Forum Discussion
Cirrostratushttp profile on layer 4 server intermittently breaks connections
Has anyone seen this?
I have a performance layer 4 virtual server (that for some reason had an http profile attached) that is load balancing microsoft ADFS servers. Since it's passthrough the backend servers themselves do the encryption and what not. This has been setup and working fine for months with no changes on either side.
Today about 50-60% of the requests to either backend node would fail. After doing packet captures on the client, the F5 and the backend nodes I found that the F5 would send a TCP/RESET to the client and backend nodes after the backend node responded with the SERVER HELLO, Certificate, Server Key Exchange, Server Hello Done in the handshake. After much troubleshooting I found removing the http profile stopped this from happening...I don't think we need the http profile but I'm curious why it worked so long with it applied and why it broke all of a sudden and only for about half the requests. We are running 13.1x
- boneyard
MVP
havent seen this myself, consider this a friendly bump ;)
Chris_GrantEmployee
It is very likely that someone changed something regarding the HTTP profile, otherwise this should not have had an impact. In Fastl4 the http profile only supports statistic collection. Any attempts to modify the http stream, such as by insertion of a header or an irule, will fail. You can read more about that here:
https://support.f5.com/csp/article/K16446
If you need a better root cause, I would open a support case. Be aware that they are going to need to see the failing traffic capture to give you any meaningful feedback.
