Forum Discussion
CirrostratusFlow, is this correct description
Hi,
Trying to understand flows in LTM. In SOL13637: Capturing internal TMM information with tcpdump there is example of flows like that:
Packet from client to BIG-IP 10.1.1.1:1234 -> 10.1.1.3:80
flow id: 5678
peer id: 4356
Peer remote address: 10.2.1.5
Peer remote port: 80
Peer local address: 10.2.1.3
Peer local port: 1234
Packet from server to BIG-IP 10.2.1.3:1234-> 10.2.1.5:80
Flow id: 4356
Peer id: 5678
Peer remote address: 10.1.1.1
Peer remote port: 1234
Peer local address: 10.1.1.3
Peer local port: 80
My understanding is that first flow (flow id: 5678) is for packet traveling from client to pool member:
- Client to BIG-IP 10.1.1.1:1234 -> 10.1.1.3:80
- BIG-IP to member 10.2.1.3:1234 -> 10.2.1.5:80 (SNAT used, port preserved)
Second flow is from member to client (flow ID: 4356) referenced as peer id in first flow:
- member to BIG-IP 10.2.1.5:80 -> 10.2.1.3:1234
- BIG-IP to client 10.1.1.3:80 -> 10.1.1.1:1234
But description of second flow states "Packet from server to BIG-IP 10.2.1.3:1234-> 10.2.1.5:80", shouldn't it state "Packet from server to BIG-IP 10.2.1.5:80 -> 10.2.1.3:1234"?
Packet from server to BIG-IP 10.2.1.3:1234-> 10.2.1.5:80 looks for me as BIG-IP speaking with member - and this is part of first flow.
So Am I right or wrong?
Piotr
5 Replies
Hi,
Please check this, The term peer is used to describe and identify a connection. A connection is two flows. Each flow is a peer of the other.
And with a little bit of Internet surfing you can find that a flow is a sequence of packets from a source computer to a destination, which may be another host, a multicast group, or a broadcast domain. RFC 2722 defines traffic flow as "an artificial logical equivalent to a call or connection."
Remember that a flow itself it's different of the Flow ID: A number identifying a flow within TMM. The same flow ID can be used for different flows in different TMMs. Also, the same flow ID can be re-used for a different flow within the same TMM at a different time.
nitass_89166Noctilucent
Packet from server to BIG-IP 10.2.1.3:1234-> 10.2.1.5:80
i think this one should be packet from bigip to server (rather than packet from server to bigip). it is serverside connection.
dragonflymrSure, this is another option :-), so still what is in SOL is mistake that a bit confused me. Thanks a lot for explanation, it helped me a lot Piotr
- nitass
Employee
Packet from server to BIG-IP 10.2.1.3:1234-> 10.2.1.5:80
i think this one should be packet from bigip to server (rather than packet from server to bigip). it is serverside connection.
- dragonflymrSure, this is another option :-), so still what is in SOL is mistake that a bit confused me. Thanks a lot for explanation, it helped me a lot Piotr
