Forum Discussion

Mohit_Rathee's avatar
Mohit_Rathee
Icon for Nimbostratus rankNimbostratus
Jul 07, 2019

HTTP Post across Mutiple TCP Segment

When attempting to send HTTP post request across multiple TCP segments the request fails. We receive a response that HTTP Body is missing from the server.

.

But if i send the same HTTP post request across multiple TCP segments directly to the server it works perfectly (without F5).

 

Moreover a different HTTP request to the same server in a single TCP segment iworks fine.

 

I am using no Irule ,simple http profile is applied .

 

Any help would be appreciated

  • Hello Mohit.

    There is no possible to fragment packets if you use a http profile.

    When you assign a profile to a VS, F5 analyzes if this packet is RFC compliant and parses the whole set of app variables. This doesn't work at all if you divide those packets in several segments.

    In your case, you should configure a L4 virtual using only tcp profile (no http).

    KR,

    Dario.

    • Mohit_Rathee's avatar
      Mohit_Rathee
      Icon for Nimbostratus rankNimbostratus

      Client ------ Big F5 LTM ------ Server.

       

       

      Client Send HTTP POST Request with HTTP body it gets Fragmented into two TCP segments ,BIG F5 LTM receives both the TCP segments ,BIG F5 forwards only one TCP segment and receives error from server that request doens't contain any HTTP body as TCP segment containing the HTTP body is never send to server and connection is reset due to this error.

       

      Capture tcpdump at big F5 and wireshark at client side for the above conclusion.

       

       

      Layer 4 performance and Layer 4 (HTTP) has no impact.

       

       

      Can't figure what's wrong !!!!

       

      Just for information POST request is a Microsoft active sync request...

  • L4 (HTTP) work differently than Standard (HTTP). The first one is in read-only mode and does not impact traffic.

    https://support.f5.com/csp/article/K16446

    As I told you, F5 discard traffic which is not HTTP RFC-compliant and I suspect that your device is dealing each packet individually (so the second will be discarded for this reason).

    Could you clarify better what kind of fragmentation are you experiencing here?

    Have both packets got http header (you are using chunking technique) or is it an IP/TCP fragmentation?

    KR,

    Dario.

    • Mohit_Rathee's avatar
      Mohit_Rathee
      Icon for Nimbostratus rankNimbostratus

      The HTTP Traffic is TCP fragmented. Two TCP segments are created .

      No only one packet(TCP segment) contains the HTTP headers the other TCP segment contains only HTTP Data.

      Wire-shark Snips are attached.

       

       

       

       

       

       

       

       

       

       

       

       

  • Then, the reason of this second packet is not sent to the backend is because of the HTTP profile as I mentioned.

    What's the problem of using L4 virtual in your environment? This will fix the problem.

    There are some bugs regarding TCP Segmentation. If you want to experiment, I recommend you disable TSO and LRO to force software TCP segmentation processing.

    https://support.f5.com/csp/article/K15609

    Also, you could program your client to use chucking method to send your payload. That will avoid TCP segmentation.

    KR,

    Dario.

    • Dario_Garrido's avatar
      Dario_Garrido
      Icon for MVP rankMVP

      BTW, you can also configure http profile proxy mode as transparent to avoid compliant checking.

      https://support.f5.com/csp/article/K40243113

      KR,

      Dario.

  •  Mohit is explaining that when using activesync, if you send an email larger than TCP MSS (1460 bytes), the HTTP POST data is segmented in multiple TCP packets (TCP segment as explained above). the first contains HTTP headers, following packets only content DATA.

     

    Such packet is supported by F5 if data length across several packets matches "content-length" http header.

     

    I never got issues with such deployments with http profile enabled.

    • Dario_Garrido's avatar
      Dario_Garrido
      Icon for MVP rankMVP

      Ok, I understand what you mean.

      Actually, I suspect that Mohit is facing a bug with the http profile, because I had a similar issue before. The last ideas are to try to workaround it.

      Also, another idea would be to configure "rechunk" option in the request chunking section.

      https://support.f5.com/csp/article/K40243113

      KR,

      Dario.

  • Thanks @Dario Garrido and @Stanislas Piron for feedback.

    What Stanislas mentioned is exactly the issue i am facing.

    I am using F5 version 12.1.3.1 in which the value of tm.tcplargereceiveoffload is disable ,will enable it in next maintenance window and will retry.

    L4 Virtual Server has the same issue and didn't solve the problem.

     

    During further troubleshooting i capture certain parameters. As you can see the content length header field in first image has a value of 393, but when i capture http request from IRULE and paste it in Logs the content length field value is Zero.

     

    I am also attaching tcp dump i capture fro both the incoming and outgoing traffic from F5 Ltm.

     

    862 -469 = 393 thats the excat amount of HTTP Body DATA,

     

    Outgoing traffic

     

     

     

     

     

     

     

  • Do you see any error in /var/log/ltm when the issue occurs?

    BTW, you should also open a support case.

    KR,

    Dario.

  • The error was resolved.

    The issue was​

    The HTTP post request from client comes across multiple tcp segments and are coming over port 80. We were using http redirect Irule so the first TCP segment was redirected but when redirected request comes over HTTPS the payload was removed.

    Forcing the client ​to always use port 443 resolve the issue.