LTM Packet Tracer Analysis

Question

First and foremost, I have a request open to our account team to see if they are aware of any solution, but figured I would fire this off to the group to see what solutions the users have devised.

I am looking for a packet tracer of sorts, for the LTM, even if I can get something 80% out of the box would be great. Here is my dilemma.

When we have a site that is down, for a given domain, lets call it domain.com, I need to be able to pass this to the LTM and have it render some feedback on it's processing/manipulation/decision making. It would need to evaluate packet filters, routes, profiles, VS configuration, iRule, classes etc to name a few.

Simplified request... I am looking for something I can pass a source IP, source port, destination IP, destination Port and some HTTP options (method, hostheader, path, useragent, etc) and it returns back "LTM picked pool "POOL_ABC" due to iRule processing, source NAT was changed to x.x.x.x, header inserted _____, landing on serverA.

Thanks!

hoolio · Answer

I don't think this type of complete introspection is currently possible.  But it makes for an interesting use case.  If there are things you can't do that you'd like to, I'd encourage you to open a request for enhancement with F5 Support. 
&nbsp;  
&nbsp; You could do some of the logging in an iRule to get: 
&nbsp;  
&nbsp; client IP:port; local IP:port; HTTP request options like URI, headers, etc; serverside source IP:port; pool name; server IP:port 
&nbsp;  
&nbsp; Here's one example: 
&nbsp; http://devcentral.f5.com/wiki/iRules.LogTcpAndHttpRequestResponseInfo.ashx 
&nbsp;  
&nbsp; For the things like packet filter logic logging you could add logging to the packet filter rules.  But there isn't an option to selectively log this from an iRule.  You could enable 'reset cause logging' in 11.0, which might help. 
&nbsp;  
&nbsp; Aaron

khackworth_5078 · Answer

Aaron,&nbsp;
&nbsp;Thanks, yeah, I'm not seeing any way to currently perform this.  I am working with our F5 Rep on seeing if I can get them to provide this.  I thought about the iRule route to get some of this data, but scaling isn't the easiest (failed to mention that I manage about 1,000 LTMs with dozen or so unique iRules/each.  So I need something that can definitely scale.  I figured I would put feelers out here on DevCentral to see if any of the users have crafted their own mix on a pseudo solution.&nbsp;
&nbsp;Thanks again!&nbsp;&nbsp;&nbsp;

Forum Discussion

LTM Packet Tracer Analysis

2 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

License activation

Syslog server not visible in GUI

Same LTM Monitor applied to different Pools with Common Nodes

irule execution error

F5 AWAF/ASM learning only from Trusted traffic?

Related Content

Packet Analysis with Scapy and tcpdump: Checking Compatibility with F5 SSL Orchestrator

Dyre Malware Analysis

How to Setup Shape Log Analysis in Fastly

Decrypting BIG-IP Packet Captures Automatically

Decrypting BIG-IP Packet Captures without iRules

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS