Forum Discussion
fabianlumy
Nimbostratus
NimbostratusF5 LTM (VE) - KeepAlive even if real server close connection
Hello community!
I'm qualifying an LTM (VE) 11.2.0 for web loadbalancing, and trying to find a solution for this case:
Real web server force connection to close for each call to a very common ressource (because it's does not send Content-Length header, neither chunked, I cannot change this).
Is there a way to keep connection alive on the client side, and ask to the device to handle this case ? I also try to force the rechunk, but the connection is also closed. I can passthrough this issue but using http compression for example, but it is not what I'm looking for...
I will be happy if someone can help to find a solution for this case.
Thanks
16 Replies
- nitass
Employee
have you used oneconnect profile? 
fabianlumyYes I'm using a OneConnect profile (I've also tried disabling OneConnect...)
- nitassis connection forced to close by connection close http header from server? if so, doesn't oneconnect profile help?
or did i misunderstand?no oneconnect [root@ve10:Active] config b virtual bar list virtual bar { snat automap pool foo destination 172.28.19.79:80 ip protocol 6 profiles { http {} tcp {} } } [root@ve10:Active] config b pool foo list pool foo { members 200.200.200.101:80 {} } connection 1 is client-side (between client and bigip) and connection 2 is server-side (between bigip and server) [root@ve10:Active] config ssldump -Aed -nni 0.0 port 80 New TCP connection 1: 172.28.19.251(45893) <-> 172.28.19.79(80) 1346681560.3245 (0.0009) C>S --------------------------------------------------------------- HEAD / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.19.79 Accept: */* --------------------------------------------------------------- New TCP connection 2: 200.200.200.10(45893) <-> 200.200.200.101(80) 1346681560.3265 (0.0009) C>S --------------------------------------------------------------- HEAD / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.19.79 Accept: */* --------------------------------------------------------------- 1346681560.3275 (0.0010) S>C --------------------------------------------------------------- HTTP/1.1 200 OK Date: Mon, 03 Sep 2012 14:27:29 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT ETag: "4183e4-3e-9c564780" Accept-Ranges: bytes Content-Length: 62 Connection: close Content-Type: text/html; charset=UTF-8 --------------------------------------------------------------- 1346681560.3275 (0.0030) S>C --------------------------------------------------------------- HTTP/1.1 200 OK Date: Mon, 03 Sep 2012 14:27:29 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT ETag: "4183e4-3e-9c564780" Accept-Ranges: bytes Content-Length: 62 Connection: close Content-Type: text/html; charset=UTF-8 --------------------------------------------------------------- when no connection, FIN is sent from server (in server-side) to client (in client-side) 2 1346681560.3275 (0.0000) S>C TCP FIN 1 1346681560.3275 (0.0000) S>C TCP FIN 1 1346681560.3285 (0.0010) C>S TCP FIN 2 1346681560.3286 (0.0010) C>S TCP FIN - nitass
with oneconnect [root@ve10:Active] config b virtual bar list virtual bar { snat automap pool foo destination 172.28.19.79:80 ip protocol 6 profiles { http {} oneconnect {} tcp {} } } [root@ve10:Active] config ssldump -Aed -nni 0.0 port 80 New TCP connection 1: 172.28.19.251(45894) <-> 172.28.19.79(80) 1346681818.7056 (0.0011) C>S --------------------------------------------------------------- HEAD / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.19.79 Accept: */* --------------------------------------------------------------- New TCP connection 2: 200.200.200.10(45894) <-> 200.200.200.101(80) 1346681818.7067 (0.0010) C>S --------------------------------------------------------------- HEAD / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.19.79 Accept: */* --------------------------------------------------------------- 1346681818.7075 (0.0007) S>C --------------------------------------------------------------- HTTP/1.1 200 OK Date: Mon, 03 Sep 2012 14:31:48 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT ETag: "4183e4-3e-9c564780" Accept-Ranges: bytes Content-Length: 62 Connection: close Content-Type: text/html; charset=UTF-8 --------------------------------------------------------------- 1346681818.7075 (0.0019) S>C --------------------------------------------------------------- HTTP/1.1 200 OK Date: Mon, 03 Sep 2012 14:31:48 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT ETag: "4183e4-3e-9c564780" Accept-Ranges: bytes Content-Length: 62 X-Cnection: close Content-Type: text/html; charset=UTF-8 --------------------------------------------------------------- with oneconnect, fin in server-side is not sent to client-side 2 1346681818.7075 (0.0000) C>S TCP FIN 2 1346681818.7075 (0.0000) S>C TCP FIN 1 1346681818.7086 (0.0011) C>S TCP FIN 1 1346681818.7086 (0.0000) S>C TCP FIN - fabianlumyHere is my settings:
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos) show running-config ltm virtual ltm virtual MYVIRTUAL { destination 192.168.0.85:http ip-protocol tcp mask 255.255.255.255 pool MYPOOL1 profiles { http { } oneconnect { } tcp { } } snat automap source-port change translate-port disabled vlans-disabled } root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos) show running-config ltm pool ltm pool MYPOOL1 { allow-nat no members { SERV1:http { address 192.168.0.105 session monitor-enabled state up } } monitor http_xxxx }[root@bigip1:Active:Standalone] config ssldump -Aed -nni 0.0 port 80 New TCP connection 1: 192.168.90.124(42062) <-> 192.168.0.85(80) 1346687504.8171 (0.1332) C>S --------------------------------------------------------------- GET / HTTP/1.1 User-Agent: curl/7.21.0 (i486-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.15 libssh2/1.2.6 Host: www.testdomain.com Accept: */* Connection: keep-alive --------------------------------------------------------------- New TCP connection 2: 192.168.0.83(6369) <-> 192.168.0.105(80) 1346687504.8183 (0.0011) C>S --------------------------------------------------------------- GET / HTTP/1.1 User-Agent: curl/7.21.0 (i486-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.15 libssh2/1.2.6 Host: www.testdomain.com Accept: */* Connection: keep-alive X-Forwarded-For: 192.168.90.124 --------------------------------------------------------------- 1346687504.8257 (0.0074) S>C --------------------------------------------------------------- HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 03 Sep 2012 15:51:45 GMT Server: Microsoft-IIS/6.0 Set-Cookie: CFID=26750906;expires=Wed, 03-Oct-2012 15:51:45 GMT;path=/ Set-Cookie: CFTOKEN=65834896;expires=Wed, 03-Oct-2012 15:51:45 GMT;path=/ location: /infos/index.cfm Content-Type: text/html; charset=UTF-8 --------------------------------------------------------------- 2 1346687504.8258 (0.0000) S>C TCP FIN 1346687504.8258 (0.0087) S>C --------------------------------------------------------------- HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 03 Sep 2012 15:51:45 GMT Server: Microsoft-IIS/6.0 Set-Cookie: CFID=26750906;expires=Wed, 03-Oct-2012 15:51:45 GMT;path=/ Set-Cookie: CFTOKEN=65834896;expires=Wed, 03-Oct-2012 15:51:45 GMT;path=/ location: /infos/index.cfm Content-Type: text/html; charset=UTF-8 --------------------------------------------------------------- 1 1346687504.8258 (0.0000) S>C TCP FIN 1 1346687504.9656 (0.1398) C>S TCP FIN 2 1346687504.9657 (0.1399) C>S TCP FIN
Server close connection first... - nitassit is redirection.
can you try "http://www.testdomain.com/infos/index.cfm"? - fabianlumyHello, yes it is a redirection on the same domain, so it should work... here is the trace of the request to the final ressource (I've blank the data)
New TCP connection 1: 192.168.90.124(42960) <-> 192.168.0.85(80) 1346741943.2912 (0.0206) C>S --------------------------------------------------------------- GET /infos/index.cfm HTTP/1.1 User-Agent: curl/7.21.0 (i486-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.15 libssh2/1.2.6 Host: www.testdomain.com Accept: */* Connection: keep-alive --------------------------------------------------------------- New TCP connection 2: 192.168.0.83(39027) <-> 192.168.0.105(80) 1346741943.2925 (0.0012) C>S --------------------------------------------------------------- GET /infos/index.cfm HTTP/1.1 User-Agent: curl/7.21.0 (i486-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.15 libssh2/1.2.6 Host: www.testdomain.com Accept: */* Connection: keep-alive X-Forwarded-For: 192.168.90.124 --------------------------------------------------------------- 1346741943.3053 (0.0127) S>C --------------------------------------------------------------- HTTP/1.1 200 OK Connection: close Date: Tue, 04 Sep 2012 06:59:04 GMT Server: Microsoft-IIS/6.0 Set-Cookie: CFID=26760493;expires=Thu, 04-Oct-2012 06:59:04 GMT;path=/ Set-Cookie: CFTOKEN=85662049;expires=Thu, 04-Oct-2012 06:59:04 GMT;path=/ Content-Type: text/html; charset=UTF-8 --------------------------------------------------------------- 1346741943.3063 (0.0009) S>C --------------------------------------------------------------- [DATA] --------------------------------------------------------------- 1346741943.3063 (0.0150) S>C --------------------------------------------------------------- HTTP/1.1 200 OK Connection: close Date: Tue, 04 Sep 2012 06:59:04 GMT Server: Microsoft-IIS/6.0 Set-Cookie: CFID=26760493;expires=Thu, 04-Oct-2012 06:59:04 GMT;path=/ Set-Cookie: CFTOKEN=85662049;expires=Thu, 04-Oct-2012 06:59:04 GMT;path=/ Content-Type: text/html; charset=UTF-8 --------------------------------------------------------------- 1346741943.3063 (0.0000) S>C --------------------------------------------------------------- [DATA] --------------------------------------------------------------- 1346741943.3063 (0.0000) S>C --------------------------------------------------------------- [DATA] 1346741943.3072 (0.0009) S>C --------------------------------------------------------------- [DATA] 1346741943.3072 (0.0008) S>C --------------------------------------------------------------- [DATA] 1346741943.3072 (0.0000) S>C --------------------------------------------------------------- [DATA] 1346741943.3081 (0.0008) S>C --------------------------------------------------------------- [DATA] 1346741943.3081 (0.0008) S>C --------------------------------------------------------------- [DATA] 1346741943.3081 (0.0000) S>C --------------------------------------------------------------- [DATA] 1346741943.3098 (0.0017) S>C --------------------------------------------------------------- [DATA] 1346741943.3098 (0.0017) S>C --------------------------------------------------------------- [DATA] 1346741943.3107 (0.0008) S>C --------------------------------------------------------------- [DATA] 1346741943.3116 (0.0008) S>C --------------------------------------------------------------- [DATA] 1346741943.3133 (0.0017) S>C --------------------------------------------------------------- [DATA] 1346741943.3150 (0.0016) S>C --------------------------------------------------------------- [DATA] 1346741943.3151 (0.0052) S>C --------------------------------------------------------------- [DATA] 1346741943.3151 (0.0000) S>C --------------------------------------------------------------- [DATA] 1346741943.3151 (0.0000) S>C --------------------------------------------------------------- [DATA] 1346741943.3151 (0.0000) S>C --------------------------------------------------------------- [DATA] 1346741943.3151 (0.0000) S>C --------------------------------------------------------------- [DATA] 1346741943.3151 (0.0000) S>C --------------------------------------------------------------- [DATA] 1346741943.3151 (0.0000) S>C --------------------------------------------------------------- [DATA] 1346741943.3151 (0.0000) S>C --------------------------------------------------------------- [DATA] 1346741943.3151 (0.0000) S>C --------------------------------------------------------------- [DATA] 1346741943.3160 (0.0010) S>C --------------------------------------------------------------- [DATA] 1346741943.3161 (0.0009) S>C --------------------------------------------------------------- [DATA] 1346741943.3161 (0.0000) S>C --------------------------------------------------------------- [DATA] 1346741943.3170 (0.0009) S>C --------------------------------------------------------------- [DATA] 1346741943.3170 (0.0009) S>C --------------------------------------------------------------- [DATA] 1346741943.3170 (0.0000) S>C --------------------------------------------------------------- [DATA] 1346741943.3187 (0.0017) S>C --------------------------------------------------------------- [DATA] 1346741943.3187 (0.0017) S>C --------------------------------------------------------------- [DATA] 1346741943.3187 (0.0000) S>C --------------------------------------------------------------- [DATA] 1346741943.3196 (0.0008) S>C --------------------------------------------------------------- [DATA] 1346741943.3196 (0.0008) S>C --------------------------------------------------------------- [DATA] 1346741943.3196 (0.0000) S>C --------------------------------------------------------------- [DATA] 1346741943.3205 (0.0008) S>C --------------------------------------------------------------- [DATA] 2 1346741943.3205 (0.0000) S>C TCP FIN 1346741943.3205 (0.0009) S>C --------------------------------------------------------------- [DATA] 1 1346741943.3205 (0.0000) S>C TCP FIN 1 1346741943.3622 (0.0416) C>S TCP FIN 2 1346741943.3622 (0.0417) C>S TCP FIN
It's the same... - nitasscan you list your virtual and http profile configuration again please? the one you have posted is truncated.
b virtual (name) list
b profile (name) list 
Thomas_Schocka1Altocumulus
Hello Erlo,
As far as I understand your question, you could do the following:
- replace (using an iRule) the Connection: close header by something else in the HTTP_RESPONSE event.
Your client closes the connection because the server said it would not longer accept anything on this connection (e.g. your server sent the Connection: close header).
The problem lies with the fact that this header is passed on to the client, which then responds in kind by using a different connection. But the thing is: your client is connected to the F5 (which is a different TCP connection than the one the F5 has with your server) and can thus be kept open by telling the client it is not to be closed (through a Connection: keep-alive header for instance).
In the background, the F5 will need to issue a new connection to the server each time because the server will have closed the connection.
Using a OneConnect profile here will tell the F5 to 'establish and maintain some connections to the server' which can then be used to (even if one of those connections fail) still process the remaining http requests and replies.
Kind regards,
Thomas- fabianlumybigpipe does not work on my current version, so here is what tmsh command return:
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos) show running-config ltm virtual MYVIRTUAL ltm virtual MYVIRTUAL { destination 192.168.0.85:http ip-protocol tcp mask 255.255.255.255 pool MYPOOL1 profiles { http { } oneconnect { } tcp { } } snat automap source-port change vlans-disabled }root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos) show running-config ltm profile http ltm profile http http { app-service none basic-auth-realm none encrypt-cookies none fallback-host none fallback-status-codes none header-erase none header-insert none insert-xforwarded-for enabled lws-separator none lws-width 80 max-header-count 64 max-header-size 32768 max-requests 0 oneconnect-transformations enabled pipelining enabled redirect-rewrite none request-chunking preserve response-chunking selective response-headers-permitted none security disabled via-request preserve via-response preserve }root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos) show running-config ltm profile one-connect ltm profile one-connect oneconnect { app-service none idle-timeout-override disabled max-age 86400 max-reuse 1000 max-size 10000 source-mask any }
But what I think is that it should be not possible. The only way to do this should be the loadbalancer to wait for all response content from the server and then add a "Content-length" header. It's quite like the compression profile work, without the compression... But with rechunk technically, it should be possible...?
