Forum Discussion

girishb's avatar
girishb
Icon for Cirrus rankCirrus
Jul 24, 2019

TCPDUMP capture for Performance Virtual Server

Hi Team,

 

We are having issue with VIP which is configured with Performance(Layer 4) Virtual Server.

 

Issue: Application hosted on back-end server is not accessible through VIP. but when we directly try to access the backend server from internal network.. they are able to access..

 

Observation: We suspect that return route from back end server.. we are not sure whether next-hop gateway for route in server is floating IP on f5 or Firewall IP (L3) . That we yet to check WITH server team...(not getting response from back server team)..

 

Meanwhile What I thought is that I can do tcpdump capture on LTM for Performance(Layer 4) Virtual Server (VIP) and try to see something i can find in it.

 

 Do I need to capture tcpdump between Client IP and Backend Server.? or between client IP and VIP IP..?

 

I am unable to understand how to capture the tcpdump for connection flow because tcp session flow for Performance(Layer 4) Virtual Server is different that standard virtual server..?

 

 

 

please help me

application delivery
BIG-IP
LTM
tcpdump
  • girishb's avatar
    girishb
    Icon for Cirrus rankCirrus
    Jul 26, 2019

    Thanks Dario...

     

    I tried with enabling the Automap

    on VIP. But it did not work. .

     

    Also captured the tcpdump.. We

    found that destination server(backend server) is trying to send multiple

    re-transmission SYN-ACK packets as its not receiving ACK packet for SYN-ACK

    packets and finally session ending with RST packet from backend server..

     

    We suspect that reverse route

    from F5 LTM to back source (client) is having issue. We are checking with

    firewall team and also network team to check path

    • Dario_Garrido's avatar
      Dario_Garrido
      Icon for MVP rankMVP
      Jul 26, 2019

      If auto-map is not working, this could be because you are filtering the source IP in one of your firewalls.

       

      Also, take into account that if your SYN-ACK is not reaching your client this could be because your response is sending to the client using a different path (asymmetric traffic) which could be filtering by spoofing in your firewall.

       

      The better way to troubleshoot this is to use tcpdump in any other devices trying to figure out the current path.

       

      BTW, if my last answer was helpful, please remember to set it as "the best" or give me some upvotes.

       

      KR,

      Dario.