Forum Discussion

ajayreddy_16066's avatar
ajayreddy_16066
Icon for Nimbostratus rankNimbostratus
Jan 08, 2018

f5 tcp parameters

Hello All,

 

I have issue where I see no response from f5 VIP(SYN_ACK) to client SYN. Per my understanding, f5 creates session one towards client and another session with pool member. I have taken packet capture f5 -> Pool member and I could not correlate packets between f5-> pool member with client -> f5 VIP, which session correlates with which back end session(no SNAT). Unfortunately, I don't have CLI Access to F5 to run tcpdump, using remote packet filter tool to get captures.

 

Which tcp parameters are common between client -> f5 vip and f5 -> pool member to follow tcp stream ?

 

application delivery
big-ip ltm
f5-tcp
LTM
TMOS
wireshark

2 Replies

Sort By
  • Prince's avatar
    Prince
    Icon for Altostratus rankAltostratus
    Jan 09, 2018

    If SNAT is not involved, filtering the packet capture as below will give you the picture of communication either side.

     

    ip.src == SRC IP and ip.dst == VS_IP

     

    ip.src == SRC IP and ip.dst == POOL_Member_IP

     

    Look for communication for the destination port you are interested in.

     

    Since it is STD VS, 3 way handshake will first happen between client and F5 and then F5 will initiate a 3 way handshake with server

     

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Jan 08, 2018

    you could try source port, it isn't 100% but it might work. also if there is not SNAT the source IP is the same from the client to the F5 and from the F5 to the pool member. so why not test from a client that you further don't use here?

     

    depending on the VIP and traffic type you could also just send specific data. of course TCP 3way handshake has to happen first for that.

     

    and you have to consider it just doesn't work. if you don't see it, perhaps the F5 isn't configured correctly. you have check the config on it or can't you see that either?