Forum Discussion
F5_LB_Eng
Cirrostratus
CirrostratusBackend server IP not visible in TCP dump
Hi ,
i am not able to see client IP in the TCP dump .. i see the client IP and LB - VIP only.
but i am able to reach the page , but its not showing server IP in the tcp dump.
below tcp dump co
tcpdump -s0 -nni 0.0:nnnp host 10.10.10.xx and port 443
Hi F5_LB_ENG,
> Answer to: tcpdump -p
Check the KB article Omar2 send you. The -p option does not work for HTTP2.
> Answer to 1.)
No. I dont recommend to used the HTTP MRF Router in Gateway mode. Way too many trouble and limitations.
> Answer to 2.)
I noticed the same. The functionality of the HTTP MRF Router in Gateway mode is somehow pure annoying and causes headaches. But miliage may vary...
> Answer to 3.)
Lots of fixes and also new issues. Some symtoms are only valid for if you use HTTP MRF Router and some are valid if you dont use HTTP MRF Router. I found the problems without using HTTP MRF Router more acceptable so far. Right now I dont have any known issues on my agenda using latest v16.
> Answer to 4.)
Plenty of them. Check the f5 support page and take some time for a reading.
> Answer to 5.)
Use it only for HTTP/2 full-proxy mode (HTTP MRF Router must be enabled in this specific case). Try to avoid the use of iRules or Local Traffic Policies and unnecessary features. Try to run this setup in a clean 1:1 VS->Pool mapping by using VS settings only. Thats probably the best usecase for it right now.
Cheers, Kai
- Kai_Wilke
MVP
Hi F5_LB_Eng,
depending on your setup, the client side and server side connection may use different ingress/egress interfaces and/or src_ip and dst_ip combinations. In a typical SNAT enabled deployment you will see two connections...
CLIENT_IP -> VS_IP || SNAT_IP -> SERVER_IP
You may try to capture the traffic with a more specific expression including the client-connection as well as server-connection...
~ # tcpdump -s0 -nni 0.0:nnnp '(host 1.1.1.1 and host 2.2.2.2 and port 443) or (host 3.3.3.3 and host 4.4.4.4 and port 443)'Cheers, Kai
Omar2Cirrus
Hello,
This happened when for example you have an i-rule to select between different pools "different dest IP combination" and the solution is to set the host addresses or other details specific to the peers as the KB below:
F5_LB_EngHi ,
thanks for you reply..
the issue is tcpdump -p does not catch server-side traffic in HTTP/2 Gateway-mode
i see the traffic from client to lb and it doest catch server side traffic
1. Can the profile "httprouter" safely used in HTTP/2 Gateway-mode in Rel. 16.1.x?
2. Because we observed a lot of bugs when profile "httprouter" was redundantly used in http/2 Gateway-Mode.
3. Were there any change in usage of profile "httprouter" in Rel. 16.1.x compared to Rel. 15.1.x?
4. Is this behavior a SW-bug?
5. On what condition we need to use httprouter in the profile ..- Kai_Wilke
Hi F5_LB_ENG,
> Answer to: tcpdump -p
Check the KB article Omar2 send you. The -p option does not work for HTTP2.
> Answer to 1.)
No. I dont recommend to used the HTTP MRF Router in Gateway mode. Way too many trouble and limitations.
> Answer to 2.)
I noticed the same. The functionality of the HTTP MRF Router in Gateway mode is somehow pure annoying and causes headaches. But miliage may vary...
> Answer to 3.)
Lots of fixes and also new issues. Some symtoms are only valid for if you use HTTP MRF Router and some are valid if you dont use HTTP MRF Router. I found the problems without using HTTP MRF Router more acceptable so far. Right now I dont have any known issues on my agenda using latest v16.
> Answer to 4.)
Plenty of them. Check the f5 support page and take some time for a reading.
> Answer to 5.)
Use it only for HTTP/2 full-proxy mode (HTTP MRF Router must be enabled in this specific case). Try to avoid the use of iRules or Local Traffic Policies and unnecessary features. Try to run this setup in a clean 1:1 VS->Pool mapping by using VS settings only. Thats probably the best usecase for it right now.
Cheers, Kai
- F5_LB_Eng
if we add the httprouter in the profile i can see the server side IP in the tcp dump