b conn protocol syntax

In 9.3.1, this seems to work:

 

 

b conn protocol 80 show

 

No connections were found.

 

 

Also, in 10, the help shows:

 

 

 

protocol

 

Specifies the protocol used for specified connections (for exam-

 

ple: tcp, udp, and other L4 protocols).

 

 

 

 

And it works with tcp, udp or icmp:

 

 

b conn any protocol tcp show

 

1.1.1.20:1536 <-> 2.2.2.3 <-> 2.2.2.3:443 6 1/1

 

1.1.1.20:1577 <-> 2.2.2.3 <-> 2.2.2.3:443 6 1/0

 

1.1.1.20:1617 <-> 2.2.2.3 <-> 2.2.2.3:443 6 1/0

 

1.1.1.20:2305 <-> 2.2.2.3 <-> 2.2.2.3:22 6 1/1

 

 

b conn any protocol udp show

 

No Conns were found.

 

 

b conn any protocol icmp show

 

2.2.1.3:12141 <-> any%65535 <-> 2.2.0.21:8 1 1/1

 

2.2.1.3:55704 <-> any%65535 <-> 2.2.0.21:8 1 1/0

 

2.2.1.3:60203 <-> any%65535 <-> 2.2.0.21:8 1 1/1

 

2.2.2.3:20898 <-> any%65535 <-> 74.125.45.100:8 1 1/0

 

2.2.2.3:48522 <-> any%65535 <-> 74.125.45.100:8 1 1/0

 

 

b conn protocol 80 show

 

No Conns were found.

 

 

Aaron

 

The ones that work for me are protocol 80, tcp, udp, and icmp. Everything else fails:

 

 

 

root@ltm:Active] ~ b conn protocol 80 show

 

No connections were found.

 

[root@ltm:Active] ~ b conn protocol http show

 

BIGpipe: 010a0037:3: The requested protocol name (http) is invalid.

 

[root@ltm:Active] ~ b conn protocol 443 show

 

BIGpipe: 010a0049:3: The requested protocol number (443) is invalid.

 

[root@ltm:Active] ~ b conn protocol https show

 

BIGpipe: 010a0037:3: The requested protocol name (https) is invalid.

 

[root@ltm:Active] ~ b conn protocol https show

 

 

But I keep going back to this:

 

protocol may be specified by number or name (http, or 80).

 

 

Seems to me like at least this should work since it is explicitly mentioned in the help:

 

[root@ltm:Active] ~ b conn protocol http show

 

BIGpipe: 010a0037:3: The requested protocol name (http) is invalid.

 

Ah... sorry, I missed that. It seems like a bug if 80 works but http or 443 don't. You could open a case with F5 Support to report the issue.

 

 

Service numbers seem to work on 10.0.1, but there are some odd results for 9.3.1:

 

 

[root@bigip931:Active] ~ b conn protocol icmp

 

No connections were found.

 

 

[root@bigip931:Active] ~ b conn protocol 80

 

No connections were found.

 

 

[root@bigip931:Active] ~ b conn protocol 25

 

No connections were found.

 

 

[root@bigip931:Active] ~ b conn protocol 443

 

BIGpipe: 010a0049:3: The requested protocol number (443) is invalid.

 

 

[root@bigip931:Active] ~ b conn protocol smtp

 

BIGpipe: 010a0037:3: The requested protocol name (smtp) is invalid.

 

 

 

Aaron

The problem here is that there is confusion between protocols and port numbers. ICMP, TCP, and UDP are protocols (see http://www.iana.org/assignments/protocol-numbers/ for the complete list and their associated numbers). In the given context, http, smtp, 443, 25, and 80 are ports, not protocols.

 

 

I note that the documentation ("b conn help") is already fixed in later versions.

I understand the distinction you are making, and it is a good and valid one. If that is indeed the case why, it is a pretty frustrating error to see in the doc.

 

Is there any way to answer the question of what clients are connected to any HTTPS VIP without writing something myself to massage the connection table output?

Ah, I was assuming that I was getting the "No Conns|connections were found" message because the command was valid but there weren't any port 80 connections in the connection table. But now testing with active HTTP connections, 'b conn protocol 80' still returns the no connections found message. As you said, 'b conn protocol' is expecting the protocol number, not the port number.

 

 

That makes a bit more sense now after your explanation. Thanks for clarifying.

 

 

Aaron

If by https you mean port 443, then "b conn server any:443" should do the trick.