tcpdump and route domains

Question

anyone with some actual experience with tcpdump and route domains?&nbsp;
according to sol i should capture in route domain 0 with -i 0.0 and see traffic from the route domain. but i certainly am missing traffic, specially traffic initiated by APM (for auth).&nbsp;

vernonwells · Answer

0.0 is the internal interface between the switch plane and the control/management plane, so all traffic not accelerated by hardware should traverse this interface, regardless of route domain.  However, tcpdump will discard packets if the rate is sufficiently high (and, in fact, the rate doesn't need to be all that high for it to do so).  Are you seeing some of the expected packets, or none of them?  If it is some, I'd guess the missing packets are a function of tcpdump's normal behavior.&nbsp;

mikehouse_35079 · Answer

have you tried mgmt interface? or are you able to see this traffic in that specific route domain?&nbsp;

boneyard · Answer

thank you vernon.&nbsp;
did some more testing myself and was able to capture fine from route domain 0 in another route domain with tcpdump -nn -i /partion/vlan_interface_name&nbsp;
this was with 11.4.0 on a VE, where my previous test was on a hardware big-ip.&nbsp;
so im kinda doubting what i saw before.&nbsp;

Forum Discussion

tcpdump and route domains

3 Replies

Recent Discussions

Hybrid Exchange traffic and Starttls

GCP F5 deployment - Active -Active with config Sync

IP Intelligence

BUG Query

Health Monitor via MGMT (DCDs)

Related Content

FQDN nodes in non-default route domains

F5 Distributed Cloud - Customer Edge Site - Deployment & Routing Options

How to find route domain OID

Packet Analysis with Scapy and tcpdump: Checking Compatibility with F5 SSL Orchestrator

8. SYN Cookie: Troubleshooting tcpdump