robert_blair_75
Nov 05, 2009Nimbostratus
Monitoring Traffic?
I am running Big-ip 9.4.8
Setup:
ExternalA network:
- 10.10.10.0/24
ExternalB network:
- 20.20.20.0/24
Internal network:
- 30.30.30.0/24
Default_gateway_virtual_server
- Network: 0.0.0.0
- Pool: default_gateway_pool
- SNAT: Automap
Pool: Default_gateway_pool
-members: 10.10.10.1 & 20.20.20.1
Floating Self ip:
- 10.10.10.5
- 20.20.20.5
- 30.30.30.5
Virtual Server
- Ip: 10.10.10.100
- Pool: webserver
- Disabled
Virtual Server
- Ip: 20.20.20.100
- Pool: webserver
- Disabled
Pool: webserver
- node: 30.30.30.100
- no monitors on pool or members.
I am seeing some interesting traffic via TCPdump:
- Using TCPdump on the external vlans; I am seeing traffic from both external self ips (10.10.10.5 and 20.20.20.5) to the virtual servers 10.10.10.100 & 20.20.20.100 with a variety of ports (I assume this due to SNAT).
- TCPDump does not show the destination host traffic on the internal vlan.
- Found “Inet port exhaustion on 20.20.20.5 to 20.20.20.100:445 proto 6” in the local traffic log.
- Found “Inet port exhaustion on 10.10.10.5 to 10.10.10.100:1433 proto 6” in the local traffic log.
The monitors I do have defined are monitoring the internal ips 30.30.30.x, It appears that the Bigip is generating this traffic but I do not see why? Any insight would be great…