Forum Discussion

Muhammad_Irfan1's avatar
Nov 07, 2014

Logs have pool member ip as client ip. WHY?

I have one virtual server which is load balancing and have an ip of 10.50.171.5(external vlan). Pool members are 10.50.169.14, 10.50.169.16.

Now the problem is that when i attach iRule for logging on remote syslog server with VS.

when CLIENT_ACCEPTED {
log 10.50.242.239 local0.info "Client Connected, IP: [IP::client_addr]" 
}

I start to receive logs on remote syslog server with about 20 logs per second and all logs have the pool member ip as client ip. WHY? Although there is not traffic yet from outside and not one is dialing 10.50.171.5. It inline configuration and VLAN GROUP is enable.

Please help

  • Your rule looks OK. Are you sure the pool member really isn't hitting the virtual server 20+ times a second and the logs are completely accurate?

     

    • Muhammad_Irfan1's avatar
      Muhammad_Irfan1
      Icon for Cirrus rankCirrus
      Yes i am sure that no pool member is hitting VS. (Internal vlan) Pool member 10.50.169.14 Gateway 10.50.169.1(F5 self ip) (External vlan) VS 10.50.171.5 . If the request is initiated from pool member will use default route to get out of F5 through external vlan.
    • mimlo_61970's avatar
      mimlo_61970
      Icon for Cumulonimbus rankCumulonimbus
      Ok. IP::client_addr should return the IP of the client. I have used it quite regularly and have never seen the behavior you are describing.
    • Muhammad_Irfan1's avatar
      Muhammad_Irfan1
      Icon for Cirrus rankCirrus
      Sorry, Actually i am using F5 for both siebel and tibco load balancing and few tibco load balancing pool were generating connections with Fault tolerance pool of tibco thats why i was getting logs and client ip of pool members of VS in another... Sorry again
  • kunjan's avatar
    kunjan
    Icon for Nimbostratus rankNimbostratus

    May be should do a tcpdump on the external vlan with host filter.

     

    tcpdump -ni external host 10.50.171.5