Forum Discussion

Manjunath_Premk's avatar
Manjunath_Premk
Icon for Nimbostratus rankNimbostratus
Jul 07, 2015

Connection resets at SSL/TLS level from F5

Context- We have load tests executed from Amazon cloud instance (source) to aaccess application through f5 hosted in-premise and images/Js/cc are hosted in CDN and application data and few images are served from In-premise servers. All requests are in HTTPS and connection uses TLS 1.2

 

Problem: We notice that when users are ramping up from 2K to 3K users (more connections opened from client to server) client is waiting for the response from server and later client throws encrypted alert 21 (happening at TLS layer) followed by connections resets and retransmission failures.

 

Captured through wireshark but not able corner the problem (attached the snapshot)

 

Last it worked well on June 26th Test and July 3rd first occurrence of this errors.

 

what changed in between and suspects that could be contributing,

 

1) Firewall configuration changes due to vulnerability exposed at TLS/SSL layer 2) POODLE attacks fixes on F5 3) within Amazon cloud infrastructure

 

Any inputs to investigate in right direction will help us a lot.

 

 

advanced firewall manager
application delivery
AWS
cloud
deployment
performance
  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Jul 07, 2015

    Is it that the client is waiting up to 30 seconds for a response before sending the alert? Is this consistent?

     

  • Manjunath_Premk's avatar
    Manjunath_Premk
    Icon for Nimbostratus rankNimbostratus
    Jul 07, 2015

    Got the resolution! Actually it was arbor software (avoid any DDos Attack) blocking the request and reason for connection resets.