Forum Discussion

pullb0x's avatar
pullb0x
Icon for Nimbostratus rankNimbostratus
Oct 20, 2023

Backend Server respond with * LibreSSL SSL_read: Connection reset by peer, errno 54

Hi I am new to F5 and LTM and apologize if this is the wrong forum or if I am not providing the appropriate information etc. I have a custom mobile app I wrote where via custom headers I want to ...
application delivery
devops
Amine_Kadimi's avatar
Amine_Kadimi
Icon for MVP rankMVP

Try to log the reset cause (https://my.f5.com/manage/s/article/K13223) and see if F5 provides any cause for the reset packet.

Since the iRule logs goes up to the HTTP request, I suspect either a connection problem with the server or a pool member selection failure, the reset logs will tell you

pullb0x's avatar
pullb0x
Icon for Nimbostratus rankNimbostratus
Oct 23, 2023

Thank you so much for the feedback.
After I enabled it, this is what I am seeing.

-------------------------------------------
TCP/IP Reset Cause
RST Cause: Count
-------------------------------------------
Flow expired (sweeper) 4
No flow found for ACK 1
No local listener 32027
No server selected 1
RST from BIG-IP internal Linux host 187450
TCP RST from remote system 3
TCP retransmit timeout 172
handshake timeout 4

  • Amine_Kadimi's avatar
    Amine_Kadimi
    Icon for MVP rankMVP
    Oct 23, 2023

    These are only statistical counters, you need to look at /var/log/ltm or tcpdump to find the message related to the reset cause

    • pullb0x's avatar
      pullb0x
      Icon for Nimbostratus rankNimbostratus
      Oct 25, 2023

      Appreciate all your help. I am a novice in reading pcap files.
      Below screenshot of the traffic
      ip ending
      ...209 = F5 
      ...35 = my endpoint
      .6 = mobile device

      per the screenshot traffic from .6 (mobile device) to .35 (endpoint) is TCP retransmission.
      What do I have to look at to see what is causing this?
      Apologize again if this is kind of a stupid question but I am a noob in this. 
      Appreciate pointing me in the right direction.
      Thank you

       

      • Amine_Kadimi's avatar
        Amine_Kadimi
        Icon for MVP rankMVP
        Oct 26, 2023

        This capture does not show any RST packet but instead it shows a weird problem: the TCP connexion is not correctly established between 192.168.83.209 (the self ip doing monitoring?) and 192.168.83.35, you have SYN, SYN-ACK but no ACK which is mandatory for the TCP 3-way handshake, could it be the problem? I can't tell with the few amount of information about your setup. But I can see few things that may be worth troubleshooting: you don't have source address translation enabled in your VS which causes the traffic not getting back from the backend, and it seems that the VS address is the same as your self IP, this later is technically possible but sometimes it may cause problems.