In a previous blog post, I introduced you to F5 Analytics and how it can enable you to gain more visibility into your F5 application delivery controller infrastructure. (If you missed part one, you can check it out here.) This blog post continues where I left off and provides two more exciting use cases for you to explore.

Viewing application page load times

This is a ground-breaking feature that really makes F5 stand out from its competition. Basically, this information is useful for tracking user experience by displaying how long it takes for your application web pages to load on client-side browsers.

Client-side browsers must meet the following requirements:

  • Support navigation timing by W3C
  • Accept cookies from visited application sites
  • Enable JavaScript® for the visited application sites

The BIG-IP Client Side Performance Monitoring (CSPM) feature generates the page load time data. According to F5 Networks, “To calculate the client-side load time for a web resource, the CSPM feature injects a piece of JavaScript code into the HTTP response that it sends to the client. When the client browser executes the JavaScript, it calculates the specific timing values needed by the CSPM feature, and reports those values back to the BIG-IP system in a cookie.”

There are three requirements for CSPM injection in an HTTP response. They are:

  • HTTP content is not compressed
  • HTTP content-type is text/html
  • HTTP content contains an HTML <head> tag

Application page load times are viewable in the F5 Analytics charts. Alerts are configured there as well. Page load time is measured by how long in milliseconds it takes for an end-user to make a request for a web page until the web page finishes loading on the client-side browser. Think of how amazing this is! You’re literally reaching out to your end-user, wherever he or she may be, and gathering statistics of their experience just by enabling a checkbox.

Troubleshooting applications by capturing traffic

This is typically used only for troubleshooting an active issue. I don’t recommend setting this up and leaving it on for eternity. This is not traffic capture like a tcpdump would do, but more of a layer-seven-type capture. I’ll explain that later.

The information captured is stored locally or remotely via syslog or a SIEM, like Splunk. If captured locally, the system stores the first 1,000 transactions. If using a VIPRION system, the system stores the first 1,000 transactions times the number of blades in the system. I recommend capturing the transactions remotely to syslog or Splunk where you are only limited by the storage of the remote destination.

So, what did I mean by layer-seven-type capture? Well, instead of capturing raw data like a tcpdump would, you can capture actual traffic, such as requests, responses, or both. The data contained by those may include:

  • None
  • Headers
  • Body
  • All

You can configure a traffic filter for captured traffic to include filtering by:

  • Virtual servers
  • Nodes
  • Response status codes
  • HTTP methods
  • URL
  • User agent
  • Client IP addresses
  • Request containing string
  • Response containing string

As you can see, this is different than doing a tcpdump and exporting to Wireshark for analysis, which may be fine for certain cases. My point here is to show you a new tool that you can use for troubleshooting an issue with your F5 BIG-IP application delivery controller environment that may rapidly provide you with more relevant data to solve an issue.

I hope this post stimulates your interest in F5 Analytics. It is a powerful (and free) tool to use in your F5 BIG-IP application delivery controller infrastructure.

In addition to F5 Analytics, there are many features available with F5’s application delivery controllers that can enhance your investment, increase your return on investment, and improve end-user experience. If you would like to learn more, GuidePoint’s security professionals have years of experience with F5 application delivery controllers, as well as integrating them with other solutions. We can help you develop a customized security plan to best meet your organization’s needs.

If you’re a GuidePoint client and have questions about F5 Analytics, please reach out directly to your personal contact or email us at If your organization wants to learn more about F5 Analytics and if it’s the right tool for you, let us know. You can find out more about GuidePoint and our services at

About GuidePoint Security

GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification is  with the System for Award Management (SAM). Learn more at: