Skip to content

BIG-IP で TMSH からコネクション状態を確認する

BIG-IP での現在のコネクション状態は、v9 までは bash 上から "b conn show" で、v10 以降は左記の方法に加えて TMSH 上から "show / sys connection" で、確認することが出来ます。

bash 上から現在のコネクション状態を確認する(b conn show)

以下は "b conn" コマンドに関して、man からの引用です。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# b conn show
CONN(1)                          BIG-IP Manual                         CONN(1)

NAME
       conn command - Displays, deletes, or sets idle timeout for active connections on the BIG-IP system.

SYNTAX
       Use this command to display, delete, or set idle timeout for active connections on the BIG-IP system.

CREATE/MODIFY
        bigpipe conn (<conn key> | all) [{] <conn arg list> [}]
          <conn key> ::=
             [client (<ip addr> | <member>)] \
                [server (<ip addr> | <member>)] \
                [ss client (<ip addr> | <member>)] \
                [ss server (<ip addr> | <member>)] \
                [(any | local | mirror)] \
                [protocol <protocol>] \
                [age <number>]
          <conn arg> ::=
             idle timeout (<number> | immediate | indefinite)

DISPLAY
        bigpipe conn [<conn key> | all] [show [all]]
        bigpipe conn (<conn key> | all) age [show]
        bigpipe conn (<conn key> | all) client [show]
        bigpipe conn (<conn key> | all) idle timeout [show]
        bigpipe conn (<conn key> | all) protocol [show]
        bigpipe conn (<conn key> | all) server [show]
        bigpipe conn (<conn key> | all) ss client [show]
        bigpipe conn (<conn key> | all) ss server [show]

DELETE
        bigpipe conn (<conn key> | all) delete

DESCRIPTION
       The connection command displays the current connections on the BIG-IP system, sets the idle timeout for a connection, or deletes the L4 connection.

       If no port or service is specified, all connections with the client-side source matching just the IP address are deleted. If no address is given, all connections including
       mirrored connections are deleted.

EXAMPLES
       bigpipe conn all show
            Shows basic connection information for all connections.

       bigpipe conn all show all
            Shows verbose connection information for all connections.

       bigpipe conn all idle timeout 1200
            Sets the idle timeout interval for all connections to 1200 (20 minutes).

       bigpipe conn client 10.0.0.1 server any:80 ss server 192.168.0.1 show
            Shows basic connection information for connections, each of which matches all of the following criteria: Clientside host at IP address 10.0.0.1, through port 80 on any
            address on the BIG-IP, to the serverside host at 192.168.0.1.

            Note: If you specify multiple <conn key> arguments, they must be in the order shown in the SYNTAX section.

OPTIONS
       age  Specifies the age, in seconds, that a connection has been idle.

       client
            Specifies the remote endpoint of the client-side connection.

       idle timeout
            Specifies the interval, in seconds, that a connection can remain idle before the system closes the connection.

       protocol
            Specifies the protocol used for specified connections (for example: tcp, udp, and other L4 protocols).

       server

       protocol
            Specifies the protocol used for specified connections (for example: tcp, udp, and other L4 protocols).

       server
            Specifies the local endpoint of the client-side connection.

       ss client
            Specifies the local endpoint of the server-side connection.

       ss server
            Specifies the remote endpoint of the server-side connection.

SEE ALSO
       bigpipe(1)

COPYRIGHT
       No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or information storage and
       retrieval systems, for any purpose other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 1996-2009. All rights reserved.

BIG-IP                            2009-07-27                           CONN(1)

以下は実際の実行例です。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
# b conn show
192.168.1.26:49880 <-> 192.168.1.31:ssh <-> 192.168.1.31:ssh   tcp 1/0
192.168.1.26:49891 <-> 192.168.1.77:http <-> 192.168.2.102:http   tcp 1/0
192.168.1.26:49893 <-> 192.168.1.31:https <-> 192.168.1.31:https   tcp 1/0
192.168.1.26:49894 <-> 192.168.1.77:http <-> 192.168.2.101:http   tcp 1/0
192.168.2.31:341 <-> any%65535 <-> 192.168.2.103:8   icmp 1/0
192.168.2.31:13629 <-> any%65535 <-> 192.168.2.102:8   icmp 1/0
192.168.2.31:52134 <-> any%65535 <-> 192.168.2.101:8   icmp 1/0
192.168.2.31:54633 <-> any%65535 <-> 192.168.2.103:8   icmp 1/0
192.168.2.31:55792 <-> any%65535 <-> 192.168.2.101:8   icmp 1/0
192.168.2.31:57300 <-> any%65535 <-> 192.168.2.102:8   icmp 1/0

TMSH 上から現在のコネクション状態を確認する(show / sys connection)

TMSH 上からは "show / sys connection" コマンドで現在のコネクション状態を確認することが出来ます。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
(tmos)# show / sys connection
Sys::Connections
192.168.2.31:57307  192.168.2.102:8  192.168.2.102:8  icmp  0
192.168.2.31:12210  192.168.2.103:8  192.168.2.103:8  icmp  0
192.168.1.26:49677  192.168.1.31:22   192.168.1.31:22   tcp  0
192.168.1.26:49828  192.168.1.31:443  192.168.1.31:443  tcp  0
192.168.2.31:1485   192.168.2.101:8  192.168.2.101:8  icmp  0
192.168.2.31:65389  192.168.2.103:8  192.168.2.103:8  icmp  0
192.168.2.31:8678   192.168.2.101:8  192.168.2.101:8  icmp  0
192.168.2.31:1971  192.168.2.102:8  192.168.2.102:8  icmp  0
192.168.2.31:44347  192.168.2.102:8  192.168.2.102:8  icmp  0
192.168.1.26:49813  192.168.1.77:80  192.168.2.101:80  tcp  0
192.168.1.26:49826  192.168.1.77:80  192.168.2.103:80  tcp  0
Total records returned: 11

アドレス(や、ポート、プロトコル等)の条件を付けて、表示するコネクションを制限することも出来ます。アドレスは "cs-client-addr"、"cs-server-addr"、"ss-server-addr" のみっつに分けて考え、それぞれ下記のポイントを意味します。

file

クライアント側のアドレス(cs-client-addr)を絞ってコネクション状態を表示させた例です。

1
2
3
4
5
6
(tmos)# show / sys connection cs-client-addr 192.168.1.26
Sys::Connections
192.168.1.26:51122  192.168.1.31:22  192.168.1.31:22  tcp  0
192.168.1.26:51120  192.168.1.77:80  192.168.2.102:80  tcp  0
192.168.1.26:51121  192.168.1.77:80  192.168.2.103:80  tcp  0
Total records returned: 3

クライアントから見たサーバアドレス(cs-server-addr、つまり Virtual Server のアドレス)を絞ってコネクション状態を表示させた例です。

1
2
3
4
(tmos)# show / sys connection cs-server-addr 192.168.1.77
Sys::Connections
192.168.1.26:51120  192.168.1.77:80  192.168.2.102:80  tcp  0
Total records returned: 1

BIG-IP から見たサーバ(ss-server-addr、つまり Member)を絞ってコネクション状態を表示させた例です。

1
2
3
4
5
6
(tmos)# show / sys connection ss-server-addr 192.168.2.102
Sys::Connections
192.168.1.26:51120  192.168.1.77:80  192.168.2.102:80  tcp  0
192.168.2.31:51113  192.168.2.102:8  192.168.2.102:8  icmp  0
192.168.2.31:53238  192.168.2.102:8  192.168.2.102:8  icmp  0
Total records returned: 3