F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

hoksum2828_1750's avatar
hoksum2828_1750
Icon for Nimbostratus rankNimbostratus
Oct 24, 2014

Abnormal hang to connect F5 VIP

Currently, I setup F5 LTM version 11.4.x to balance the web loading from Proxy server. All traffic will go through from proxy server to F5 VIP and round robin to pass for web server layers. The VIP in F5 is different VLANs with the below web servers. E.g VIP is 10.112.42.x, and the web servers are 10.113.99.xxx. After I set up and enable SNAT automap function. I tried to run curl and telnet command to connect the VIP port 80 from proxy server. It is working, but if no continuous traffic connect from proxy server to this VIP within around 10 min, it happen abnormal situation. If we idle over around 10 min , and try to run command to telnet VIP port 80 again, it likes hang connection and return timeout. I checked the health checking, all pools web server memebers are normal. For this case, if I modify little in configuration ( E.g update some description ) in F5, it can work again. But if no traffic connect VIP over 10min again, the issue happened again. I tried to disable health checking, but it also keeps to happen it. Do you have any idea why will happen it ? Please give us some idea to find out the issue. Thanks a lot !

 

Sum

 

12 Replies

Show More
  • hoksum2828_1750's avatar
    hoksum2828_1750
    Icon for Nimbostratus rankNimbostratus
    Oct 26, 2014

    Hi Kunjan

     

    No, the arp is enabled. The following are the details :

     

    [root@f5ltm-green-primary:Active:Standalone] config tmsh list ltm virtual-address 10.112.42.246 all-properties ltm virtual-address 10.112.42.246 { address 10.112.42.246 app-service none arp enabled auto-delete true connection-limit 0 description none enabled yes floating enabled icmp-echo enabled inherited-traffic-group false mask 255.255.255.255 metadata none partition Common route-advertisement disabled server-scope any traffic-group traffic-group-1 unit 1 }

     

    Besides, we run the following command to capture some timeout, but we don't confirm to relate this issue. Do you have any idea about it ?

     

    [root@f5ltm-green-primary:Active:Standalone] config tmsh show /net rst-cause

     

    TCP/IP Reset Cause

     

    RST Cause: Count

    ICMP unreachable received 2 No pool member available 38488 RST from BIG-IP internal Linux host 294887 TCP 3WHS rejected 46899 TCP retransmit timeout 6

     

    Sum

     

  • kunjan's avatar
    kunjan
    Icon for Nimbostratus rankNimbostratus
    Oct 26, 2014

    Do you any other pools configured? Since you have mentioned that VIP stays up green, I think can ignore that.

     

    Don't have much clue now. Would suggest to raise a support case.

     

    Meanwhile you can check some of the following:

     

    1. Any LTM logs
    2. if mac masquerading configured.

       

      https://support.f5.com/kb/en-us/solutions/public/13000/500/sol13502.html
    3. tmsh /show net arp , after the ping failure.
    4. Ping other IPs like self IP on the same vlan or subnet
    5. Create another VIP on the same vlan/subnet and test
    6. Try enabling/disabling deleting/creating the VIP