Forum Discussion
Tatiana_Titova_
Nimbostratus
NimbostratusSTATISTIC_SERVER_SIDE_CURRENT_CONNECTIONS in IG-IP 12.1.1?
Hello, I have a pool of two pool members in my DNS/GSLB/Pools pool. The routing is based on topology which is based on source IP. My version is BIG-IP 12.1.1. I am using PowerShell GlobalLBPoolV2 commandlet set_member_enabled_state to disable one pool member when I need to do some maintenance on the server. This works fine and new connections are going where I want them to go. How can I determine pro-grammatically that the existing connections have drained out? Looks like in the older version there was STATISTIC_SERVER_SIDE_CURRENT_CONNECTIONS based on this link https://devcentral.f5.com/articles/icontrol-apps-04-graceful-server-shutdown.
I tried calling get_member_statistics, but not sure if the return object has information I need. The goal is to disable pool member and wait for the existing connections to drain.
Dylan_375544Cirrocumulus
There is a pretty good DevCentral post on this HERE but I'll copy/paste the important info which is:
is the basic starting point, but if that's all you specify, you'll see all the connections - which is probably much more output than you want. You need to specify additional information about the endpoints you care about if you want to limit the output. I think of them as filters in a sense - they limit the output to only things that match. The ones I primarily use are:tmsh show sys connectioncs-client-addr - the (client) source IP address on the clientside of the connection
cs-client-port - the (client) source port on the clientside of the connection
cs-server-addr - the (server) destination IP address on the clientside of the connection (i.e. the Virtual Server IP address)
cs-server-port - the (server) destination port on the clientside of the connection (i.e. the Virtual Server port)
ss-client-addr - the (client) source IP address on the serverside of the connection (i.e. the SNAT address)
ss-client-port - the (client) source port on the serverside of the connection (i.e. the SNAT port)
ss-server-addr - the (server) destination IP address on the serverside of the connection (i.e., the Pool Member address)
ss-server-port - the (server) destination port on the serverside of the connection (i.e., the Pool Member port)
You can mix/match these options as necessary to isolate the connections you are interested in. The more pieces of information you specify, the narrower your focus will be, and the smaller your output will become. So for example, this command would show me all connections from client 100.1.1.1, to any Virtual Server assigned address 10.1.1.0, that were load-balanced to Pool Member 192.168.1.1:9999: tmsh show sys conn cs-client-addr 100.1.1.1 cs-server-addr 10.1.1.0 ss-server-addr 192.168.1.1 ss-server-port 9999
I have noticed over multiple TMM releases that the ss-client-addr and ss-client-port do not work, despite being available according to the command help. That was frustrating, since quite often these connection points are very important. However I just confirmed they do work in 11.2.1HF10. So depending on what version you're running, you may not see the SNAT address in the output. I think you can also append the all-properties option which should include that output, like this. Unfortunately, the output is not formatted as nicely: tmsh show sys conn cs-client-addr 100.1.1.1 cs-server-addr 10.1.1.0 ss-server-addr 192.168.1.1 ss-server-port 9999 all-properties
Understanding exactly which points in the connection flow correspond to the cs-client-addr, ss-server-port, etc... options can be very, very helpful in isolating connections in the connection table.
Hope that helps! If it does please up-vote and select this answer, it would be greatly appreciated!
-Dylan
- Dylan_375544
Yes you can use TMSH remotely. Log into the BIG-IP via CLI, then just type
. If you cant do that, and can only use iControl (via commandlets), I think you can just run TMSH commands form there, so they should work normally still.tmsh 
Tatiana_Titova_Hello Dylan, thank you for the reply. Do you know if tmsh can be run remotely? As far as I know I am not allowed to log onto bigip system, I am not admin. I run powershell commandlets remotely from my PC.