Forum Discussion
NimbostratusOdd issue with .NET MVC-API and LTM
I was hoping someone else out there had some suggestions on kind of a weird issue I'm experiencing. We have a website, a few actually. That are using MVC-API to deliver some mobile functionality on a website. The website works fine through the F5 when hitting it from a desktop browser, but whenever the integrated mobile browser(Android+iOS) reaches out to the website, we are seeing a 3-way handshake failure on the server side of the BIG-IP.
If we bypass the F5 everything works no problem, but we are using iRules and need to be able to publish this through the F5. I hoping someone might have run into this before, we've never used MVC-API.
20 Replies
Brad_ParkerCirrus
You are seeing a TCP handshake failure server side? Is SSL involved at all? What iRules are you using?
Brad_146558Right now we've taken all iRules out of the equation for testing purposes. SSL is involved, we are using a certificate/key/ca packaged up in PKCS 12 format. The only other thing noteworthy about the certificate is it is a UCC/Multiname certificate. Also we are encrypting the conversation from end to end, so on the client side of the conversation as well as the server side.- Brad_ParkerAre you getting SSL handshake failures or TCP handshake failures on the server side?
- Brad_146558TCP, we are also seeing a lot of duplicate ACKs from the server which just makes the situation that much more confusing. I'm leaning a little more towards this being an issue with the server itself but it is odd that we are only seeing the TCP issues when the server is communicating with the F5.
- Brad_Parker_139
Nacreous
You are seeing a TCP handshake failure server side? Is SSL involved at all? What iRules are you using?
- Brad_146558Right now we've taken all iRules out of the equation for testing purposes. SSL is involved, we are using a certificate/key/ca packaged up in PKCS 12 format. The only other thing noteworthy about the certificate is it is a UCC/Multiname certificate. Also we are encrypting the conversation from end to end, so on the client side of the conversation as well as the server side.
- Brad_Parker_139Are you getting SSL handshake failures or TCP handshake failures on the server side?
- Brad_146558TCP, we are also seeing a lot of duplicate ACKs from the server which just makes the situation that much more confusing. I'm leaning a little more towards this being an issue with the server itself but it is odd that we are only seeing the TCP issues when the server is communicating with the F5.
- Brad_146558
I've done quite a few packet captures and it seems the communication issue occurs just before the cipher negotiation starts. I've got my SSL debug turned up to the "Debug" setting but I'm still not seeing any errors, would I see TLS/Cipher issues in the LTM log with default settings? Currently the LTM log is pretty clean as far as errors go.
- Brad_146558
The issue turned out to be certificate related oddly enough. It seemed there was something about the PKCS12 certificate that the integrated mobile browser didn't like when it was published through the F5. What made this hard to find is no one was looking at the certificate because we never saw any certificate related errors and the issue never happened while using traditional desktop browsers.
