LTM Packet Tracer Analysis

Question

First and foremost, I have a request open to our account team to see if they are aware of any solution, but figured I would fire this off to the group to see what solutions the users have devised.

I am looking for a packet tracer of sorts, for the LTM, even if I can get something 80% out of the box would be great. Here is my dilemma.

When we have a site that is down, for a given domain, lets call it domain.com, I need to be able to pass this to the LTM and have it render some feedback on it's processing/manipulation/decision making. It would need to evaluate packet filters, routes, profiles, VS configuration, iRule, classes etc to name a few.

Simplified request... I am looking for something I can pass a source IP, source port, destination IP, destination Port and some HTTP options (method, hostheader, path, useragent, etc) and it returns back "LTM picked pool "POOL_ABC" due to iRule processing, source NAT was changed to x.x.x.x, header inserted _____, landing on serverA.

Thanks!

hooleylist · Answer

I don't think this type of complete introspection is currently possible.  But it makes for an interesting use case.  If there are things you can't do that you'd like to, I'd encourage you to open a request for enhancement with F5 Support. 
&nbsp;  
&nbsp; You could do some of the logging in an iRule to get: 
&nbsp;  
&nbsp; client IP:port; local IP:port; HTTP request options like URI, headers, etc; serverside source IP:port; pool name; server IP:port 
&nbsp;  
&nbsp; Here's one example: 
&nbsp; http://devcentral.f5.com/wiki/iRules.LogTcpAndHttpRequestResponseInfo.ashx 
&nbsp;  
&nbsp; For the things like packet filter logic logging you could add logging to the packet filter rules.  But there isn't an option to selectively log this from an iRule.  You could enable 'reset cause logging' in 11.0, which might help. 
&nbsp;  
&nbsp; Aaron

khackworth_5078 · Answer

Aaron,&nbsp;
&nbsp;Thanks, yeah, I'm not seeing any way to currently perform this.  I am working with our F5 Rep on seeing if I can get them to provide this.  I thought about the iRule route to get some of this data, but scaling isn't the easiest (failed to mention that I manage about 1,000 LTMs with dozen or so unique iRules/each.  So I need something that can definitely scale.  I figured I would put feelers out here on DevCentral to see if any of the users have crafted their own mix on a pseudo solution.&nbsp;
&nbsp;Thanks again!&nbsp;&nbsp;&nbsp;

Forum Discussion

LTM Packet Tracer Analysis

Recent Discussions

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Switch ssl profile based on weak cipher detection via IRULE

Related Content

Packet Analysis with Scapy and tcpdump: Checking Compatibility with F5 SSL Orchestrator

Post-Breach Analysis: Sophistication and Visibility

Decrypting BIG-IP Packet Captures without iRules

Decrypting BIG-IP Packet Captures Automatically

How to Setup Shape Log Analysis in Fastly

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS