Forum Discussion

Rahul_Gupt_2401's avatar
Rahul_Gupt_2401
Icon for Nimbostratus rankNimbostratus
Sep 23, 2017

Verify Client connection to Nodes

Hi, my customer was complaining that they are able to reach F5 but not the servers. When I checked pool statistics on the LTM, there was traffic showing under "In Bits" but not in "Out Bits". I know ...
application delivery
LTM
TMSH
Jad_Tabbara__J1's avatar
Jad_Tabbara__J1
Icon for Cirrostratus rankCirrostratus
Sep 24, 2017

HI Rahul,

  • "In" Represents the cumulative number of bits (including all headers) that have been received from the pool or pool member.
  • "Out" Represents the cumulative number of bits (including all headers) that have been sent to the pool or pool member

To troubleshoot this from CLI : The easiest way is to make a tcpdump and view that you don't receive response from the node.

In the tcpdump capture you will have :

1) client_IP ---> VIP

2) client_IP <--- VIP  

3) client_IP ---> node_IP

4) ...

and you will never have responses from the node since the node will respond directly to client_IP... (asymetric routing) !

With SNAT the tcpdump looks like this:

1) client_IP ---> VIP

2) client_IP <--- VIP  

3) f5_self_IP ---> node_IP

4) f5_self_IP <--- node_IP

=> the F5 receives the responses from the node and can transmit it to the "client_IP"

To troubleshoot this from tmsh:

As you posted in your question you can view this by the following command

tmsh show sys connection cs-server-addr 10.27.5.174 
Sys::Connections **10.27.20.144**:36759 10.27.5.174:443 **10.27.20.144**:36759 10.27.7.133:443

It shows that client_IP is the same on the Client Side and Server Side connections Also you can determine this by view the statistics on the particular pool and note that the "IN" counter is not incremented because F5 don't receive any packet from the backend... 

tmsh show ltm pool pool_name

regards