In depth traffic analysis

Problem this snippet solves:

Here is an iRule that logs essentially every major iRule parameter during some commonly used events. It breaks out the traffic by protocol (Ethernet, IP, TCP, HTTP) so it can be somewhat vaguely readable while presenting a bunch of data.

The primary use is for debugging so it outputs everything at every step -- more than just stats (the MAC addresses and IP's and ports at every stage...since they can definitely change if you're using tricky iRules!).

Thanks go to Mike Lowell for this contribution.

Code :

rule rule_log_requests {
   when CLIENT_ACCEPTED {
    set info "client { [IP::client_addr]:[TCP::client_port] -> [IP::local_addr]:[TCP::local_port] }"
    append info " ethernet { [string range [LINK::lasthop] 0 16] -> [string range [LINK::nexthop] 0 16] tag [LINK::vlan_id] qos [LINK::qos] }"
    log local0. $info
}

when LB_SELECTED {
    set info "client { [IP::client_addr]:[TCP::client_port] -> [clientside {IP::local_addr}]:[clientside {TCP::local_port}] }"
    catch { append info " server { [IP::local_addr]:[TCP::local_port] -> [IP::server_addr]:[TCP::server_port] }" }
    append info " ethernet { [string range [LINK::lasthop] 0 16] -> [string range [LINK::nexthop] 0 16] tag [LINK::vlan_id] qos [LINK::qos] }"
    log local0. $info
}

when SERVER_CONNECTED {
    set info "client { [IP::client_addr]:[TCP::client_port] -> [clientside {IP::local_addr}]:[clientside {TCP::local_port}] }"
    append info " server { [IP::local_addr]:[TCP::local_port] -> [IP::server_addr]:[TCP::server_port] }"
    append info " ethernet { [string range [LINK::lasthop] 0 16] -> [string range [LINK::nexthop] 0 16] tag [LINK::vlan_id] qos [LINK::qos] }"
    log local0. $info
}

when HTTP_REQUEST {
    set info "client { [IP::client_addr]:[TCP::client_port] -> [clientside {IP::local_addr}]:[clientside {TCP::local_port}] }"
    catch { append info " server { [serverside {IP::local_addr}]:[serverside {TCP::local_port}] -> [IP::server_addr]:[TCP::server_port] }" }
    append info " ethernet { [string range [LINK::lasthop] 0 16] -> [string range [LINK::nexthop] 0 16] tag [LINK::vlan_id] qos [LINK::qos] }"

    append info " - [HTTP::method] [HTTP::uri] [HTTP::version]"
    append info " *TCP MSS [TCP::mss], BW [TCP::bandwidth], RTT [TCP::rtt], OFFSET [TCP::offset]"
    append info " *IP TOS [IP::tos], HOPS [IP::hops], TTL [IP::ttl], PKTS_IN [IP::stats pkts in], PKTS_OUT [IP::stats pkts out], BYTES_IN [IP::stats bytes in], BYTES_OUT [IP::stats bytes out]"
    append info " *HTTP HOST [HTTP::host], KEEPALIVE [HTTP::is_keepalive], REQ_NUM [HTTP::request_num]"
    append info " *HTTP PATH [HTTP::path], QUERY [HTTP::query]"
    log local0. $info
}

when HTTP_RESPONSE {
    set info "client { [IP::client_addr]:[TCP::client_port] -> [clientside {IP::local_addr}]:[clientside {TCP::local_port}] }"
    append info " server { [IP::local_addr]:[TCP::local_port] -> [IP::server_addr]:[TCP::server_port] }"
    append info " ethernet { [string range [LINK::lasthop] 0 16] -> [string range [LINK::nexthop] 0 16] tag [LINK::vlan_id] qos [LINK::qos] }"
    append info " - [HTTP::status] [HTTP::version] - REDIR [HTTP::is_redirect], Content-Length [HTTP::header Content-Length], Transfer-Encoding [HTTP::header Transfer-Encoding]"
    append info " *TCP MSS([TCP::mss]) BW([TCP::bandwidth]) RTT([TCP::rtt]) OFFSET([TCP::offset])"
    append info " *IP TOS [IP::tos], HOPS [IP::hops], TTL [IP::ttl], PKTS_IN [IP::stats pkts in], PKTS_OUT [IP::stats pkts out], BYTES_IN [IP::stats bytes in], BYTES_OUT [IP::stats bytes out]"
    append info " *HTTP HOST [HTTP::host], KEEPALIVE [HTTP::is_keepalive], REQ_NUM [HTTP::request_num]"
    log local0. $info
}
}
Published Mar 18, 2015
Version 1.0
application delivery
devops
iRules
reporting

Was this article helpful?

No CommentsBe the first to comment