Forum Discussion

Anju's avatar
Anju
Icon for Altostratus rankAltostratus
Dec 20, 2019

Real-time connection

Looking for a CLI command to check real-time connection for a particular VIP on F5. Tried 'tmsh show sys connection cs-server-addr x.x.x.x' its not showing anything, if I check 'tmsh show sys connection | grep VIP ' its showing the connection on VIP. None of the client side or server side addresses' commands are working for show sys connection, what could be the reason? I could grep with VIP / Pool member IP or but cannot use direct client side or server side command as its not showing any record, although, i have admin privileges, not sure why couldn't i see the connection, am i doing anything wrong? Also, would like to understand the difference between both these commands. Any input will be greatly appreciated.

 

TIA.

  • Not sure what is wrong when you are doing, but it works fine on my lab:

    [root@LABBIGIP2:Active:Disconnected] config # tmsh show sys connection cs-server-addr 172.20.0.101
    Sys::Connections
    172.20.0.10:52965  172.20.0.101:80  172.19.0.5:52965  172.19.0.6:80  tcp  0  (tmm: 3)  none  none
    Total records returned: 1
    [root@LABBIGIP2:Active:Disconnected] config # tmsh show sys connection | grep -F "172.20.0.101"
    172.20.0.10:52965  172.20.0.101:80  172.19.0.5:52965  172.19.0.6:80  tcp  1  (tmm: 3)  none  none
    [root@LABBIGIP2:Active:Disconnected] config #

    cs = client side = connection side between the client and F5.

    ss = server side = connection side between the F5 and server.

    In my example:

    cs-client-addr = 172.20.0.10

    cs-server-addr = 172.20.0.101

    ss-client-addr = 172.19.0.5

    ss-server-addr = 172.19.0.6

    Same idea applies if you are using the port instead of addr.

    • Anju's avatar
      Anju
      Icon for Altostratus rankAltostratus

      ya, the same I am trying to figure out, only cs-server-port and ss-server-port commands are working for me, i tried all of it. No luck. Initially, I thought it might be due to the apps created via iApps template, but other ones are not working either.

       

      What does -F do?

       

      Thanks for trying it in your lab. I need to figure out why its not working for me.

  • M_2's avatar
    M_2
    Icon for Altocumulus rankAltocumulus

    Thats grep options , you can use man grep to see the options and their description.

    • Anju's avatar
      Anju
      Icon for Altostratus rankAltostratus

      Not clear with your response though. can you please specify the command?

       

  • M@rk suggested that you can use:

    man grep

    It lists the options grep uses.

    This works the majority of the Linux commands.

    The -F is to make sure grep does not uses regular expressions, so treats the text as string only, in regular expression the dot means any character.

    This was because the ipv4 address, but unlike to make any difference in this case, just good practice.

    If you can paste here the configuration of one of the virtual server you are trying to list the connection, and the output of the cli showing your attempts, I can try to figure out why is not working.

    To show the virtual server configuration via cli:

    tmsh list ltm virtual <virtual server name>
    • Anju's avatar
      Anju
      Icon for Altostratus rankAltostratus

      Tried the 'man grep' command, its not working and giving the syntax error - Syntax Error: "man", grep is currently the only filter that is supported.

       

      (tmos)# list ltm virtual XYZ.app/

      01020036:3: The requested Virtual Server (/PARTITION/XYZ.app) was not found.

       

      (tmos)# show sys connection cs-server-addr ?

      Specifies the clientside local address of the active connections. Subnets are supported.

       

      Tried seeing connections for lot of VIPs, here is the output of what I get -

      (tmos)# show sys connection cs-server-addr x.x.x.x

      Sys::Connections

      Total records returned: 0

       

      If I do grep using the same IP - x.x.x.x , it displays the complete output for first 1K connections

      (tmos)# show sys connection | grep x.x.x.x

       

      Really display 1000 connections? (y/n) y

       

       

      Its working for the ports i tried few of them -

      (tmos)# show sys connection cs-server-port 80

      Sys::Connections

      .

      .

      .

      Total records returned: 52

       

      (tmos)# show sys connection cs-server-port 443

      Sys::Connections

      .

      .

      Total records returned: 537

       

      So, wondering why isn't it working for the VIPs ? Any idea?

       

       

       

  • if you want to watch real time connection

    you would rather typing below command at shell

    watch -n1 tmsh show sys connection [cs-server-addr] [ip address]

  • If using the grep command you can filter the IP you want, and that IP equals to the virtual server IP, it should show if you specify it as cs-server-addr.

    As it is not showing, you need to open a ticket with F5 support, to see if there is any known issue for the version you are using.

     

    In relation to the man grep command, you need to run it from bash.

    You ran it in tmsh that is the F5 shell, you need to run it on bash that is Linux shell.

    If your user has access to bash, just type bash in tmsh.

     

    About the second command, if you are listing an iApp, you need to specify the full path to the virtual server.

    You need to read about iApps to understand that, he is an article about iApps:

    https://devcentral.f5.com/s/articles/getting-started-with-iapps-a-conceptual-overview-20524