。
注:对于采用VLAN名称作为TCPDUMP –i参数,则不存在这个问题,可以支持对多个VLAN同时执行TCPDUMP抓包命令。
2014-3-17
F5 Networks China 第28页, 共44页
F5 BIG-IP V9产品的故障处理手册
(Currently only one tcpdump session is possible at a time on a switch interface (tcpdump on vlan alllows multiple sessons). This is due to a limitation of the Broadcom SDK, but we may be able to extend the SDK to support multiple sessions.
The root difficulty here is that mirrored packets don't carry a note saying \is where I came from.\ports, and all the packets will funnel to the host -- but we don't know which tcpdump session to route them to. One idea involves a layer 2 lookup on each packet performed by the bcm56xx daemon on the sccp. This would be intense so we continue to have this limitation.)
2014-3-17
F5 Networks China 第29页, 共44页
F5 BIG-IP V9产品的故障处理手册
第5章 配置管理
5.1. 如何备份BIG-IP LTM的配置
备份方法如下有两种,通过WEB界面进行备份方法如下: 进入System?Archives,点击Create:
配置备份好后,点击设配置文件并下载到外部电脑上:
通过命令行进行备份的方法如下:
To back up your current configuration data, perform the following steps:
1. Log in to the command line.登陆到BIG-IP的命令行
2. Save the configuration into a UCS archive by typing the following command, replacing
filename of your choice:
bigpipe config save
2014-3-17
F5 Networks China 第30页, 共44页
F5 BIG-IP V9产品的故障处理手册
Note: F5 Networks recommends that you name the file the same as the BIG-IP host name, since you will need this information before you restore the configuration.
By default, the BIG-IP system will save the UCS archive file in the /var/local/ucs directory.
3. Copy the .ucs file to another system for safekeeping.
Important: In addition to user accounts, passwords, and critical system files, the UCS archive file contains the SSL private keys that are used with your SSL proxies. It is important to store the backup UCS archives in an environment that is as secure as where you store your private keys.
5.2. 备份的配置文件中包含哪些内容
备份的配置保存在.ucs文件中,.ucs包含以下内容:
* All BIG-IP-specific configuration files * BIG-IP product licenses
* User accounts and password information * DNS zone files
* Installed SSL certificates and keys
5.3. 恢复BIG-IP LTM的配置Restoring configuration data
To restore the BIG-IP system configuration, use one of the following procedures:
* Restoring the configuration data for a system that is currently running system software * Installing the operating system and restoring the configuration data to a new system
Restoring the configuration data for a system that is currently running system software
If you are using a system that already has system software running, and you do not want to reinstall the software, perform the following steps:
2014-3-17
F5 Networks China
第31页, 共44页