Scribd
Upload
100 views2 pages

F5

This document provides instructions for troubleshooting connection issues by capturing packet traces and session logs on a BIG-IP device. It involves enabling TCP RST logging, creating an iRule to log session details for a specific client IP, starting a packet capture, reproducing the issue, fetching a QKView file, and retrieving the logs for analysis.

Uploaded by

Mubashir Farooq
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
100 views2 pages

F5

This document provides instructions for troubleshooting connection issues by capturing packet traces and session logs on a BIG-IP device. It involves enabling TCP RST logging, creating an iRule to log session details for a specific client IP, starting a packet capture, reproducing the issue, fetching a QKView file, and retrieving the logs for analysis.

Uploaded by

Mubashir Farooq
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

1XX Informational

2XX Success
3XX Redirectional
4XX Client Error
5XX Server Error

modify /net vlan <vlan_name> interfaces replace-all-with { <interface> }


modify /net vlan test-vlan interfaces replace-all-with { 1.3 }

create /net vlan <vlan_name> interfaces add { <interface> { tagged }} tag


<vlan_tag>
create /net vlan test-vlan interfaces add { 1.1 { tagged }} tag 4093

modify /net vlan <vlan_name> interfaces replace-all-with { <interface> { tagged }}


tag <vlan_tag>
modify /net vlan test-vlan interfaces replace-all-with { 1.3 { tagged }} tag 4093

# tcpdump -ni 0.0:nnn -s0 -w /var/tmp/vs_db.pcap host <vip_ip> or host


<pool_member1_ip> or host <pool_member2_ip>

Set the desired configuration (offload or any other option) to the VS_NAME

1) Enable TCP RST cause on the BIG-IP --> tmsh modify sys db tm.rstcause.pkt value
enable

2) Since the traffic is encrypted with SSL, then you will need to create an iRule
such as below.

when CLIENTSSL_HANDSHAKE
{
if { [clientside {IP::remote_addr}] equals xxx.xxx.xxx.xxx }
{ log local0. "[TCP::client_port] :: RSA Session-ID:[SSL::sessionid] Master-
Key:[SSL::sessionsecret]" } }

when SERVERSSL_HANDSHAKE {
if { [clientside {IP::remote_addr}] equals xxx.xxx.xxx.xxx }
{ log local0. "[TCP::client_port] :: RSA Session-ID:[SSL::sessionid]
Master-Key:[SSL::sessionsecret]" } }

Note 1: change xxx.xxx.xxx.xxx with the client IP used to access the Virtual Server
(aka VS_NAME).
Note 2: if you are not using server ssl profile attached to the VS_NAME, you will
be require to remove SERVERSSL_HANDSHAKE, since no suce profile attached to it

3) Attach the iRule to relevant Virtual Server (VS_NAME) in question.

4) Start a packet trace -->


tcpdump -s0 -vnni 0.0:nnnp -c 500000 -w /var/tmp/SR_Number_pcap.pcap host
xxx.xxx.xxx.xxx or host VS_NAME_IP

Note: replace xxx.xxx.xxx.xxx with the correct client IP. This should be the same
as in the iRule on point 2 above.
5) While the trace is running, please reproduce the problem. Once the problem is
seen, stop the trace hitting CTRL+C

6) Fetch a fresh QKview --> qkview -s0 -f /var/tmp/SR_Number_qkview.qkview

7) Stop TCP RST logging --> tmsh modify sys db tm.rstcause.pkt value disable

8) If SSL was in use, then remove decrypt iRule from Virtual Server

9) Using Software such as WinSCP, please fetch below 2x files from the BIG-IP:
- /var/tmp/CASE_NUMBER_pcap.pcap
- /var/tmp/CASE_NUMBER_qkview.qkview

You might also like