Debugging/logging connections to a VIP

You can log connections using an iRule but I'm not sure that would give you what you want. For something like this you'll probably want to do a tcpdump on both sides of the virtual server (i.e external VLAN hitting the virtual server and internal VLAN to the pool members) and take a close look at the timings between packets. You should do both as if you see a delay in content getting back to the client, you'll want to check the internal capture to see if that delay is the F5 (unlikely) or the server taking time to respond.

Thanks :)

Assuming you are testing with a single client IP that you know and that isn't SNATted then the CLI syntax would be something like;

 

 

tcpdump -i 'internal-vlan-name' -nn -vv host x.x.x.x

 

 

If you wanted to see the actual content of the packets at the CLI too then;

 

 

tcpdump -i 'internal-vlan-name' -nn -vv -s 0 -X host x.x.x.x

 

 

To write it to a file instead;

 

 

 

tcpdump -i 'internal-vlan-name' -nn -vv -s 0 -w /dir/filename host x.x.x.x

Be careful running iRules to log all connections on a 9.x box. You could crash the box if you experience heavy usage. In newer versions, we support High Speed Logging that doesn't put the CPU load on the box that syslog logging does

Thanks Guys this would help!!

 

 

Can i kill a particular session from a client IP address on VIP which is using SNAT?

 

 

 

-C

Yes , you can use :

 

tmsh delete sys conn >>>>>> will delete all connections , also you can complete the command to include src-ip , dst-ip ......to kill specific connection