Forum Discussion
Raj_57800
Nimbostratus
NimbostratusSNAT Table
I created a SNAT rule and accidently provided the wrong transalation IP address.
I corrected the same and found all my new connections take the new IP address. But the old connection still take the 1st IP address for transalation.
I tried clearing the arp brom the LTM and no luck. Any Idea what I should clear.
Raj
hoolioCirrostratus
Hi Raj,
You'd want to clear the corresponding connection table entries. You can check the help using 'b conn help'. If you clarify which LTM version you're running, I can try to give you an example for deleting only the errant SNAT address entries.
Aaron
Raj_57800Version is 9.3.1. I wanted only the connection which made through SNAT to be cleared.
b conn delete -- this didn't helped.
raj- hoolioIn later versions there are more options for filtering which connections to match with 'b conn'. In 9.3.1, the most specific option I can think of would be to delete all the connections associated with the VIP:
b conn virtual 10.1.1.1:80 delete
I'm not sure if there is a simple way to get just the connections that were using the wrong SNAT address. I suppose you could get a list of all connections using 'b conn protocol tcp show all' and then parse that for client IP:port and remove those individually with a shell script. Anyone else have ideas?
Aaron - Raj_57800Hi Aaron,
The command worked perfect and I was able to clear the connection. Thanks.
I have one more question, is the any way to set a time for clearing the connection?
Raj - hoolioThe idle timeout per VIP is defined in the TCP profile. The default is 300 seconds. There is also an idle timeout on SNATs to consider:
SOL7606: Overview of BIG-IP LTM idle session timeouts
https://support.f5.com/kb/en-us/solutions/public/7000/600/sol7606.html
Aaron