AltocumulusHi,
How can I track an connection from point to point.?
for example track connection that coming from the internet -> to Virtual server -> to node.
using tcpdump I can only see the connection from the client to the virtual server. and from the f5 device to the node. but can't know to which node the client from the internet is passed to.
CirrusYou should be able to obtain that information by using tcpdump. What is the tcpdump command that you are using ?
You can also use iRule to log the connection and HSL.
NimbostratusUse this irule to log connection from the client through the node :
when SERVER_CONNECTED {
This logs information about the TCP connections on *both* sides of the full proxy
set client_remote "[IP::client_addr]:[TCP::client_port]"
set client_local "[IP::local_addr clientside]:[TCP::local_port clientside]"
set server_local "[IP::local_addr]:[TCP::local_port]"
set server_remote "[IP::server_addr]:[TCP::server_port]"
log local0. "Got connection: Client($client_remote)<->($client_local)LTM($server_local)<->($server_remote)Server"
}
you can also use the following command to view which client is connected to which node:
tmsh show sys conn cs-client-addr cs-server-addr 
AltostratusCapturing traffic with TMM information for a specific traffic flow
Beginning in BIG-IP 11.2.0, you can use the p interface modifier with the n modifier to capture traffic with TMM information for a specific flow, and its related peer flow. The p modifier allows you to capture a specific traffic flow through the BIG-IP system from end to end, even when the configuration uses a Secure Network Address Translation (SNAT) or OneConnect. For example, the following command searches for traffic to or from client 10.0.0.1 on interface 0.0:
tcpdump -ni 0.0:nnnp -s0 -c 100000 -w /var/tmp/capture.dmp host 10.0.0.1
Once tcpdump identifies a related flow, the flow is marked in TMM, and every subsequent packet in the flow (on both sides of the BIG-IP system) is written to the capture file.
Regards,
Mohammed