For A10 Load Balancers there are commands such as “show slb virtual-server bind” that displays the Virtual Server, Real Servers, TCP port and Status. But how do you show additional data and whether the End Host or Real Host is known?
In some cases, the Health Check is not configured to ensure that the End Host or Real Server is up. For troubleshooting you would like to know exactly where the Real Server is connected. Or, how about just knowing what the Status is (Up or Down) for all of the VIPs and Real Servers across all of the A10s.
This NQE parses the output of the A10 “show slb server” first. (This is not a Custom Command). Then we lookup the configured End Host / Real Host IP Address. And finally, determine if the IP Address is in the Forward Network Inventory.
Some of the select statements are commented out. The ability to check the IP Address exists consistently in the “show slb server” output, Configuration lookup, and Inventory are available. Not all are enumerated in the select statements. In other words, the debugging is there, but commented out.
Note that this is the first in a series of NQEs for reporting on and debugging A10 Load Balancers.
/**
* @intent Enumerate the A10 SLB End Host and VIP Status.
* @description Parse the output of "ACOS: 'show slb server'", and check the Host Invntory to determine if the IP Address exists.
* Determine the IP address of the End Host / Real Host.
* Determine if the IP address of the Real Host existins in the Forward Networks Inventory.
*/
/* Example output of "show slb server"
Service Current Total Fwd-pkt Rev-pkt Peak-conn State
---------------------------------------------------------------------------------------
server1:48820/tcp 0 178 4555 6986 0 Down
server1:48680/tcp 0 0 0 0 0 Down
server1: Total 0 178 4555 6986 0 Down
*/
// Pattern to Enumerate "show slb server"
pattern1 = ```
Service Current Total Fwd-pkt Rev-pkt Peak-conn State
---------------------------------------------------------------------------------------
{service: string} {current: string} {total: string} {fwdpkt: string} {revpkt: string} {peakconn: string} {status: string}
```;
//
/* Example output of matching details in Configuration
slb server server1 10.10.10.10
port 48820 tcp
port 48680 tcp
*/
//
pattern2 = ```
slb server {servername: string} {ipAddr: string}
```;
// General Routines
parseSlashPair(s) =
patternMatch(replace(s, "/", " "), `{first:number} {second:string}`);
parseColonPair(s) =
patternMatch(replace(s, ":", " "), `{first:string} {second:string}`);
removeBrackets(s) =
replace(replace(s, "/", ""), "e", "");
// Routine to Parse the full A10 Configuration to find the End Host IP Address.
slbIPConfig (serviceName)=
foreach device in network.devices
where device.platform.vendor == Vendor.A10
let outputs = device.outputs
foreach command in outputs.commands
where command.commandType == CommandType.CONFIG
let rawDataResponse = command.response
let configurations = parseConfigBlocks(OS.ACOS, command.response)
foreach slb_block in blockMatches(configurations, pattern2)
where slb_block.data.servername == serviceName
select distinct slb_block.data.ipAddr
;
// Routine to look up the Host Values for Enumeration.
checkHostIP(device)=
// foreach device in network.devices
foreach host in device.hosts
where isPresent(host.macAddress)
select {
deviceName: device.name,
physicalName: device.system.physicalName,
address: host.addresses,
addrStr: toString(host.addresses),
macAddress: host.macAddress,
vendor:ouiAssignee(host.macAddress),
interfaces: host.interfaces,
hostType: host.hostType,
}
;
// Routine to search the Configuration to match the slb service-group to find the member.
// checkSvcGrp(device)=
// ;
// ***** MAIN FUNCTION *****
foreach device in network.devices
where device.platform.vendor == Vendor.A10
let outputs = device.outputs
foreach command in outputs.commands
where command.commandType == CommandType.SLB_SERVERS
let rawDataResponse = command.response
let configurations = parseConfigBlocks(OS.ACOS, command.response)
foreach slb_block in blockMatches(configurations, pattern1)
where slb_block.data.current != "Total" // Remove the Total Summary Lines
let serviceName = parseColonPair(slb_block.data.service).first
let serviceIP = slbIPConfig(serviceName)
let serviceIPstr = replace(toString(serviceIP), "e", "")
let serviceIPstr = replace(serviceIPstr, "]", "")
let serviceIPstr = serviceIPstr + "/32"
let serviceIPaddr = ipSubnet(serviceIPstr)
let ipHost = max(foreach record in checkHostIP(device)
where serviceIPaddr in record?.address
select record )
// **** Output Table of Values *****
select {
violation: !isPresent(ipHost?.address),
deviceName: device.name,
ServiceName: serviceName,
Service: slb_block.data.service,
ServiceIP: serviceIP,
// serviceIPstr : serviceIPstr,
// serviceIPaddr: serviceIPaddr,
// SLB Server Values
State: slb_block.data.status,
Current: slb_block.data.current,
Total: slb_block.data.total,
"Fwd-pkt": slb_block.data.fwdpkt,
"Rev-pkt": slb_block.data.revpkt,
"Peak-conn": slb_block.data.peakconn,
// Host Inventory Values
// recordAdd: ipHost?.address,
// addrStr: ipHost?.addrStr,
hostMAC: ipHost?.macAddress,
hostConn: ipHost?.physicalName,
hostInt: ipHost?.interfaces,
hostVendor: ipHost?.vendor,
}
A Violation is set if the A10 host is configured but not in the Inventory. You may want to add an additional check for whether the A10 status is up and the IP Address is in the Inventory.
Or, filter by violation = false, State = Up, and then sort by Current (current connections in the selected Snapshot). In other words, to see all the Reals that are Up and known (or not known) in the Forward Networks Inventory.
Next up will be parsing the VIPs from the configuration using a blockMatches:
slb service-group <name_port>
member <servicename> <port>
Then checking which “slb-virtual-server” contains the service-group
slb virtual-server <slb_name> <vip>
port <port> tcp
service-group
The link to the next NQE, second in the series, is at the top of this post.
Keep watching for new and insightful NQEs to solve issues quickly. And let us know if you have any ideas or questions.
