Forum Discussion

jr742n_186918's avatar
jr742n_186918
Icon for Nimbostratus rankNimbostratus
Feb 16, 2015

http service goes down after 21 minutes appro

Guys, do you know whay the virtual server members stop the http service after 1260 seconds approx?   Facts:   BIG-IP 11.5.1 Build 2.0.121 Hotfix HF2 After a manual reset (disable-enable) of ...
BIG-IP
http
management
jr742n_186918's avatar
jr742n_186918
Icon for Nimbostratus rankNimbostratus
Feb 16, 2015

Hi Stephan; let me try to answer...

 

  • what are your logs saying?

  • not much information, just mentio the service down service code 01070638 and service code 01070727 when i restar the service

     

  • Did you see something in /var/log/ltm?

     

  • the log:

Feb 16 17:38:52 F5-1-Site2 alert mcpd[7097]: 01070921:1: Virtual Server '/Common/VIP-Front-End-QA-80' on partition 'Common' disabled by user 'admin'.

 

Feb 16 17:40:07 F5-1-Site2 alert mcpd[7097]: 01070921:1: Virtual Server '/Common/VIP-Front-End-QA-80' on partition 'Common' enabled by user 'admin'.

 

Feb 16 17:48:32 F5-1-Site2 notice mcpd[7097]: 01070638:5: Pool /Common/Front-End_Test_80 member /Common/BRHBWS01T:80 monitor status down. [ /Common/http: dow n, /Common/tcp: up ] [ was up for 42hrs:56mins:7sec ]

 

Feb 16 17:48:41 F5-1-Site2 notice mcpd[7097]: 01070727:5: Pool /Common/Front-End_Test_80 member /Common/BRHBWS01T:80 monitor status up. [ /Common/http: up, / Common/tcp: up ] [ was down for 0hr:0min:9sec ]

 

  • What about the performance graphs and concurrent connections?

  • Not much details, the CPU looks normal, the memory frre available is contstant in 8G. and 20 connections.

     

  • I guess your virtual server is in PerformanceL4 with fastL4 profile. The fastL4 profile should have "loose init" and "loose close" enabled.

     

  • We have configured standard type with TCP-wan/lan- optimized.

     

  • Your real servers have a loopback IP listening on the virtual server IP but with ARP disabled?

     

  • Mate, where supposedly I should check that?

Many thnks 4/U'r time.

 

  • StephanManthey's avatar
    StephanManthey
    Icon for Nacreous rankNacreous
    Feb 16, 2015
    Hi Jose, with this configuration nPath won´t work. Due to the asymmetric traffic flow the tcp-protocol interception breaks. How about just adding SNAT AutoMap to your virtual server configuration? Now traffic flows symmetrically and everything should be fine. Btw, symmetric flow is mandatory for additional proxy functions as ssl-termination and http-proxy incl. cookie-persistence, caching, compression and so on. In case your server admins want to see the original client IP you can still insert the X-Forwarded-For header or modify the default route of your servers. Thanks, Stephan
  • SynACk_128568's avatar
    SynACk_128568
    Icon for Cirrostratus rankCirrostratus
    Feb 16, 2015
    Hi Stephan , Please if you can clarify "modify the default route of your servers " ? Thanks
  • StephanManthey's avatar
    StephanManthey
    Icon for Nacreous rankNacreous
    Feb 16, 2015
    Hi SynAck, clients expect to get a response from the IP address and service port where the request was sent to. Response also has to match TCP sequencing from previous transmissions. This can be achieved by forcing poolmembers' responses through the load balancer. Two common methods: SNAT ie via SNAT AutoMap to replace the clients original IP address by an IP address hold by the load balancer, ie a floating self IP. The poolmember will send it's response back to the load balancer. Load balancer reverts all NAT operations and forwards response to the client. Second option is to leave the client IP untouched. But still you need to force the poolmembers responses back to the load balancer. This can be done by changing the routing configuration of the real server. Second option will not work with clients and poolmembers in same IP network. Thanks, Stephan