sb_2323_80570
Nimbostratus
Nimbostratusloose initiation with CLIENT_ACCEPTED
Hi,
Apologies if this a dumb question, With loose initiation enable on fastL4 forwarding VS does CLIENT_ACCEPTED apply to all non SYN packets as well ?
Forum Discussion
nitass
Employee
Employeeonly when entry is added into connection table.
e.g.
config
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual fwd
ltm virtual fwd {
destination any:0
ip-forward
mask any
profiles {
fastl4_loose-init { }
}
rules {
qux
}
source 0.0.0.0/0
translate-address disabled
translate-port disabled
vs-index 3
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm profile fastl4 fastl4_loose-init
ltm profile fastl4 fastl4_loose-init {
app-service none
loose-initialization enabled
reset-on-timeout disabled
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
when CLIENT_ACCEPTED {
log local0. "[IP::remote_addr]:[TCP::remote_port] > [IP::local_addr]:[TCP::local_port]"
}
}
log (only when entry is added into connection table)
[root@ve11a:Active:In Sync] config tail -f /var/log/ltm
Apr 14 23:21:18 ve11a info tmm[13593]: Rule /Common/qux : 200.200.200.101:1000 > 172.28.24.1:80
trace (it is twice because each packet has clientside and serverside)
[root@ve11a:Active:In Sync] config tcpdump -nni 0.0 -s0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes
23:21:18.760356 IP 200.200.200.101.1000 > 172.28.24.1.80: . ack 479343804 win 512 in slot1/tmm0 lis=
23:21:18.760479 IP 200.200.200.101.1000 > 172.28.24.1.80: . ack 1 win 512 out slot1/tmm0 lis=/Common/fwd
23:21:19.761863 IP 200.200.200.101.1000 > 172.28.24.1.80: . ack 208842138 win 512 in slot1/tmm0 lis=/Common/fwd
23:21:19.761879 IP 200.200.200.101.1000 > 172.28.24.1.80: . ack 208842138 win 512 out slot1/tmm0 lis=/Common/fwd
23:21:20.763643 IP 200.200.200.101.1000 > 172.28.24.1.80: . ack 892741423 win 512 in slot1/tmm0 lis=/Common/fwd
23:21:20.763661 IP 200.200.200.101.1000 > 172.28.24.1.80: . ack 892741423 win 512 out slot1/tmm0 lis=/Common/fwd
23:21:21.765444 IP 200.200.200.101.1000 > 172.28.24.1.80: . ack 736318704 win 512 in slot1/tmm0 lis=/Common/fwd
23:21:21.765462 IP 200.200.200.101.1000 > 172.28.24.1.80: . ack 736318704 win 512 out slot1/tmm0 lis=/Common/fwd
23:21:22.767125 IP 200.200.200.101.1000 > 172.28.24.1.80: . ack 1288840124 win 512 in slot1/tmm0 lis=/Common/fwd
23:21:22.767145 IP 200.200.200.101.1000 > 172.28.24.1.80: . ack 1288840124 win 512 out slot1/tmm0 lis=/Common/fwd
23:21:23.767903 IP 200.200.200.101.1000 > 172.28.24.1.80: . ack 844006575 win 512 in slot1/tmm0 lis=/Common/fwd
23:21:23.767920 IP 200.200.200.101.1000 > 172.28.24.1.80: . ack 844006575 win 512 out slot1/tmm0 lis=/Common/fwd
23:21:24.768801 IP 200.200.200.101.1000 > 172.28.24.1.80: . ack 1230728634 win 512 in slot1/tmm0 lis=/Common/fwd
23:21:24.768818 IP 200.200.200.101.1000 > 172.28.24.1.80: . ack 1230728634 win 512 out slot1/tmm0 lis=/Common/fwd
23:21:25.770425 IP 200.200.200.101.1000 > 172.28.24.1.80: . ack 3901606585 win 512 in slot1/tmm0 lis=/Common/fwd
23:21:25.770459 IP 200.200.200.101.1000 > 172.28.24.1.80: . ack 3901606585 win 512 out slot1/tmm0 lis=/Common/fwd
23:21:26.772254 IP 200.200.200.101.1000 > 172.28.24.1.80: . ack 4097995636 win 512 in slot1/tmm0 lis=/Common/fwd
23:21:26.772272 IP 200.200.200.101.1000 > 172.28.24.1.80: . ack 4097995636 win 512 out slot1/tmm0 lis=/Common/fwd
23:21:27.774036 IP 200.200.200.101.1000 > 172.28.24.1.80: . ack 3847565380 win 512 in slot1/tmm0 lis=/Common/fwd
23:21:27.774055 IP 200.200.200.101.1000 > 172.28.24.1.80: . ack 3847565380 win 512 out slot1/tmm0 lis=/Common/fwd
- Thorough and well written!
