Forum Discussion

ssadoglu_207917's avatar
ssadoglu_207917
Icon for Nimbostratus rankNimbostratus
Oct 07, 2015

F5 BIG IP clone pooling

Hello

 

We want to deliver to analyzer machine the bi-directional traffic from BigIP F5 via clone pools. But I think it seems like to setup incorrectly because I can see the real client ip address is what reaches the virtual server for request and can not see F5 self ip for response I attacted pcap file Is not need to see F5 self-ip ?

 

https://www.cloudshark.org/captures/88b59721b74f

 

There are only 23 Previous Segments Missing from the tcpdump. There are some malformed https packets as well, but overall your incoming traffic looks acceptable.

 

The moral of the story we want to replicate server-side traffic (after address translation) to the clone pool member. What should I do ?

 

Thanks in advance Kind Regards,

 

  • I might be mistaken but I don't think clone pools actually clone traffic bi-directional, I think you only see the traffic that the BIG-IP sends to the pool member, not the response. Either way, the description of clone pools (both client- and serverside) specifically says that it is prior to address translation so I think you're out of luck there. Maybe you could set up port mirroring on the switch where the servers are attached and hook up your analyzer to that?

     

  • The document that exist is the solution guide which describes clone pools, not awfully descriptive but maybe it is of some help:

     

    sol13392

     

    But also of note is the built in help text for clone pools:

     

    Clone Pool (Client) Replicates client-side traffic (that is, prior to address translation) to a member of the specified pool. Options are: None, and entries for each already defined pool. The default is None.

     

    Clone Pool (Server) Replicates server-side traffic (that is, prior to address translation) to a member of the specified pool. Options are: None, and entries for each already defined pool. The default is None.