vmmed1
Enthusiast
Enthusiast

How to view X_Forwarded-For HTTP at VM in Pool?

Jump to solution

I have been troubleshooting an issue and I'm trying to determine if

packets that arrive at the vServer VIP at 443 are then getting

converted to 8080 HTTP and heading onto the server. There's a

good amount of monitoring from multiple outside locations so

it's hard for me to tell. If I ran a tcpdump would I be able to

see the original source address that was sent to the vServer?

Is there some other way in NSX to view the original external

source address at the server and not just the IP of the

load balancer as source?

Tags (1)
1 Solution

Accepted Solutions
bayupw
Leadership
Leadership

Try if these commands can show those info

1. show service loadbalancer session

2. show service loadbalancer table

3. show service loadbalancer table ipv4_ip_table_....

With the first command, you can see client IP : port and virtual server pairing (and pool member pairing on L4)

The second command will show L7 persistence session per virtual server (if you are using session persistence in the application profile).

Once you know the persistence table name, you can see the session with client IP detail using the 3rd command

The logs may have those info, but I'm not too sure about that

Bayu Wibowo | VCIX6-DCV/NV Author of VMware NSX Cookbook http://bit.ly/NSXCookbook https://github.com/bayupw/PowerNSX-Scripts https://nz.linkedin.com/in/bayupw | twitter @bayupw

View solution in original post

0 Kudos
4 Replies
bayupw
Leadership
Leadership

Try if these commands can show those info

1. show service loadbalancer session

2. show service loadbalancer table

3. show service loadbalancer table ipv4_ip_table_....

With the first command, you can see client IP : port and virtual server pairing (and pool member pairing on L4)

The second command will show L7 persistence session per virtual server (if you are using session persistence in the application profile).

Once you know the persistence table name, you can see the session with client IP detail using the 3rd command

The logs may have those info, but I'm not too sure about that

Bayu Wibowo | VCIX6-DCV/NV Author of VMware NSX Cookbook http://bit.ly/NSXCookbook https://github.com/bayupw/PowerNSX-Scripts https://nz.linkedin.com/in/bayupw | twitter @bayupw

View solution in original post

0 Kudos
vmmed1
Enthusiast
Enthusiast

Thanks very much!

0 Kudos
cnrz
Expert
Expert

On NSX Edge Load Balancer, it is possible to capture packets and ocopy  locally and open with Wireshark to see X-Forwarded for headers on the Edge Load Balancer. If NSX edge LB is one-armed, the capture interface is the single Vnic interface of the Edge VM.

TroubleShooting Guide NSX 6.4 Page 166

https://docs.vmware.com/en/VMware-NSX-for-vSphere/6.4/nsx_64_troubleshooting.pdf

Capture the packets sent to backend server.

#debug packet capture interface interface-name [filter using _ for space]- creates a packet

capture file that you can download

#debug packet display interface interface-name [filter using _ for space]- outputs packet data to

the console

#debug show files - to see a list of packet capture

#debug copy scp user@url:path file-name/all - to download the packet capture

These links may be helpful:

Wireshark X-Forwarded:

https://osqa-ask.wireshark.org/questions/13384/display-http-header

https://www.wireshark.org/docs/dfref/h/http.html

https://notalwaysthenetwork.com/2015/01/31/x-forwarded-for-proxies-and-ips/

X-Forwarded_For_Wireshark.png

On the Apache Web Server it is possible to see the X-Forwarded header with a http filter to check if the x-forwarded for seen on the Edge is also on the Web Server:

https://www.askapache.com/hosting/debugging-http-cache-headers-wireshark/

For IIS

http://www.loadbalancer.org/blog/iis-and-x-forwarded-for-header/

vmmed1
Enthusiast
Enthusiast

Thank you very much.

0 Kudos