For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Techgeeeg_28888's avatar
Techgeeeg_28888
Icon for Nimbostratus rankNimbostratus
Aug 18, 2014

Commands to check a non responding VS or Pool

Hi Everyone,

 

Will someone provide a link to a document or explain the procedure to check the connection the connection flow and the responses to make sure the connection generated to a VS IP propagates all the way to pool member and the reply is received or if there is any problem in this flow how to figure it out.

 

Regards,

 

2 Replies

  • smp_86112's avatar
    smp_86112
    Icon for Cirrostratus rankCirrostratus
    Aug 18, 2014
    Wow, that's such a a wide-ranging, generalized question that I'm not sure you'll get great feedback. There are several ways to approach this, and some are easier than others. Generally speaking, they way I view the LTM is that it sits between the two devices that really need to talk - client and a server. And in order for a VS to work, there are a defined, general sequence of events that need to happen: * A client needs to send something * The LTM needs to receive it * The LTM needs to load-balance it to the Pool Member * The Pool Member must receive it * The Pool Member must process it * The Pool Member must send a response * The LTM must receive the response * The LTM must send the response back to the client * The client must receive it. What I tend to do is look at the problem and decide which of those steps are involved. A problem in any one of those steps will show up in different points along the connection path. For example, say there was a firewall between the LTM and the Pool Member preventing traffic from being load-balanced. How would that manifest itself from a client/user perspective? Where would you look to find evidence of it - would you look on the client? At the VIP? No, you would need to look on the server side of the LTM - you would want to confirm the data was 1) sent by the LTM and 2) received by the Pool Member. I, and a lot of other F5 admins, tend to do a lot of LTM troubleshooting with TCPDUMP and Wireshark. There are simply some problems that can't be identified any other way. However becoming skilled with these tools is not easy - it takes a lot of practice, experience, and research. That's why I'm afraid you might not get great answers - because pointing you to a single resource that can clearly explain how to take and analyze network traces does not exist.
  • gsharri's avatar
    gsharri
    Icon for Altostratus rankAltostratus
    Aug 22, 2014

    In a very basic sense I break it down to

     

    1) Is traffic reaching the virtual server?

     

    2) Is traffic reaching the pool members?

     

    3) Do the Local Traffic statistics show traffic in/out of the virtual servers and pool members?

     

    I am not aware of any feature/utility that allows you to trace the request as it's being processed internally by TMOS. You'll want to explore and get comfortable with tcpdump, tmsh commands, curl, and other gui/cli tools. Check out these AskF5 articles for additional information:

     

    SOL411

     

    SOL8082

     

    SOL10191

     

    SOL14163

     

    Good luck!