View NAT / SNAT Sessions

Indeed the NAT commands won't give you anything.

You have two options;

• show sys connection ss-client-addr x.x.x.x

  (not cs-client-addr as you did)

• show ltm virtual 'name' | grep Current

  (this will tell you how many current connection there are clientside and you can assume there are at least this many connections using SNAT serverside, or less if you are using OneConnect)

Thanks I am now starting to get some figures e.g.

(tmos) sho ltm virtual api_HTTP80 | grep Current
Current Connections                    15.0K          0        -`

but if I do:

sho sys connection ss-client-addr 10.2.80.201
Sys::Connections
Total records returned: 0

When running a little script on 10.2.80.201 that generates 3k http requests so I am wondering if I am a little confused on the definitions - as the clients making a connection to the VS, they are actually considered to be server side before they hit the VS?

I will give that go in the morning, peak time now.

I also found this on my travels that helps explain a few things regarding the perspective of the cs-client-addr etc commands:

link text

Hi,

Been doing a little more digging on this subject "show sys conn" does show thousands of connections and I'm pretty sure that the figure of 15K above from

sho ltm virtual api_HTTP80 | grep Current

isn't the SNAT sessions because if I then carry out the same on a high traffic VS I get a figure of

  sho ltm virtual ad_HTTP80 | grep Current
  Current Connections                   100.2K          0        -

And SNAT is definitely not enabled in any shape or form on that VS!

I have been playing about with "sho sys connection ss-server-addr 172.22.0.129%2" etc etc (previously was missing the route domain suffix, doh!) and that's now looking at bit more useful.

I think I will enable SNAT pool to test and see how many connections I get specifically on that IP see if that 15K that can be validated in some way.