Have you ever wanted to learn more about what your F5 BIG-IP application delivery infrastructure is doing? Sure, there are basic statistics like throughput, number of sessions, and active connections, but as layer four load balancers have evolved into layer seven application delivery controllers, shouldn’t the available performance metrics evolve as well?

In this blog post, I want to bring visibility to a great tool included in every F5 Networks BIG-IP platform. That tool is the F5 Analytics module (otherwise known as Application, Visibility, and Reporting or simply AVR). It’s already included with BIG-IP, you just need to provision it and set it up. (One quick note on provisioning, you should provision the AVR module with “minimum” resources.)

So, what is F5 Analytics? Well, it is a fantastic new way of discovering more information about your applications and infrastructure through graphical charts, and you can drill down for more specific details about performance-related statistics.

F5 Networks provides excellent documentation on the features and configuration of F5 Analytics on its support site, but I want to point out a few of the use cases. I hope to highlight its feature set so you can incorporate it into your own F5 BIG-IP application delivery controller infrastructure.

Troubleshooting applications by capturing statistics

This core F5 Analytics functionality is suitable for everyday use. F5 Analytics is configurable to capture a variety of great statistics. They include metrics, such as:

  • Max TPS and throughput
  • Page load time
  • User sessions

And entities, such as:

  • URLs
  • Countries
  • Client IP addresses
  • Client subnets
  • Response codes
  • User agents
  • HTTP methods

All of these metrics and entities are viewable in the administrative GUI. For instance, if a user calls in and says an application is broken, you can filter the transaction statistics by client IP address and then narrow the filter by virtual server and time period to view the actual request/response metadata. It is pretty cool to troubleshoot a problem with an application just by drilling down into some graphs to isolate the issue. In addition to collecting statistics locally on BIG-IP, you can collect data remotely via syslog or a SIEM, such as Splunk and view the data there.

Investigating server latency

This is F5 Analytics key feature and may provide valuable information to your server and application teams. F5 Analytics measures server latency in milliseconds from the time the request reaches the BIG-IP, for it to proceed to the application server, and return a response to the BIG-IP system.

In my experience as a BIG-IP administrator, one of the most common misconceptions was that the LTM was somehow adding latency to server response times. Fingerpointing was often directed at the LTM, and I frequently had to run tcpdumps to exonerate the LTM as the culprit of server latency.

In addition to providing server latency statistics, F5 Analytics provides the ability to set an alert threshold in milliseconds and issue an alert via syslog, SNMP, or via email. This information helps to proactively track latency issues with web servers, application servers, database servers, etc. This is a big deal because you can now isolate where slower components may exist in your web stack all from a simple GUI.

I hope this posts stimulates an interest in F5 Analytics. It is a powerful (and free) tool to use in your F5 BIG-IP application delivery controller infrastructure.

In addition to F5 Analytics, there are many features available with F5’s application delivery controllers that can enhance your investment, increase your return on investment, and improve end-user experience. If you would like to learn more, GuidePoint’s security professionals have years of experience with F5 application delivery controllers, as well as integrating them with other solutions. We can help you develop a customized security plan to best meet your organization’s needs.

If you’re a GuidePoint client and have questions about F5 Analytics, please reach out directly to your personal contact or email us at info@guidepointsecurity.com. If your organization wants to learn more about F5 Analytics and if it’s the right tool for you, let us know. You can find out more about GuidePoint and our services at www.guidepointsecurity.com.

Check out part two of this series on F5 Analytics here.

About GuidePoint Security

GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification is with the System for Award Management (SAM). Learn more at: www.guidepointsecurity.com.