cgnat
13 TopicsDoes anyone did traffic logging?
Hi guys I`m searching method which can logging or inspecting traffic information. Target license are LTM and CGNAT. I have looking for Telemetry streaming but that seems providing sampling information. I need full traffic information not sampling data. also don`t need mirroring. I think using i-Rule with HSL can be a method but I`m wondering how much traffic can be logging. -> how much means about CPS 150K. -> and BIGIP`s disk can be able to hold the logs.Solved899Views0likes6CommentsBIG-IP CGNAT - v15 - PBA periodic block refresh logs
Hellos Devs! I read on v15.0.0 release notes that you could now send periodic block refresh logs. https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-bigip-15-0-0.html "CGNAT: Port Block Allocation periodic block refresh logs This release includes a new logging option that logs Port Block Allocation (PBA) block periodically with a configurable refresh time" I tryed to find this option on the GUI and CLI but I just can't find it. Even tryed on v15.1.0. Does anybody knows where it is hidden? Thanks, RafaelSolved599Views0likes5CommentsBIG-IP CGNAT - VLAN CMP Hash
Hello Devs! How is everybody doing? I'm trying to wrap my head around a requirement for the CGNAT module. Currently, it's mandatory that, for the CGNAT using PBA LSN pools, that the ingress VLAN uses the VLAN CMP hash as source address and the egress VLAN uses destination as the cmp hash. I understand what the CMP hash does but on an environment where the BIG-IP is the CGNAT device and routes to the internet, every time a new client connects, it will use ephemeral ports as the source and different destination IPs as the destination, so the default cmp hash would/should do the trick. But if I don't set the cmp hash correctly, I get some error on /var/lo/ltm. Feb 6 14:54:01 bigip1 err tmm[31839]: 01670024:3: Unsupported DAG mode for LSN pool(/Common/lsn_pool_rd10) mode PBA on interface /Common/F5_BACKBONE Feb 6 14:54:53 bigip1 err tmm[31839]: 01670024:3: Unsupported DAG mode for LSN pool(/Common/lsn_pool_rd10) mode PBA on interface /Common/F5_BACKBONE I just wanted to understand the why of this. Thanks, Rafael.560Views0likes2CommentsTMM memory leaking due to log publisher configuration
Hi dears I use F5 CGNAT module and I define a log publisher on F5 for remote logging. I have memory leaking problem: tmm memory increase during the time. F5 version: 14.1.2.3 picture1: https://ibb.co/YDN88Bz After analyzing "show sys memory" output we notice that memory leaking is because of Log profile: picture2: https://ibb.co/4m3snGt For troubleshooting I look at logs in tmm using "# cat /var/log/tmm" and notice that there are a lot of logs telling here is a problem with publisher: # cat /var/log/tmm <13> Jul 7 03:51:24 slot1/f5-one notice alg_hs_log_alg_event/1190: errdefs publisher log failure <13> Jul 7 03:51:24 slot1/f5-one notice alg_hs_log_alg_event/1190: errdefs publisher log failure <13> Jul 7 03:51:24 slot1/f5-one notice alg_hs_log_alg_event/1190: errdefs publisher log failure . . Now the question is: How can I analyze these logs and find solution for tmm memory leaking? Any one knows "logger" tool ? or Someone has encountered this problem before? We have this problem for a long time. And it has not been resolved by updating the version. picture3: https://ibb.co/R9dYLdM picture4: https://ibb.co/nfYJvd0 Sys::Provision ModuleCPU (%)Memory (MB)Host-Memory (MB)Disk (MB) --------------------------------------------------------- afm0000 am0000 apm0000 asm0000 avr118887687800 dos0000 fps0000 gtm0000 host10200300527856 ilx10121020 lc0000 ltm1000 pem0000 sslo0000 swg0000 tmos87424787000 urldb0000 vcmp0000 thanks.516Views0likes0CommentsCGNAT and IP forwarding Simultaneously for exception flows
I have scenario according to the diagram using VIPRIOM 2400 platform as CGNAT solution. I'm using CGNAT for translating our clients(SRC: 100.64.0.0/10) for Internet access. In our regular scenario F5 box translate client address for both Internet access and our internal servers. Now we have a situation where we need our clients connected to an internal web-server(172.16.1.1) with their actual IP address(100.64.0.0/10)). for this purpose I created two 'IP forwarding' matching web-server IP address in each direction. the point is I've Created CGNAT virtual server for Internet access and LTM Virtual server for matching traffic to/from local web server. Clients Internet access which works without any problem. but It seems web-server virtual server doesn't match with any traffic. ltm virtual CGNAT-BRAS--ACCESS-01 { description CGNAT-BRAS--ACCESS-01 destination 0.0.0.0%101:any mask any profiles { CGNAT-L4 { } } source 100.64.0.0%101/10 source-address-translation { pool CGNAT-ACCESS-01 type lsn } translate-address disabled translate-port disabled vlans { VLAN-40 } vlans-enabled vs-index 26 } ltm profile fastl4 CGNAT-L4 { app-service none defaults-from fastL4 loose-close enabled loose-initialization enabled reassemble-fragments enabled reset-on-timeout disabled } ltm virtual local-web-forwarding-client-side { destination 172.16.1.1%101:any l2-forward mask 255.255.255.255 profiles { Forwarding_VS { } } source 100.64.0.0%101/10 translate-address enabled translate-port disabled vlans { VLAN-40 } vlans-enabled vs-index 46 } ltm virtual local-web-forwarding-network-side { destination 100.64.0.0%101:any ip-forward mask 255.192.0.0 profiles { Forwarding_VS { } } source 172.16.1.1%101/32 translate-address disabled translate-port disabled vlans { VLAN-41 } vlans-enabled vs-index 47 } ltm profile fastl4 Forwarding_VS { app-service none defaults-from fastL4 idle-timeout 300 loose-initialization enabled reset-on-timeout disabled }472Views0likes0CommentsProblem between F5 CGNAT and Graylog Server
Dear F5 Community, I have F5 model Model: BIG-IP i7600 with version: Version: 14.1.0.3 Build 0.0.6 running as CGNAT. And I installed Graylog server version: 3.0 free edition to receive the LSN CGNAT logs. I followed document below to send the CGNAT logs from F5 CGNAT to the Graylog server as HSL, but Graylog can not receive the CGNAT logs from F5. https://techdocs.f5.com/en-us/bigip-14-0-0/big-ip-cgnat-implementations-14-0-0/using-cgnat-logging-and-subscriber-traceability.html Everyone used to have such experience? and how to solve the issue? Please kindly advise. Thank you.442Views0likes2CommentsDoes anyone did traffic logging?
Hi guys I`m searching method which can logging or inspecting traffic information. Target license are LTM and CGNAT. I have looking for Telemetry streaming but that seems providing sampling information. I need full traffic information not sampling data. also don`t need mirroring. I think using i-Rule with HSL can be a method but I`m wondering how much traffic can be logging. -> how much means about CPS 150K. -> and BIGIP`s disk can be able to hold the logs.317Views0likes1CommentBIG-IP CGNAT Module - General Questions
Hello Devs! We're deploying a high performance VE running only the CGNAT module. Our client asked some tricky questions that I could not find the answer on the documentation. Could you guys have a try at them? We are running v14.1.0. 1- On the LSN pool, running on PBA mode, when you configure the member prefix IPs as a /24 for example, how does the BIG-IP chooses which IP to use under the prefix? Is it random? Is there some rule? For example: ltm lsn-pool pool_CGNAT_GPON-4711 { egress-interfaces { VLAN889_TRANSITO-OUT-GPON } egress-interfaces-enabled members { 200.200.200.0%4712/24 } mode pba port-block-allocation { block-idle-timeout 900 block-size 512 client-block-limit 2 } route-advertisement enabled } In this example, which IP would the first client be translated to? 200.200.200.1? 200.200.200.5? What I saw so far is pretty much random, but I don't know if the subscriber internal IPs plays on some kind of hashing... Any thoughts? 2- What happens if a CGNAT subscriber stays connected and generating steady traffic regarding logs. When the subscriber hits the BIG-IP for the first time, BIG-IP allocates a block for it and logs a LSN-ALLOCATE event. If this same subscriber stays connected and with steady traffic flow (and my pool do not hame a lifetime configured), for many days, we would not see the LSN-RELEASE event log message. Our client wanted to know if there's some kind of update log message, that sends a message every X amount of time, to kind of reiterate that this specific subscriber still have that IP. This is necessary for auditing purposes. Very tricky question, I know. Thanks, Rafael306Views0likes1CommentDifferences between standalone CGNAT module vs LTM + CGNAT?
Hi all as I see the F5 has standalone license for it's CGNAT module and my question is what is the limitation of having CGNAT standalone module without the LTM license. does the CGNAT module contain load balancing offered by ltm or not. Thanks in advance300Views0likes1CommentCGNAT PBA logging with BIG-IP VE
I am troubleshooting a CGNAT implementation on a BIG-IP VE instance. The LSN Pool is configured to use Port Block Allocation (PBA) but NAT transactions are being logged in NAPT mode. Does anyone know for sure that PBA logging is supported on the VE platform? thanks!283Views0likes1Comment