check connections from one VIP to other

Question

Hi All,&nbsp;
I have created a new setup where i have a main VIP in which i have created an Irule, depending on the keyword it will send traffic to child VIPS where actual servers reside. This setup is working as expected but there is one problem, when i check show sys connection cs-server-addr Main_VIP, in the connection table i can see the Main VIP initiating connection to the server which is behind the child VIP, but i don't see child VIP, is there something i am missing here.&nbsp;
Setup: Main_VIP - irule to match "keyword1" then child_vip1 else child_vip2, this works fine.&nbsp;
current status on connection table
Main_vip: self_ip: child_vip1_server_IP&nbsp;
expecting connection table
Main_vip: Child_vip1: self_ip: child_vip1_server_IP &nbsp;
it would be great if someone can point me in right direction to get the connection tables.&nbsp;

jaikumar_f5 · Answer

I aint 100% sure, but here's what I know. The connections table tells you 4 fields,
cs-client-addr --&gt; cs-server-addr --&gt; ss-client-addr --&gt; ss-server-addr
Assume the below,
Client IP - 10.10.10.10
VIP - 20.20.20.20
Self IP - 25.25.25.25
Pool Member - 30.30.30.30
tmsh show sys connection cs-client-addr 10.10.10.10
Result would show you client IP and the VIP and the Self IP and the Pool member to which it load balanced too. You can use the all-properties to see the clientside connection and serverside connection details.
Sys::Connections
10.10.10.10:50915   20.20.20.20:443  25.25.25.25:50915  30.30.30.30:443  tcp  1   (tmm: 5)  none

The cs-client-addr,cs-server-addr,ss-client-addr,ss-server-addr are all filters to narrow your connection table. You can combine every filter to narrow your search too.
tmsh show sys connection cs-client-addr 10.10.10.10 cs-server-addr 20.20.20.20 ss-server-addr 30.30.30.30 all-properties
So if you want to see the traffic on the Child VIP, you should specify the child VIP as the filter, and here the Child VIP will be the cs-server-addr since the main VIP is the source. Haven't tested, but please try the below,
tmsh show sys connection cs-server-addr CHILD-VIP1
or even simpler would be to do a grep in the show sys connection.
tmsh show sys connection | grep CHILD-VIP1

Forum Discussion

check connections from one VIP to other

1 Reply

Recent Discussions

Unwinding the Benefits of Investing in White Label Crypto Wallet

SMTP profile not visible & showing

About AWAF "Redirect URLs" in "Responses and Blocks"

F5 iRule to replace host to path

Chrome V 124+ on MacOS - Virtual Server Access Issue

Related Content

Check a Virtual Server's SSL Status

Leaked Credential Check with Advanced WAF

Using F5 Distributed Cloud DNS Load Balancer health checks and DNS observability

F5 Connection Mirroring question

snmp-check external monitor