Urgent, please help to check why this irule didn't work

IP::server_addr isn't a valid command in the CLIENT_ACCEPTED event as there isn't a server side connection established yet. You should see a TCL error in the /var/log/ltm log file.

 

 

You might be looking for IP::local_addr which will return the destination IP of the client's packet.

 

 

Also, what do you want to happen if 192.168.253.1 made a request to 192.168.254.1? With your current rule, it would be sent to the CSG_OUT pool.

 

 

For your reference, check this post for details on the IP:: command output in various events: (Click here)

 

 

Aaron

Hi Aaron,

 

 

Many Thanks for your prompt reply, it relly help. Now There is no problem with rule syntax, but seems Bigip prevent the port 80 traffic to and from CSG, Here are my observations:

 

1. Using the existing rule traffic for www.gmail.com wotks fine.I can see it going to and coming from CSG.

 

2. Traffic for anything other than port 80 works fine .I mean it goes through the CSG.

 

E.g : Port 443 (https) ,ICMP ,Telnet etc.

 

But traffic for port 80 never reaches the CSG vlan

 

Even if I remove the internal rule completely.

 

Even if I assign pool :CSG_IN to the Internet VLAN.

 

 

I tried to telnet IP 5.6.7.8 from my air card:please see the dump

 

[root@ML02BIG006:Active] dataeng tcpdump -ni CSG_IN host 10.162.72.3

 

02:55:32.142977 10.162.72.3.4124 > 5.6.7.8.telnet: S 710742154:710742154(0) win 42300 (DF)

 

02:55:35.222239 10.162.72.3.4124 > 5.6.7.8.telnet: S 710742154:710742154(0) win 42300 (DF)

 

 

Also for ping

 

[root@ML02BIG006:Active] dataeng tcpdump -ni CSG_IN host 10.162.72.3

 

tcpdump: listening on CSG_IN

 

03:00:38.977723 10.162.72.3 > 5.6.7.8: icmp: echo request

 

03:00:43.716244 10.162.72.3 > 5.6.7.8: icmp: echo request

 

 

Conclusion is that only port 80 traffic doesn't reaches CSG.Reason can be any peculiar config,script or optimization by our vendor flashnetwork,because earlier port 80 traffic was being sent to Netgain and Netcash for compression.

 

 

Please help to figure out how can I change the config in bigip to life the screen for port 80 traffic.

 

 

Thanks

 

 

BRs

 

Qingnian

 

 

Can you post your current rule and the definition from the bigip.conf of your virtual server(s)? Can you also clarify what's working and what is failing?

 

 

This statement:

 

 

"Traffic for anything other than port 80 works fine."

 

 

seems to conflict with this statement:

 

 

"Conclusion is that only port 80 traffic doesn't reaches CSG"

 

 

When you run tcpdump, you can use interface 0.0 to capture traffic on all switch ports:

 

 

tcpdump -ni 0.0 -s0 host CLIENT_IP or host DESTINATION_IP

 

 

Thanks,

 

Aaron