F5 BIG-IP LTM

Learn how to monitor F5 BIG-IP LTM devices using the F5 LTM ActiveGate extension.

Getting started

To get started, just click the chat button in the upper-right corner of the Dynatrace menu bar to contact a Dynatrace ONE Product Specialist. Dynatrace ONE will make sure you have what you need to monitor F5 BIG-IP LTM devices.

Prerequisites

  • F5 BIG-IP LTM devices with iControl API support.
  • Credentials for F5 admin account or non-admin account with iControl_REST_API_User role.
  • An Environment ActiveGate (version 1.155+) that has the ActiveGate plugin module installed, and isn't used for synthetic or mainframe monitoring.
    • ActiveGate version 1.175+ is ready to accept and run plugins. If you are running an earlier version of ActiveGate, see Install ActiveGate plugin module for instructions on installing the plugin module.
    • For Environment ActiveGate installation instructions, see Dynatrace ActiveGate.
    • One environment ActiveGate can typically support 30-50 F5 LTM devices.

Extension installation

After the extension has been added to your license

  1. Get the install file (custom.remote.python.f5rest.zip) from your Dynatrace ONE Product Specialist via live chat. Don't rename the file.

  2. Unzip custom.remote.python.f5rest.zip to the plugin_deployment directory of your ActiveGate host.

  3. If the resulting directory structure isn't .\plugin_deployment\custom.remote.python.f5rest\, please make the necessary changes.

  4. Restart the Dynatrace Remote Plugin Module service.

    • On Linux, restart the service using the following commands with admin rights:
      systemctl restart remotepluginmodule.service  
      
    • On Windows, run these two commands in a Command Prompt launched as Admin:
      sc stop "Dynatrace Remote Plugin Module"  
      sc start "Dynatrace Remote Plugin Module"  
      
  5. In Dynatrace, select Settings, Add new technology monitoring, and Add ActiveGate plugin.

  6. Select Upload plugin and upload custom.remote.python.f5rest.zip.

  7. Enter the endpoint information requested for connecting to F5 device:

    Setting Details
    Endpoint name Enter a meaningful endpoint name.
    Username The username for connecting to the iControl REST API. The account must be an admin account or non-admin account with the iControl_REST_API_User role).
    Password The account password.
    Use token authentication Use token authentication instead of direct connection (required for LDAP-integrated and non-admin users, but may also be used with admin accounts).
    Hostname/IP of management interface The hostname/IP where the management interface is listening, defaults to port 443 (HTTPS).
    Require a valid SSL certificate Select if a valid SSL certificate is required. Note that even if the certificate validation is disabled the extension will still communicate via HTTPS, if the device is configured for that.
    Path to a CA_BUNDLE file or directory The absolute path to self-signed certificates of trusted CAs.
    Enable debug logging Select this only if Dynatrace ONE requests it so they can investigate an issue.
    Comma-separated virtual servers Allows for filtering of the virtual servers that are to be monitored.
    Comma-separated pools Allows for filtering of the pools that are to be monitored.
    Comma-separated nodes Allows for filtering of the nodes that are to be monitored.
    Comma-separated rules Allows for filtering of the rules that are to be monitored.
    Comma-separated profiles Allows for filtering of the profiles that are to be monitored.
    Comma-separated interfaces Allows for filtering of the interfaces that are to be monitored.
    Comma-separated partitions Allows for filtering of the partitions that are to be monitored.
    Comma-separated additional IPs Allows for filtering of any additional IPs that are to be monitored.
    Name of the group If the device is part of a cluster, type the name here to group the devices in the Dynatrace web UI.

Troubleshoot ActiveGate plugins

  • 404 error when connecting to F5?

    Starting in BIG-IP 11.6.0, a non-admin user account may be granted with the minimum permissions required to successfully query the iControl API (iControl_REST_API_User role). This role may be granted by a BIG-IP admin, using the following command:

    curl -sk -u <admin_username>:<admin_password> https://localhost/mgmt/shared/authz/roles/iControl_REST_API_User -H "Content-Type: application/json" -X PATCH -d '{ "userReferences":[{"link":"https://localhost/mgmt/shared/authz/users/<username>"}  
    

See also Troubleshoot ActiveGate plugins.

Metrics

The IP address of all network interfaces and the ports used by the services are automatically captured, as are the following metrics:

Device

  • Availability

Virtual servers (split by virtual server)

  • Status
  • Requests
  • Ephemeral/client-side connections
  • Ephemeral/client-side received bytes
  • Ephemeral/client-side transmitted bytes
  • Ephemeral/client-side received packets
  • Ephemeral/client-side transmitted packets
  • Ephemeral/client-side slow killed
  • Ephemeral/client-side evicted connections
  • CPU usage
  • Syncookie accepts
  • Syncookie rejects

Pools (split by pool)

  • Status
  • Requests
  • Connections
  • Received bytes
  • Transmitted bytes
  • Received packets
  • Transmitted packets
  • Member count
  • Current sessions

Nodes (split by node)

  • Status
  • Requests
  • Connections
  • Received bytes
  • Transmitted bytes
  • Received packets
  • Transmitted packets

Rules (split by rule)

  • Executions
  • Aborts
  • Failures

Network interfaces (split by interface)

  • Status
  • Received bytes
  • Transmitted bytes
  • Received packets
  • Transmitted packets
  • Dropped packages
  • Errors

Client and server SSL (split by profile)

  • Common connections
  • Native connections
  • Fatal alerts
  • Secure handshakes
  • Handshake failures
  • Insecure handshake accepts
  • Insecure handshake rejects
  • Insecure renegotiation rejects
  • Requests (split by protocol)

Disks (split by disks)

  • Free
  • Used
  • Reserved

CPU (split by CPUs)

  • Idle
  • IO wait
  • IRQ
  • Soft IRQ
  • Stolen
  • System
  • User

Memory

  • Total
  • Used

HTTP stats (split by profiles)

  • GET/POST requests
  • 2xx responses
  • 3xx responses
  • 4xx responses
  • 5xx responses