Forum Discussion
Raj_57800
Nimbostratus
NimbostratusSNAT Table
I created a SNAT rule and accidently provided the wrong transalation IP address.
I corrected the same and found all my new connections take the new IP address. But the old connection still take the 1st IP address for transalation.
I tried clearing the arp brom the LTM and no luck. Any Idea what I should clear.
Raj
5 Replies
hoolioCirrostratus
Hi Raj,
You'd want to clear the corresponding connection table entries. You can check the help using 'b conn help'. If you clarify which LTM version you're running, I can try to give you an example for deleting only the errant SNAT address entries.
Aaron
Raj_57800Version is 9.3.1. I wanted only the connection which made through SNAT to be cleared.
b conn delete -- this didn't helped.
raj- hoolioIn later versions there are more options for filtering which connections to match with 'b conn'. In 9.3.1, the most specific option I can think of would be to delete all the connections associated with the VIP:
b conn virtual 10.1.1.1:80 delete
I'm not sure if there is a simple way to get just the connections that were using the wrong SNAT address. I suppose you could get a list of all connections using 'b conn protocol tcp show all' and then parse that for client IP:port and remove those individually with a shell script. Anyone else have ideas?
Aaron - Raj_57800Hi Aaron,
The command worked perfect and I was able to clear the connection. Thanks.
I have one more question, is the any way to set a time for clearing the connection?
Raj - hoolioThe idle timeout per VIP is defined in the TCP profile. The default is 300 seconds. There is also an idle timeout on SNATs to consider:
SOL7606: Overview of BIG-IP LTM idle session timeouts
https://support.f5.com/kb/en-us/solutions/public/7000/600/sol7606.html
Aaron
