I have been troubleshooting an issue and I'm trying to determine if
packets that arrive at the vServer VIP at 443 are then getting
converted to 8080 HTTP and heading onto the server. There's a
good amount of monitoring from multiple outside locations so
it's hard for me to tell. If I ran a tcpdump would I be able to
see the original source address that was sent to the vServer?
Is there some other way in NSX to view the original external
source address at the server and not just the IP of the
load balancer as source?
Try if these commands can show those info
1. show service loadbalancer session
2. show service loadbalancer table
3. show service loadbalancer table ipv4_ip_table_....
With the first command, you can see client IP : port and virtual server pairing (and pool member pairing on L4)
The second command will show L7 persistence session per virtual server (if you are using session persistence in the application profile).
Once you know the persistence table name, you can see the session with client IP detail using the 3rd command
The logs may have those info, but I'm not too sure about that
Try if these commands can show those info
1. show service loadbalancer session
2. show service loadbalancer table
3. show service loadbalancer table ipv4_ip_table_....
With the first command, you can see client IP : port and virtual server pairing (and pool member pairing on L4)
The second command will show L7 persistence session per virtual server (if you are using session persistence in the application profile).
Once you know the persistence table name, you can see the session with client IP detail using the 3rd command
The logs may have those info, but I'm not too sure about that
Thanks very much!
On NSX Edge Load Balancer, it is possible to capture packets and ocopy locally and open with Wireshark to see X-Forwarded for headers on the Edge Load Balancer. If NSX edge LB is one-armed, the capture interface is the single Vnic interface of the Edge VM.
TroubleShooting Guide NSX 6.4 Page 166
https://docs.vmware.com/en/VMware-NSX-for-vSphere/6.4/nsx_64_troubleshooting.pdf
Capture the packets sent to backend server.
#debug packet capture interface interface-name [filter using _ for space]- creates a packet
capture file that you can download
#debug packet display interface interface-name [filter using _ for space]- outputs packet data to
the console
#debug show files - to see a list of packet capture
#debug copy scp user@url:path file-name/all - to download the packet capture
These links may be helpful:
Wireshark X-Forwarded:
https://osqa-ask.wireshark.org/questions/13384/display-http-header
https://www.wireshark.org/docs/dfref/h/http.html
https://notalwaysthenetwork.com/2015/01/31/x-forwarded-for-proxies-and-ips/
On the Apache Web Server it is possible to see the X-Forwarded header with a http filter to check if the x-forwarded for seen on the Edge is also on the Web Server:
https://www.askapache.com/hosting/debugging-http-cache-headers-wireshark/
For IIS
http://www.loadbalancer.org/blog/iis-and-x-forwarded-for-header/
Thank you very much.