Forum Discussion
Nick_68106
Dec 10, 2011Nimbostratus
I tried that as well and ended up with the same results. I think it has something to do with the TCP profile that is required by the HTTP profile because when I do a packet capture on the lasthop pool VLAN (VLAN C) you can see the load balancer responding with a TCP SYN/ACK as the destination IP address which I imagine is what most likely is causing the problem.
I believe this because when I remove the HTTP profile and leave the TCP profile and remove the iRule which requires the HTTP profile the load balancer acts the same way sending a TCP SYN/ACK acting as the destination IP address. If I then remove the TCP profile the load balancer does not send a TCP SYN/ACK acting as the destination IP address and the traffic flows as expected (i.e. I can route the traffic out to the internet no problem).
I believe then that this is causing the client and the real server (i.e. www.facebook.com or whatever) to never finish a TCP 3 way hand shake since the client is getting a response from both the real end server and the fake end server (the load balancer in this case). Does anyone know how to disable/workaround this in the TCP profile? I would imagine if I disabled this in the TCP profile then when the proxy servers are both up and working the virtual server would not work correctly.