F5 BIG-IP CLI Commands Cheat Sheet
Many F5 engineers almost solely use the GUI (graphical user interface via browser, in F5 terms: Configuration Utility) because F5 has a really good and user-friendly configuration tool.
However, if you want to speed up your F5-related work, or you want to automate things, you need to get familiar with F5’s command-line interface, the so-called TMSH (Traffic Management Shell).
TMOS? TMSH? Bash?
When it comes to managing F5 BIG-IP devices, understanding the acronyms TMOS, TMSH, and Bash is essential. TMOS (Traffic Management Operating System) forms the robust foundation for delivering advanced traffic management and application delivery services. TMSH (Traffic Management Shell) is the command-line interface used to interact with BIG-IP devices running on TMOS. Bash refers to the widely used Unix shell and command language. Together, these components empower administrators to efficiently configure, manage, and optimize network traffic in complex environments.
TMSH is similar to Cisco IOS CLI, in that you can configure your BIG-IP, via a remote SSH connection, using text commands.
Bash is basically a special mode, where you can access the underlying Linux system. This means hundreds of useful Linux commands are available, such as ls, pwd, route, cp, mv, mkdir, tcpdump, and many more.
In Bash mode, you can still issue TMSH commands, you just need to put “tmsh” in front of the command.
You can easily identify in which mode you are in by checking the command prompt.
When you see the “tmos” you are in TMSH:
admin@(lb-01)(cfg-sync In Sync)(Active)(/Common)(tmos)#
When you see the “~” you are in bash:
[admin@lb-01:Active:In Sync] ~ #
You can switch between the modes as follows:
- In TMSH, you can type “bash” to go into bash mode
- In Bash, you can type “tmsh” to go into TMSH mode
You can exit from Bash by typing “exit”, and you can exit from TMSH by typing “quit”.
Useful TMSH commands
F5 BIG-IPs have a layered CLI setup, so every command has different layers. The first word is some sort of action. List, show, create, modify, etc.
The second word is usually the specific module layer. BIG-IP has different modules, for example, ltm for local traffic manager, net for network configurations, asm for application security module, and sys for system-related settings.
Then the third and following words can be related to the specific configuration item layer.
For example:
admin@(lb-01)(Active)(/Common)(tmos)# list ltm virtual testvs destination
ltm virtual testvs {
destination 10.1.2.3:https
}
This is a list command, for the local traffic manager module (ltm), and it shows information about a specific virtual server called testvs, and especially this virtual server’s destination ip and port configuration.
Of course, you can use the Tab key to display options and autocomplete your command.
Commands to get information
There are two categories of commands, where you can get information about the configuration and/or the traffic.
“Show” command: The “show” command is used to display detailed information about a specific configuration object or the current state of a particular aspect on the BIG-IP device. It provides comprehensive information including configuration details, status, statistics, and logs.
“List” command: On the other hand, the “list” command is used to retrieve a concise list of objects or resources available on the BIG-IP device without displaying their detailed configurations. It provides a summary view of the specified objects or resources.
I’m using the example from earlier to display the differences for the virtual server called testvs:
admin@(lb-01)(cfg-sync In Sync)(Active)(/Common)(tmos)# list ltm virtual testvs
ltm virtual testvs {
creation-time 2022-02-25:11:37:41
destination 10.1.2.3:https
ip-protocol tcp
last-modified-time 2022-05-16:10:42:38
mask 255.255.255.255
persist {
testing {
default yes
}
}
profiles {
ssl_profile_https {
context clientside
}
http { }
tcp { }
}
serverssl-use-sni disabled
source 0.0.0.0/0
translate-address enabled
translate-port enabled
vs-index 32
}
admin@(lb-01)(cfg-sync In Sync)(Active)(/Common)(tmos)# show ltm virtual testvs ------------------------------------------------------------------ Ltm::Virtual Server: testvs ------------------------------------------------------------------ Status Availability : unknown State : enabled Reason : The children pool member(s) either don't have service checking enabled, or service check results are not available yet CMP : enabled CMP Mode : all-cpus Destination : 10.1.2.3:443 PVA Acceleration : none Traffic ClientSide Ephemeral General Bits In 146.4K 0 - Bits Out 48.5K 0 - Packets In 195 0 - Packets Out 144 0 - Current Connections 0 0 - Maximum Connections 7 0 - Total Connections 44 0 - Evicted Connections 0 0 - Slow Connections Killed 0 0 - Min Conn Duration/msec - - 1.4K Max Conn Duration/msec - - 735.1K Mean Conn Duration/msec - - 186.9K Total Requests - - 3 SYN Cookies Status not-activated Hardware SYN Cookie Instances 0 Software SYN Cookie Instances 0 Current SYN Cache 0 SYN Cache Overflow 0 Total Software 0 Total Software Accepted 0 Total Software Rejected 0 Total Hardware 0 Total Hardware Accepted 0 Message Routing Framework In Out Message 0 0 Request 0 0 Response 0 0 CPU Usage Ratio (%) Last 5 Seconds 0 Last 1 Minute 0 Last 5 Minutes 0
As you can see, the list and the show output of the same configuration item are very different. The list commands tell you how the specific object is configured, and the show commands tell you traffic-related information, packet counts, the current number of connections, etc.
Here are a couple of useful list and show commands, in various categories. This is not a full list, please find the full command line reference here: https://clouddocs.f5.com/cli/tmsh-reference/latest/
LTM (local traffic manager) related commands
List all or if specified by name, the virtual server configuration:
list ltm virtual [virtual-name]
List all or if specified by name, the pool members and configuration:
list ltm pool [pool-name]
List all or if specified by name, the client SSL profile configuration:
list ltm profile client-ssl [ssl-profile-name]
List all or if specified by name, the monitor configuration:
list ltm monitor tcp/http/icmp/many-more [monitor-name]
List all or if specified by name, the iRule configuration:
list ltm [iRule-name]
Related: How to Write F5 iRules with Examples
List all or if specified by name, the data group configuration:
list ltm data-group internal [data-group-name]
NET (network configurations) related commands
List the routing configuration:
list net route
List the interface configuration:
list net interface
List the self IP configuration:
list net self
List the VLAN configuration:
list net vlan
List the trunk (interface bonding) configuration:
list net trunk
SYS (system) related commands
Show the license details:
show sys license
Show the hardware details (fan, power, hard disk, etc):
show sys hardware
Show the module provision details, to see which BIG-IP modules are installed:
list sys provision
Show the performance details, like cpu/memory usage, number of connections, throughput, etc:
show sys performance
Show the IP connection table, with various filters, like client side, server side, port, age, etc:
show sys connection [various filters to find the connection you are looking for]
List the syslog configuration, where the device is sending traffic:
list sys syslog
List the NTP configuration:
list sys ntp
Related: How to Upgrade F5 BIG-IP Software
CM (centralized management, for example active/standby) related commands
List the device group-related configuration (this is for clustering, like active/standby setups):
list cm device-group [device-group-name]
Show the device group status and settings, like time since last sync, sync type, etc:
show cm device-group [device-group-name]
Show the failover status of the device and other details in an active/standby setup:
show cm failover-status
Also, almost every list command has an additional “all-properties” ending, which displays literally everything related to the configuration object, even hidden and inherited settings.
Commands to create or modify objects and settings
Creating, modifying, and deleting configuration objects can be a daily activity. I will show one example with a Pool object, but a similar approach should be followed with every other configuration object.
Create a new Pool called testpool1 with two members and a round-robin load balancing mode:
create ltm pool testpool1 members add { 10.1.1.1:80 10.1.1.2:80 } load-balancing-mode round-robin
Modify the existing testpool1 members (ports and one member as well) and the load balancing mode:
modify ltm pool testpool1 members modify { 10.1.1.1:443 10.1.1.3:443 } load-balancing-mode fastest-node
Delete the Pool testpool1:
delete ltm pool testpool1
Bash commands to use BIG-IP as a pro
Using TMSH can be enough for configuration activities, but in many cases, troubleshooting can be difficult. Using the Bash mode, a wide range of Unix commands are available, which can make our troubleshooting a lot easier.
Troubles with NTP servers? Let’s see the NTP status with ntpq -np:
[admin@lb-01:Active:In Sync] ~ # ntpq -np remote refid st t when poll reach delay offset jitter ============================================================================== +10.127.212.10 10.127.210.69 2 u 257 1024 377 0.973 -0.907 0.153 *10.127.212.11 10.127.210.69 2 u 678 1024 377 0.667 0.208 0.237
Problems with routing? Let’s see the system route table with route -n:
[admin@lb-01:Active:In Sync] ~ # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.119.1 0.0.0.0 UG 0 0 0 external 0.0.0.0 10.100.240.1 0.0.0.0 UG 4096 0 0 mgmt 10.125.0.0 172.19.154.1 255.255.255.0 UG 0 0 0 internal 10.199.0.151 10.100.240.1 255.255.255.255 UGH 4096 0 0 mgmt 10.100.240.0 0.0.0.0 255.255.255.0 U 0 0 0 mgmt 10.200.202.89 172.19.154.1 255.255.255.255 UGH 0 0 0 internal
Low on free space? Let’s check which folder is used the most using df -h:
[admin@lb-01:Active:In Sync] ~ # df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/vg--db--sda-set.2.root 427M 89M 316M 22% / devtmpfs 24G 4.0K 24G 1% /dev tmpfs 24G 2.4G 22G 10% /dev/shm tmpfs 24G 2.8M 24G 1% /run tmpfs 24G 0 24G 0% /sys/fs/cgroup /dev/mapper/vg--db--sda-set.2._usr 6.0G 4.8G 1001M 83% /usr /dev/mapper/vg--db--sda-dat.share 40G 11G 27G 30% /shared none 24G 38M 24G 1% /shared/rrd.1.2 /dev/mapper/vg--db--sda-set.2._config 3.2G 101M 2.9G 4% /config /dev/mapper/vg--db--sda-set.2._var 4.5G 1.2G 3.1G 28% /var
Some server is not working as expected according to some users? Let’s test it from the load balancer using curl. You can even test from a specific route domain if your BIG-IP setup has route domains. In our case, rdexec 90 tells the system to execute the command in route domain 90.
[admin@lb-01:Active:In Sync] ~ # rdexec 90 curl -vk http://10.100.240.10 * Rebuilt URL to: https://10.100.240.10/ * Trying 10.100.240.10... * Connected to 10.100.240.10 (10.100.240.10) port 80 (#0) > GET / HTTP/1.1 > Host: 10.100.240.10 > User-Agent: curl/7.47.1 > Accept: */* > < HTTP/1.1 200 OK
Let’s capture some traffic with the tcp dump command so we could analyze it further using Wireshark or a similar tool, which can read Pcap files. Internal is the interface (or vlan in our case) name, we want to capture https traffic, so we specify port 443. We don’t want to capture infinitely, so we specify -c 100, to capture the first 100 packets only. We also want to save this capture into a file, so we specify the location and name with -w /tmp/capture01.pcap
[admin@lb-01:Active:In Sync] ~ # tcpdump -nni internal port 443 -c 100 -w /tmp/capture01.pcap tcpdump: listening on internal, link-type EN10MB (Ethernet), capture size 65535 bytes 100 packets captured 100 packets received by filter 0 packets dropped by kernel
Of course, I don’t mention the usual commands, known to many system and network engineers, but these are all available on the BIG-IP: ping, traceroute, telnet, nano, vi, grep, awk and many more.
Learning to use TMSH and Bash is not only useful for your daily activities and troubleshooting scenarios, but it can also open up endless possibilities for device automation, scripting, and configuration standardization.
Sources
https://clouddocs.f5.com/cli/tmsh-reference/latest/
https://my.f5.com/manage/s/article/K411
Just wanted to comment on what an excellent job you have done in order to create a cheat sheet with the commands that can be used for either creating Traffic Objects and/or troubleshooting. I can tell a lot of hard work went into creating this cheat sheet so Ty, take if from someone who creates cheat sheets to be able to quickly reference and perform daily maintenance activities.
Job well done @Gergo Vadasz.