how to clone/mirror traffic of a "member"

That looks like it should work. Are you seeing any traffic sent to the x.x.x.y pool member? Can you try removing the 0 from the clone and pool commands? By default if you don't specify a port TMM should use the client's destination port to send the traffic to.

 

 

Aaron

Hi Hoolio,

 

 

I tried both with and without ports, unfortunately I could not see the related traffic in the clone server.

 

 

I am just concerned with inbound traffic that goes to a specific member of the pool. Do you think SERVER_CONNECTED is the right context for this?

 

 

I also think I should remove default pool from the user interface and let iRule to completely deal with it.

 

 

-Cx

hmm, although I want to duplicate some of the traffic instead of all inbound traffic; considering the below link I believe i am at the dead end, unless F5 changed something.

 

 

http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/50/aft/28270/showtab/groupforums/Default.aspx

i guess your clone pool member is not ids/ips device.

 

 

by the way, what kind of your udp traffic is it?

no it is not Nitass, pool memebers just process data.

 

What I am trying to do is to compare my current "processing software" with a new one to see which one is better. Fair way to do this is to send the same traffic to both servers, I thought.

 

 

my current iRule is like this:

 

 

when CLIENT_ACCEPTED {

 

clientside { clone pool my_clone_pool }

 

}

 

 

when SERVER_CONNECTED {

 

if { [IP::addr [IP::server_addr] equals x.x.x.x] } {

 

clone pool clone_Pool Pool has only one member

 

}

 

}

 

 

Unfortunately there is no traffic cloned to clone_pool with this iRule.

 

 

 

 

 

 

 

i guess bigip sends clone traffic but server does not pick it up since layer 3 header remains unchange.

 

 

sol8573: Overview of port mirroring and clone pools

 

http://support.f5.com/kb/en-us/solutions/public/8000/500/sol8573.html

 

 

instead of using clone pool, may it be possible to collect packet and send it to server using something like HSL or sideband connection?

maybe it is because the header, although network is promisc, I see nothing in tcpdump.

 

for sideband connection, I have not switched to v11 yet, but I will go trough it to see if it is handy.

 

thanks.

although network is promisc, I see nothing in tcpdump. have you tried to capture packet on bigip?

The clone server would need to accept packets destined for its MAC address with a destination IP of the virtual server or the production pool member for the clone pool to work.

 

 

If the clone server will only answer for its own IP address and you can use source address translation for the clone server traffic, you could use High Speed Logging to do this. Colin wrote up a tech tip for an iRule which does this for HTTP requests. You could modify that for your UDP use case.

 

 

http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1088513/HTTP-Request-Cloning-via-iRules-Part-1.aspx

 

 

If you can't use source address translation on the cloned traffic you could try using sideband connections in v11. Using the sideband connect -myaddr command option, you can set the source IP address that TMM uses for the sideband connection. For TCP traffic the clone server would need to have its default gateway set to the LTM self IP. For UDP, the responses and therefore the clone server gateway shouldn't matter.

 

 

http://devcentral.f5.com/wiki/iRules.sideband.ashx

 

http://devcentral.f5.com/wiki/iRules.connect.ashx

 

 

If you try either option and get something working, it would make a great codeshare example. Or if you try something and get stuck, post the iRule you're testing and any debug logging output you add to the iRule.

 

 

Aaron

Hi everyone

 

can use to solve the problem of the following irule in addition to enable the default pool.

 

 

when LB_SELECTED {

 

if { [IP::addr [LB::server addr] equals 9.9.9.30] } {

 

clone pool Site_A_Pool

 

log local0. "client: [IP::remote_addr]"

 

}

 

}