Monitor SNATs

I usually do it using tcpdump. Any other methods?

Yeah TCP dump is ok.... a NAT table would be better

What is is exactly that you're wanting to monitor? tcpdump isn't really what I'd call a monitoring tool in the same way as viewing a table... More of a diagnostics tool to see traffic as it flows

 

 

From tmsh there's tmsh's 'show ltm snat' and 'show ltm snatpool', which will give you stats from the snag and snatpool...

 

 

 

be aware also that tcpdump compromises the speed & performance of your unit, and is limited to 200pps max (It has to get all that data form the switch into the host and then perform the filtering.. That takes CPU and memory bandwidth).

 

 

H

b conn show using filters on the snat address is another option depending on number of connections.

 

 

Aaron

If you want to "try" and combat any performance degradation tcpdump puts on your box, you can utilize the "nice" command.. A bit confusing so make sure you read thoroughly before using... as negative numbers actually increase the priority, higher numbers lower it..

 

 

Here's a decent article laying the nice command out.. there is also "renice" for running processes

 

not sure if this is helpful. anyway, i like tcpdump. 😛

[root@tulip:Active] config  b virtual
No virtual servers were found.

[root@tulip:Active] config  b snat list
snat test {
   automap
   origins default inet
}

[root@tulip:Active] config  b snat test
SNAT test
|     (cur, max, limit, tot) = (1, 1, 0, 5)
|     (pkts,bits) in = (122, 95648), out = (122, 95648)
+-> SNAT ORIG ADDR test/default inet
|     AUTOMAP

[root@tulip:Active] config  b conn protocol icmp show all
VIRTUAL any:any <-> NODE 8.8.8.8:8   TYPE any
    CLIENTSIDE 10.10.70.110:43809 <-> 8.8.8.8:8
        (pkts,bits) in = (126, 12348)   out = (126, 12348)
    SERVERSIDE 172.28.17.60:43809 <-> 8.8.8.8:8
        (pkts,bits) in = (126, 12348)   out = (126, 12348)
    PROTOCOL icmp   UNIT 1   IDLE 1 (300)   LASTHOP 4094 00:0c:29:96:56:05