06-20-2014 03:36 PM
HIi,
Need some help in finding a command that show what Real server gets the request from a client when Hit a VIP on the ACE.
The Request is a UDP DNS lookup. The command that is used for TCP does not show the same results for the UDP packets.
Command - show np 1 me-stats"-c 272437 -v" == Does not show any information on which Real server the traffic is directed to.
Is there such a command that can be used for UDP packets to see what Real server is responding to the request.
Thanks
06-20-2014 04:30 PM
Hi,
You are right. That command won't work for UDP connections. The only way to see is using the command:
switch/Admin# show conn
conn-id np dir proto vlan source destination state
----------+--+---+-----+----+---------------------+---------------------+------+
47515 1 in UDP 5 10.86.212.33:1033 1x.xx.xx.xx:xxx --
50489 1 out UDP 5 10.86.xx.xx :xxx 10.xx.xx.xx :xxx --
In the OUT section you should see the details you are looking for. You can also filter on the basis of protocol, port and ip address using sh conn protocol udp, sh conn port xx, show conn address etc
Let me know if you have any questions.
Regards,
Kanwal
NOTE: Please mark if it helps.
06-21-2014 11:16 AM
Hi
Thanks for the input Kanwal.
I have looked at the command you have mentioned but when there are 60000 connections in the connection table, it is pretty impossible to pair up the front side In and Out with the backside In and Out. Also the 60000 connections are for the same destination port and when the ACE makes a connection to the real server it uses a different source port but the same destination port so can't trace it based on ports.
Is there any other command that would use the Connection ID to tie both the frontend and the Backend communications together in one output to show you what VIP is hit and what real server has responded for the request?
Thanks
06-23-2014 12:04 PM
Hi,
I don't see any other way. I have tried looking but couldn't find anything. May i ask why do you need to do this? You can filter on client IP and see the front end and back end connections but if you have source NAT then it would be a problem. If client IP is being forwarded to the server, even if port is changed, client IP is forwarded to the server if no NAT is applied.
Regards,
Kanwal
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide