Forum Discussion

sundogbrew's avatar
Icon for Altocumulus rankAltocumulus
Jun 25, 2015

Looking for ideas on tracing traffic...

So I have a VIP that I am using for syslog server. This is my first IPv6 VIP so that is probably a lot of my problem. I do dumps on the outside interface and see the traffic getting to the V6 VIP, when I do dumps on the inside I am searching for my host and see traffic going to it. The problem is I am using the same host on the inside for v4 and v6 traffic (two different pools.) Is there a way to log traffic based on the pool it is coming from? Or can I do a quick Irule that would log traffic from that VIP and see where the breakdown is? I see nothing in my logs. Thanks Joe


2 Replies

  • In most cases the source port of the traffic is kept in place (by default it is set to 'preserve'). You might want to have a look at that in the packetdumps. Compare the original incoming packets source-port with the source-port used to connect to your poolmember.


  • have you used the p option in the tcpdump? to capture the client IP or VIP and it will include the backend pool connection With version 11.2 feature –p captures the peer server side connection with just the client ip in the command! This link has more details This example shows how the command looks with a single client. tcpdump -ni 0.0:nnnp -s 0 host -w /var/tmp/trace1.pcap