For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

asayer_6572's avatar
asayer_6572
Icon for Nimbostratus rankNimbostratus
Jan 21, 2010

LDAP - Tracking Heavy Clients

Hi all,

 

we have are using a pair of LTM1500's(v9.4.7) to LB LDAP 389 and 636.

 

 

I am trying to get stats on client usage.

 

For example what client IP's have the highest traffic and connections.

 

 

I have looked at the CLI and bigpipe but cant find anything to provide the information I'm after.

 

 

Any help would be greatly appreciated.

 

Thanks in advance

 

 

config
design

5 Replies

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Jan 22, 2010
    Hi,

     

     

    Is there something in particular you're trying to achieve?

     

     

    LTM doesn't store these types of metrics by default. It would be a little difficult to track the top X client IP's, as that would require keeping a count of every client IP address that accesses the VIP or logging every single request to the VIP.

     

     

    You could use a stats profile and iRule to collect arbitrary statistics. But whether it will work for you scenario depends on what you're trying to do. Here is an article from Joe with a great example of using an iRule and stats profile together:

     

     

    Custom Reporting with iRules

     

    http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=66

     

     

    Aaron
  • asayer_6572's avatar
    asayer_6572
    Icon for Nimbostratus rankNimbostratus
    Jan 22, 2010
    Thanks for the reply Aaron.

     

     

    I'll have a read of the example you posted.

     

     

    What I am trying to do is at certain times of the day we see peeks in LDAP connections and requests which increases the load on the back end LDAP nodes.

     

     

    The LDAP traces on the back end servers only show the IP of the LB so tracking is impossible.

     

     

    So I thought If I can see clients by traffic then it might give me a better idea of the culprit.

     

     

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Jan 22, 2010
    If the connections through LTM are less then ~7k (Click here), you could dump out the connection table using 'b conn all show all' and parse the output to find out which are the top clients.

    This would be considerably more efficient than the alternatives of trying to track all client connections. If you did want to try that route, you could use an iRule which logs (ideally remotely) all client connections. One example using a remote UDP syslog server is: 

      
  when SERVER_CONNECTED {  
    
      Log the connection details to a remote syslog server  
     log 1.1.1.1:514 local0.debug "client IP:port=[IP::client_addr]:[TCP::client_port],\  
        SNAT IP:port=[IP::local_addr]:[TCP::local_port], server IP:port=[IP::server_addr]:[TCP::server_port]"  
  }

    Aaron
  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Jan 22, 2010
    You could also modify one of the flood protection iRules in the codeshare (like this one Click here) and just have it log the hitters over your specified max count.
  • asayer_6572's avatar
    asayer_6572
    Icon for Nimbostratus rankNimbostratus
    Jan 25, 2010
    Thanks for the replies, thats great.

     

     

    I've had a play around with "b conn server show all"

     

    which gives me a table of stats which I was after.

     

    I've pumped it out to a file then scripted it into a nice format.

     

     

    I'll have a play around with the flood protection iRule in the next few days.