tcpdump and route domains

Question

anyone with some actual experience with tcpdump and route domains?&nbsp;
according to sol i should capture in route domain 0 with -i 0.0 and see traffic from the route domain. but i certainly am missing traffic, specially traffic initiated by APM (for auth).&nbsp;

vernonwells · Answer

0.0 is the internal interface between the switch plane and the control/management plane, so all traffic not accelerated by hardware should traverse this interface, regardless of route domain.  However, tcpdump will discard packets if the rate is sufficiently high (and, in fact, the rate doesn't need to be all that high for it to do so).  Are you seeing some of the expected packets, or none of them?  If it is some, I'd guess the missing packets are a function of tcpdump's normal behavior.&nbsp;

mikehouse_35079 · Answer

have you tried mgmt interface? or are you able to see this traffic in that specific route domain?&nbsp;

boneyard · Answer

thank you vernon.&nbsp;
did some more testing myself and was able to capture fine from route domain 0 in another route domain with tcpdump -nn -i /partion/vlan_interface_name&nbsp;
this was with 11.4.0 on a VE, where my previous test was on a hardware big-ip.&nbsp;
so im kinda doubting what i saw before.&nbsp;

Forum Discussion

tcpdump and route domains

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

FQDN nodes in non-default route domains

8. SYN Cookie: Troubleshooting tcpdump

How to find route domain OID

Decrypting TLS with the tcpdump sslprovider

v.10 - A Look at Route Domains

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS