F5 BIG-IP SSL Orchestrator Training Lab > All SSL Orchestrator Lab Guides > SSLO 102: Diving into SSL Orchestrator for BIG-IP Next (AppWorld 2024 | 2 hours) > 12. Appendices Source | Edit on

12.1. Appendix 1 - Explore the Debug Utility¶

Ephemeral access to BIG-IP instance command shell can be executed through the Debug utility subsystem in Central Manager. This utility provides additional troubleshooting capabilities for data plane issues.

This appendix explores the basic Debug utility setup to access a BIG-IP Next instance command shell. For expanded information on the Debug utility and its various options, visit the official reference: https://clouddocs.f5.com/bigip-next/latest/support/debug_utility.html

12.1.1. Create an SSH Key¶

In Windows (PowerShell), Mac, and Linux, issue the following command: ssh-keygen.
When prompted, assigning a passphrase is optional, but if set it will be needed for all future use of this SSH key.

When the operation completes, you'll be left with two files - one with a ".pub" extension (the public key), and another with the same name but without the extension (the private key). The public key will be shared with the remote system (Central Manager and BIG-IP Next instance).
Open the public key in a text editor and copy the contents.

12.1.2. Access the Debug Utility¶

In the F5 Central Manager UI, click on the Manage Instances button, or select Infrastructure from the left side menu.
Under Instances - My Instances, click on a BIG-IP Next instance to display the properties drawer.
In the left side menu of the properties drawer, navigate to Debug.
Click the Proceed button.
Paste the contents of the previously create SSH public key in the window or click the Browse button to select this file.
When ready, click the Start Debug Session button. A new black box will appear in the drawer with instructions on how to access the BIG-IP Next command shell.

If you used the default options when creating the SSH key (for example: /home/student/.ssh/id_rsa), then follow the instructions as displayed.
```
ssh admin@10.1.1.7 -p 2222
```
If you used a different filename when creating the SSH key, specify this private key explicitly in the SSH command with the -i argument.
```
ssh -i mykey admin@10.1.1.7 -p 2222
```
Once inside the BIG-IP Next command shell, you will have access to various commands for troubleshooting data plan issues, including:
- tmctl - displays various TMM traffic processing statistics.
- bdt_cli - displays TMM networking information such as ARP and route entries.
- tcpdump - captures and replays packets sent and received on network interfaces.
- wget - retrieves files using HTTP, HTTPS, FTP, and FTPS.
- ping - tests reachability of remote hosts on IP networks using ICMP.
- traceroute - displays the packet route in hops to a remote host.
To stop debugging, close the SSH window then click the Stop Debug Session button in the Central Manager UI.

12.1.3. Test Network Traffic with TCPDUMP¶

You can use the tcpdump command in the BIG-IP Next debug shell to view the traffic flowing to/from the BIG-IP Next instance data plane.

In this lab environment, the client facing VLAN is named clientside, and the server facing VLAN is named serverside. You can verify these names with the following command:
```
ip link
```
Assuming an application has been deployed on the BIG-IP Next instance, start a tcpdump capture listening on the clientside VLAN:
```
tcpdump -lnni clientside
```
From a client browser, access the application deployed to the BIG-IP Next instance. This should generate traffic in the tcpdump capture window.

Previous Next