Forum Discussion
Lowes_Branch_Fa
Nimbostratus
NimbostratusLTM Nonterminating HTTPS VIP Not Working
Experiencing intermitten non rendering https VIP issues. We have created multiple nonterminating https VIPs that intermittenly render https requests. The browser will spin until it returns a destination unreachable. While this is happening each server is up in the pool and successful renders https requests to a browser.
Troubleshooting the issue we replaced the primary F5 with a new unit and the the issue stopped happening. In testing failover this week we made the standby unit active and everything worked fine but when we returned the primary to active it could not render https request. After a reboot the primary still would not render the HTTPS VIPs. Then we forced the standby to active and the VIPs rendered successfully. We then forced the primary to active and the VIPs render successfully again.
F5 Details:
F5 LTM 6900
BIGIP 10.2.1 Build 297.0 Final
Config:
pool air_app {
monitor all tcp
members {
123.133.40.50:https {}
123.133.40.51:https {}
}
}
virtual air_app {
snat automap
pool air_app
destination 123.41.20:https
ip protocol tcp
persist source_addr
}
Any and all help is appreciated,
Thanks,
Clinton
3 Replies
hoolioCirrostratus
Hi Clinton,
That's an odd one. Could it be some kind of ARP issue? Are you able to run a tcpdump while the failure is occurring looking for traffic to/from the VIP and pool members? If so, what do you see?
Also, if you're not decrypting the SSL, you could change from a standard VS to a Performance L4 VS with a FastL4 profile to improve performance.
Aaron
Lowes_Branch_FaAaron,
Thanks for the lead. Got to looking at the network setup and the network uplinks of several port channels were not going to the correct switch interfaces. Problem should be fixed.
Thanks,
Clinton
HamishCirrocumulus
You're not running LACP active on the port-channels? Very important...
H
