[cisco-voip] Issues going thru F5 to UCMUser page

Peter Slow peter.slow at gmail.com
Mon May 12 16:52:16 EDT 2014 

nevermind, i missed a message. ....What Brian said. exactly what he
said actually, regarding both side of the F5 for the PCAP.

...On a different and less embarassing note, I have the specific
commands you need on the F5 to take simultaneous PCAPs from two
interfaces and record them in a format exportable to wireshark; a
thing i had difficulty doing through the F5 admin GUI. (the necessary
flags didnt seem to get passed to tcpdump when using the GUI.

In an attempt to redeem myself and make your life easier, I'm posting
them here for you.

These are actual instructions for obtaining the packet captures from
the F5 during testing, prepared so that anyone can follow them.

[pslow at f5int:Active] ~ #
[pslow at f5int:Active] ~ # tcpdump -i internal_16 -s65534 -nS -w
internal16-testX-$(date +$a%b%d-%Y-%Hh%Mm%Ssec).pcap &   <AND THEN HIT
ENTER ...Then hit it a couple more times (5 should be fine ;)>
[1] 3124
[pslow at f5int:Active] ~ # tcpdump: listening on internal_16

[pslow at f5int:Active] ~ #
[pslow at f5int:Active] ~ #
[pslow at f5int:Active] ~ # tcpdump -i external_101 -s65534 -nS -w
ext101-testX-$(date +$a%b%d-%Y-%Hh%Mm%Ssec).pcap &      <HIT ENTER A
COUPLE TIMES, the same as above, so you can see your prompt>
[2] 3139
[pslow at f5int:Active] ~ # tcpdump: listening on external_101

[pslow at f5int:Active] ~ #
[pslow at f5int:Active] ~ #

...And now your two captures are going, one file per interface. the
processes are "backgrounded."

...Bring the tcpdump program to the forgeground with the "fg" command,
then hit "Ctrl+c" to exit/stop the capture. you will do this TWO
TIMES. (TWICE!) ...once for each capture you started and backgrounded.

[pslow at f5int:Active] ~ #
[pslow at f5int:Active] ~ # fg <ENTER> <Ctrl+c>
tcpdump -i external_101 -s65534 -nS -w ext101-testX-$(date
+$a%b%d-%Y-%Hh%Mm%Ssec).pcap

2533 packets received by filter
0 packets dropped by kernel
[pslow at f5int:Active] ~ # fg <ENTER> <Ctrl+c>
tcpdump -i internal_16 -s65534 -nS -w internal16-testX-$(date
+$a%b%d-%Y-%Hh%Mm%Ssec).pcap

11101 packets received by filter
0 packets dropped by kernel
[pslow at f5int:Active] ~ #
[pslow at f5int:Active] ~ # ls -la *testX*
-rw-r--r--    1 root     webusers   675927 Nov 14 14:38
ext101-testX-Nov14-2013-14h37m53sec.pcap
-rw-r--r--    1 root     webusers  2371743 Nov 14 14:38
internal16-testX-Nov14-2013-14h37m28sec.pcap
[pslow at f5int:Active] ~ # pwd
/home/pslow
[pslow at f5int:Active] ~ # logout
Connection to 172.16.30.204 closed.

pslow at P2R13E3B8 ~
# scp pslow at 172.16.30.204:/home/pslow/*testX* ./
Password:
ext101-testX-Nov14-2013-14h37m53sec.pcap
                                             100%  660KB 660.1KB/s
00:00
internal16-testX-Nov14-2013-14h37m28sec.pcap
                                             100% 2316KB   2.3MB/s
00:01

pslow at P2R13E3B8 ~
#

NOTE: Please remember to USE the "X" in the filename (as a number) so
that we know what pairs of packet captures correlate with each other.

-Pete


On Mon, May 12, 2014 at 4:45 PM, Peter Slow <peter.slow at gmail.com> wrote:
> This is sort of a silly question, but the answer to it is unclear to
> me from the information in the thread thus far:
>
> What 's the observed behavior with those same browser clients when the
> TCP / HTTP session does not traverse a loadbalancer? Can I safely
> assume that that has at least been tried?
>
> -Pete
>
> On Mon, May 12, 2014 at 4:17 PM, Brian Meade <bmeade90 at vt.edu> wrote:
>> You're going to need to get packet captures for a client connecting directly
>> and then another set for going through the F5.  You'll want to get the
>> captures on both sides of the F5.
>>
>> That's what was needed in order to solve the issue Wes referenced.
>>
>> Brian
>>
>>
>> On Mon, May 12, 2014 at 3:38 PM, <george.hendrix at l-3com.com> wrote:
>>>
>>> I’ve tried different versions of IE on the client.  In every version,
>>> UCMUser and ELM pages take forever to load thru the F5, but immediately load
>>> when going directly to the CUCM server.
>>>
>>>
>>>
>>> From: John Kougoulos [mailto:john.kougoulos at gmail.com]
>>> Sent: Friday, May 09, 2014 4:10 PM
>>>
>>>
>>> To: Hendrix, George (Bill) @ NSS - STRATIS
>>> Cc: cisco-voip voyp list
>>> Subject: Re: [cisco-voip] Issues going thru F5 to UCMUser page
>>>
>>>
>>>
>>> But are you using internet explorer and not firefox?
>>>
>>> Regards,
>>>
>>> John
>>>
>>>
>>>
>>> On Fri, May 9, 2014 at 9:25 PM, <george.hendrix at l-3com.com> wrote:
>>>
>>> Actually, the F5 is running version 11.5.  Also, I did a little more
>>> testing and discovered that pages like ccmadmin, ccmservice all load just
>>> fine.  The only pages that seem to have issues loading are ELM and UCMUser.
>>>
>>>
>>>
>>> -Bill
>>>
>>>
>>>
>>> From: Wes Sisk (wsisk) [mailto:wsisk at cisco.com]
>>> Sent: Wednesday, May 07, 2014 5:18 AM
>>> To: Hendrix, George (Bill) @ NSS - STRATIS; cisco-voip at puck.nether.net
>>> Subject: RE: Issues going thru F5 to UCMUser page
>>>
>>>
>>>
>>> From a previous encounter:
>>>
>>> Problem Description:
>>>
>>> After upgrading Call Manager from 8.6.2.20000-2 to 8.6.2.22900-9, ccmuser
>>> friendly url translation via F5 had 6-7 minute delays in loading.
>>>
>>>
>>>
>>> Resolution Summary:
>>>
>>> F5 was upgraded to Build 2806 version 11.3 after which the delay was not
>>> seen anymore.
>>>
>>>
>>>
>>> Technical snippets:
>>>
>>> Compatibility issue with SSL renegotination Cipher.
>>>
>>>
>>>
>>> -Wes
>>>
>>>
>>>
>>>
>>>
>>> ________________________________
>>>
>>> From: cisco-voip [cisco-voip-bounces at puck.nether.net] on behalf of
>>> george.hendrix at l-3com.com [george.hendrix at l-3com.com]
>>> Sent: Tuesday, May 06, 2014 8:43 PM
>>> To: cisco-voip at puck.nether.net
>>> Subject: [cisco-voip] Issues going thru F5 to UCMUser page
>>>
>>> Hey Guy,
>>>
>>>
>>>
>>>   We have F5 load balancers fronting access to our CallManager Server
>>> (CUCM 9.1) pages for users.  I can get to CCMAdmin and other pages thru the
>>> F5s without issue.  However, for some reason when going to the UCMUser page
>>> thru the F5, it seems to take forever to load.  Has anyone else seen this?
>>>
>>>
>>>
>>> Thanks,
>>>
>>> Bill Hendrix
>>>
>>>
>>> _______________________________________________
>>> cisco-voip mailing list
>>> cisco-voip at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> cisco-voip mailing list
>>> cisco-voip at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>
>>
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>

More information about the cisco-voip mailing list