When attempting to send HTTP post request across multiple TCP segments the request fails. We receive a response that HTTP Body is missing from the server..But if i send the same HTTP post request across multiple TCP segments directly to the server it works perfectly (without F5). Moreover a different HTTP request to the same server in a single TCP segment iworks fine. I am using no Irule ,simple http profile is applied . Any help would be appreciated

Hello Mohit. There is no possible to fragment packets if you use a http profile.When you assign a profile to a VS, F5 analyzes if this packet is RFC compliant and parses the whole set of app variables. This doesn't work at all if you divide those packets in several segments. In your case, you should configure a L4 virtual using only tcp profile (no http).KR,Dario.

Client ------ Big F5 LTM ------ Server. Client Send HTTP POST Request with HTTP body it gets Fragmented into two TCP segments ,BIG F5 LTM receives both the TCP segments ,BIG F5 forwards only one TCP segment and receives error from server that request doens't contain any HTTP body as TCP segment containing the HTTP body is never send to server and connection is reset due to this error. Capture tcpdump at big F5 and wireshark at client side for the above conclusion. Layer 4 performance and Layer 4 (HTTP) has no impact. Can't figure what's wrong !!!! Just for information POST request is a Microsoft active sync request...

L4 (HTTP) work differently than Standard (HTTP). The first one is in read-only mode and does not impact traffic. https://support.f5.com/csp/article/K16446As I told you, F5 discard traffic which is not HTTP RFC-compliant and I suspect that your device is dealing each packet individually (so the second will be discarded for this reason). Could you clarify better what kind of fragmentation are you experiencing here?Have both packets got http header (you are using chunking technique) or is it an IP/TCP fragmentation? KR,Dario.

The HTTP Traffic is TCP fragmented. Two TCP segments are created .No only one packet(TCP segment) contains the HTTP headers the other TCP segment contains only HTTP Data.Wire-shark Snips are attached.

Then, the reason of this second packet is not sent to the backend is because of the HTTP profile as I mentioned. What's the problem of using L4 virtual in your environment? This will fix the problem. There are some bugs regarding TCP Segmentation. If you want to experiment, I recommend you disable TSO and LRO to force software TCP segmentation processing.https://support.f5.com/csp/article/K15609Also, you could program your client to use chucking method to send your payload. That will avoid TCP segmentation.KR, Dario.

HTTP Post across Mutiple TCP Segment

11 Replies

Dario_Garrido
MVP
Jul 07, 2019
Hello Mohit.

There is no possible to fragment packets if you use a http profile.
When you assign a profile to a VS, F5 analyzes if this packet is RFC compliant and parses the whole set of app variables. This doesn't work at all if you divide those packets in several segments.

In your case, you should configure a L4 virtual using only tcp profile (no http).

KR,
Dario.
- Mohit_Rathee
  Nimbostratus
  Jul 09, 2019
  Client ------ Big F5 LTM ------ Server.
  
  Client Send HTTP POST Request with HTTP body it gets Fragmented into two TCP segments ,BIG F5 LTM receives both the TCP segments ,BIG F5 forwards only one TCP segment and receives error from server that request doens't contain any HTTP body as TCP segment containing the HTTP body is never send to server and connection is reset due to this error.
  
  Capture tcpdump at big F5 and wireshark at client side for the above conclusion.
  
  Layer 4 performance and Layer 4 (HTTP) has no impact.
  
  Can't figure what's wrong !!!!
  
  Just for information POST request is a Microsoft active sync request...
Dario_Garrido
MVP
Jul 09, 2019
L4 (HTTP) work differently than Standard (HTTP). The first one is in read-only mode and does not impact traffic.
https://support.f5.com/csp/article/K16446

As I told you, F5 discard traffic which is not HTTP RFC-compliant and I suspect that your device is dealing each packet individually (so the second will be discarded for this reason).

Could you clarify better what kind of fragmentation are you experiencing here?
Have both packets got http header (you are using chunking technique) or is it an IP/TCP fragmentation?

KR,
Dario.
- Mohit_Rathee
  Nimbostratus
  Jul 09, 2019
  The HTTP Traffic is TCP fragmented. Two TCP segments are created .
  No only one packet(TCP segment) contains the HTTP headers the other TCP segment contains only HTTP Data.
  Wire-shark Snips are attached.
Dario_Garrido
MVP
Jul 09, 2019
Then, the reason of this second packet is not sent to the backend is because of the HTTP profile as I mentioned.

What's the problem of using L4 virtual in your environment? This will fix the problem.

There are some bugs regarding TCP Segmentation. If you want to experiment, I recommend you disable TSO and LRO to force software TCP segmentation processing.
https://support.f5.com/csp/article/K15609

Also, you could program your client to use chucking method to send your payload. That will avoid TCP segmentation.

KR,
Dario.
- Dario_Garrido
  MVP
  Jul 09, 2019
  BTW, you can also configure http profile proxy mode as transparent to avoid compliant checking.
  https://support.f5.com/csp/article/K40243113
  
  KR,
  Dario.
Stanislas_Piro2
Cumulonimbus
Jul 09, 2019
Mohit is explaining that when using activesync, if you send an email larger than TCP MSS (1460 bytes), the HTTP POST data is segmented in multiple TCP packets (TCP segment as explained above). the first contains HTTP headers, following packets only content DATA.

Such packet is supported by F5 if data length across several packets matches "content-length" http header.

I never got issues with such deployments with http profile enabled.
- Dario_Garrido
  MVP
  Jul 09, 2019
  Ok, I understand what you mean.
  
  Actually, I suspect that Mohit is facing a bug with the http profile, because I had a similar issue before. The last ideas are to try to workaround it.
  
  Also, another idea would be to configure "rechunk" option in the request chunking section.
  https://support.f5.com/csp/article/K40243113
  
  KR,
  Dario.
Mohit_Rathee
Nimbostratus
Jul 10, 2019
Thanks @Dario Garrido and @Stanislas Piron for feedback.
What Stanislas mentioned is exactly the issue i am facing.
I am using F5 version 12.1.3.1 in which the value of tm.tcplargereceiveoffload is disable ,will enable it in next maintenance window and will retry.
L4 Virtual Server has the same issue and didn't solve the problem.

During further troubleshooting i capture certain parameters. As you can see the content length header field in first image has a value of 393, but when i capture http request from IRULE and paste it in Logs the content length field value is Zero.

I am also attaching tcp dump i capture fro both the incoming and outgoing traffic from F5 Ltm.

862 -469 = 393 thats the excat amount of HTTP Body DATA,

Outgoing traffic
Dario_Garrido
MVP
Jul 10, 2019
Do you see any error in /var/log/ltm when the issue occurs?

BTW, you should also open a support case.

KR,
Dario.
Mohit_Rathee
Nimbostratus
Aug 22, 2019
The error was resolved.
The issue was
The HTTP post request from client comes across multiple tcp segments and are coming over port 80. We were using http redirect Irule so the first TCP segment was redirected but when redirected request comes over HTTPS the payload was removed.
Forcing the client to always use port 443 resolve the issue.

Forum Discussion

HTTP Post across Mutiple TCP Segment

11 Replies

Recent Discussions

Problems connecting to vpn after upgrading to ubuntu 24.04

Slack Channel?

irule to pop-up a notification banner over a webpage.

icontrol - policy-diff and merge

How many methods are there in the assignment problem?

Related Content

Network segmentation in an AWS VPC

Mutiple SNI ssl profile under VIP

iRules Community Spotlight: Same Segment Load Balancing

How to Match Dynamic URI Segments in AS3

Hardware platform and TSO (TCP Segmentation Offoload) support