Bug ID 1007909: Tcpdump with :p (peer flow) flag does not capture forwarded between TMMs

Last Modified: Jan 20, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3

Opened: Mar 31, 2021
Severity: 3-Major

Symptoms

When using tcpdump with the :p flag, it does not capture all packets that are processed by multiple TMMs.

Impact

Causes confusion since there will be packets missing from tcpdump captures.

Conditions

Traffic flows are handled by multiple TMMs, e.g., one of the following: -- 'preserve strict' set on virtual servers -- a CMP-demoted virtual server -- Service Provider (SP) DAG configured, but using custom mappings for some client IP addresses, or some traffic flows using VLANs without SPDAG configured.

Workaround

Use a packet capture filter to capture clientside and serverside flows directly, without relying on the peer flow flag (":p").

Fix Information

None

Behavior Change