01-Dec-2022 00:36
Hi ,
i am not able to see client IP in the TCP dump .. i see the client IP and LB - VIP only.
but i am able to reach the page , but its not showing server IP in the tcp dump.
below tcp dump co
tcpdump -s0 -nni 0.0:nnnp host 10.10.10.xx and port 443
Solved! Go to Solution.
14-Dec-2022 09:57 - edited 14-Dec-2022 10:00
Hi F5_LB_ENG,
> Answer to: tcpdump -p
Check the KB article Omar2 send you. The -p option does not work for HTTP2.
> Answer to 1.)
No. I dont recommend to used the HTTP MRF Router in Gateway mode. Way too many trouble and limitations.
> Answer to 2.)
I noticed the same. The functionality of the HTTP MRF Router in Gateway mode is somehow pure annoying and causes headaches. But miliage may vary...
> Answer to 3.)
Lots of fixes and also new issues. Some symtoms are only valid for if you use HTTP MRF Router and some are valid if you dont use HTTP MRF Router. I found the problems without using HTTP MRF Router more acceptable so far. Right now I dont have any known issues on my agenda using latest v16.
> Answer to 4.)
Plenty of them. Check the f5 support page and take some time for a reading.
> Answer to 5.)
Use it only for HTTP/2 full-proxy mode (HTTP MRF Router must be enabled in this specific case). Try to avoid the use of iRules or Local Traffic Policies and unnecessary features. Try to run this setup in a clean 1:1 VS->Pool mapping by using VS settings only. Thats probably the best usecase for it right now.
Cheers, Kai
01-Dec-2022 02:19
Hi F5_LB_Eng,
depending on your setup, the client side and server side connection may use different ingress/egress interfaces and/or src_ip and dst_ip combinations. In a typical SNAT enabled deployment you will see two connections...
CLIENT_IP -> VS_IP || SNAT_IP -> SERVER_IP
You may try to capture the traffic with a more specific expression including the client-connection as well as server-connection...
~ # tcpdump -s0 -nni 0.0:nnnp '(host 1.1.1.1 and host 2.2.2.2 and port 443) or (host 3.3.3.3 and host 4.4.4.4 and port 443)'
Cheers, Kai
12-Dec-2022 18:14
Hello,
This happened when for example you have an i-rule to select between different pools "different dest IP combination" and the solution is to set the host addresses or other details specific to the peers as the KB below:
14-Dec-2022 00:42
Hi ,
thanks for you reply..
the issue is tcpdump -p does not catch server-side traffic in HTTP/2 Gateway-mode
i see the traffic from client to lb and it doest catch server side traffic
1. Can the profile "httprouter" safely used in HTTP/2 Gateway-mode in Rel. 16.1.x?
2. Because we observed a lot of bugs when profile "httprouter" was redundantly used in http/2 Gateway-Mode.
3. Were there any change in usage of profile "httprouter" in Rel. 16.1.x compared to Rel. 15.1.x?
4. Is this behavior a SW-bug?
5. On what condition we need to use httprouter in the profile ..
14-Dec-2022 00:43
if we add the httprouter in the profile i can see the server side IP in the tcp dump
14-Dec-2022 09:57 - edited 14-Dec-2022 10:00
Hi F5_LB_ENG,
> Answer to: tcpdump -p
Check the KB article Omar2 send you. The -p option does not work for HTTP2.
> Answer to 1.)
No. I dont recommend to used the HTTP MRF Router in Gateway mode. Way too many trouble and limitations.
> Answer to 2.)
I noticed the same. The functionality of the HTTP MRF Router in Gateway mode is somehow pure annoying and causes headaches. But miliage may vary...
> Answer to 3.)
Lots of fixes and also new issues. Some symtoms are only valid for if you use HTTP MRF Router and some are valid if you dont use HTTP MRF Router. I found the problems without using HTTP MRF Router more acceptable so far. Right now I dont have any known issues on my agenda using latest v16.
> Answer to 4.)
Plenty of them. Check the f5 support page and take some time for a reading.
> Answer to 5.)
Use it only for HTTP/2 full-proxy mode (HTTP MRF Router must be enabled in this specific case). Try to avoid the use of iRules or Local Traffic Policies and unnecessary features. Try to run this setup in a clean 1:1 VS->Pool mapping by using VS settings only. Thats probably the best usecase for it right now.
Cheers, Kai