Forum Discussion
Display LTM connections??
I am very new to F5 Big IP, mainly worked with Cisco CSMs and Citrix NetScaler load balancers in the past.....what I am trying to find is how to display what hosts are connected to a particular virtual server, what pool member it's getting routed to and what SNAT address the source is being assigned, etc.
WHat I have is a pair of F5 Big IP 4200s set up in a HA configuration.
Thanks for any help...Jeff
You didn't specify a version, but assuming you're running 10 or 11-something, Yoni is right.
is the basic starting point, but if that's all you specify, you'll see all the connections - which is probably much more output than you want. You need to specify additional information about the endpoints you care about if you want to limit the output. I think of them as filters in a sense - they limit the output to only things that match. The ones I primarily use are:tmsh show sys connection
cs-client-addr - the (client) source IP address on the clientside of the connection
cs-client-port - the (client) source port on the clientside of the connection
cs-server-addr - the (server) destination IP address on the clientside of the connection (i.e. the Virtual Server IP address)
cs-server-port - the (server) destination port on the clientside of the connection (i.e. the Virtual Server port)
ss-client-addr - the (client) source IP address on the serverside of the connection (i.e. the SNAT address)
ss-client-port - the (client) source port on the serverside of the connection (i.e. the SNAT port)
ss-server-addr - the (server) destination IP address on the serverside of the connection (i.e., the Pool Member address)
ss-server-port - the (server) destination port on the serverside of the connection (i.e., the Pool Member port)
You can mix/match these options as necessary to isolate the connections you are interested in. The more pieces of information you specify, the narrower your focus will be, and the smaller your output will become. So for example, this command would show me all connections from client 100.1.1.1, to any Virtual Server assigned address 10.1.1.0, that were load-balanced to Pool Member 192.168.1.1:9999:
tmsh show sys conn cs-client-addr 100.1.1.1 cs-server-addr 10.1.1.0 ss-server-addr 192.168.1.1 ss-server-port 9999
I have noticed over multiple TMM releases that the ss-client-addr and ss-client-port do not work, despite being available according to the command help. That was frustrating, since quite often these connection points are very important. However I just confirmed they do work in 11.2.1HF10. So depending on what version you're running, you may not see the SNAT address in the output. I think you can also append the all-properties option which should include that output, like this. Unfortunately, the output is not formatted as nicely:
tmsh show sys conn cs-client-addr 100.1.1.1 cs-server-addr 10.1.1.0 ss-server-addr 192.168.1.1 ss-server-port 9999 all-properties
Understanding exactly which points in the connection flow correspond to the cs-client-addr, ss-server-port, etc... options can be very, very helpful in isolating connections in the connection table.
- smp_86112Cirrostratus
You didn't specify a version, but assuming you're running 10 or 11-something, Yoni is right.
is the basic starting point, but if that's all you specify, you'll see all the connections - which is probably much more output than you want. You need to specify additional information about the endpoints you care about if you want to limit the output. I think of them as filters in a sense - they limit the output to only things that match. The ones I primarily use are:tmsh show sys connection
cs-client-addr - the (client) source IP address on the clientside of the connection
cs-client-port - the (client) source port on the clientside of the connection
cs-server-addr - the (server) destination IP address on the clientside of the connection (i.e. the Virtual Server IP address)
cs-server-port - the (server) destination port on the clientside of the connection (i.e. the Virtual Server port)
ss-client-addr - the (client) source IP address on the serverside of the connection (i.e. the SNAT address)
ss-client-port - the (client) source port on the serverside of the connection (i.e. the SNAT port)
ss-server-addr - the (server) destination IP address on the serverside of the connection (i.e., the Pool Member address)
ss-server-port - the (server) destination port on the serverside of the connection (i.e., the Pool Member port)
You can mix/match these options as necessary to isolate the connections you are interested in. The more pieces of information you specify, the narrower your focus will be, and the smaller your output will become. So for example, this command would show me all connections from client 100.1.1.1, to any Virtual Server assigned address 10.1.1.0, that were load-balanced to Pool Member 192.168.1.1:9999:
tmsh show sys conn cs-client-addr 100.1.1.1 cs-server-addr 10.1.1.0 ss-server-addr 192.168.1.1 ss-server-port 9999
I have noticed over multiple TMM releases that the ss-client-addr and ss-client-port do not work, despite being available according to the command help. That was frustrating, since quite often these connection points are very important. However I just confirmed they do work in 11.2.1HF10. So depending on what version you're running, you may not see the SNAT address in the output. I think you can also append the all-properties option which should include that output, like this. Unfortunately, the output is not formatted as nicely:
tmsh show sys conn cs-client-addr 100.1.1.1 cs-server-addr 10.1.1.0 ss-server-addr 192.168.1.1 ss-server-port 9999 all-properties
Understanding exactly which points in the connection flow correspond to the cs-client-addr, ss-server-port, etc... options can be very, very helpful in isolating connections in the connection table.
- Tom_9252NimbostratusVery helpful - thanks!
- yoni_100721Nimbostratus
tmsh show sys connection all-properties
you can filter with options do a "tmsh show sys connection ?" and see
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com