Forum Discussion
NimbostratusOnly newly created VSes are Reseting all the traffic
Hello All,
On my F5 cluster there are few VIPs which are UP and Running. I need to create new VIP to setup a new VPN. While doing it I realized something is not fine and any traffic sent to these new VIPs is being Reset by F5. After that just to test I started creating new VIPs just by changing IP address of the working Existing ones. And now I am sure that everything is being Reset by the F5.
Following is the console output of tcpdump, this is exactly same with any new VIP that I am creating. Anyone has any idea about this, that whats getting wrong.
shantidutbansod11:04:08.432224 IP 10.194.1.52.56387 > 10.194.1.155.https: SWE 2768861009:2768861009(0) win 8192 11:04:08.432271 IP 10.194.1.155.https > 10.194.1.52.56387: R 0:0(0) ack 2768861010 win 0 11:04:08.432276 IP 10.194.1.52.56388 > 10.194.1.155.https: SWE 3343896122:3343896122(0) win 8192 11:04:08.432287 IP 10.194.1.155.https > 10.194.1.52.56388: R 0:0(0) ack 3343896123 win 0 11:04:08.694935 IP 10.194.1.52.56389 > 10.194.1.155.https: SWE 2484741480:2484741480(0) win 8192 11:04:08.694960 IP 10.194.1.155.https > 10.194.1.52.56389: R 0:0(0) ack 2484741481 win 0 11:04:08.934903 IP 10.194.1.52.56387 > 10.194.1.155.https: S 2768861009:2768861009(0) win 8192 11:04:08.934951 IP 10.194.1.155.https > 10.194.1.52.56387: R 0:0(0) ack 1 win 0 11:04:08.934956 IP 10.194.1.52.56388 > 10.194.1.155.https: S 3343896122:3343896122(0) win 8192 11:04:08.934967 IP 10.194.1.155.https > 10.194.1.52.56388: R 0:0(0) ack 1 win 0 11:04:09.198017 IP 10.194.1.52.56389 > 10.194.1.155.https: S 2484741480:2484741480(0) win 8192 11:04:09.198055 IP 10.194.1.155.https > 10.194.1.52.56389: R 0:0(0) ack 1 win 0 11:04:09.433433 IP 10.194.1.52.56387 > 10.194.1.155.https: S 2768861009:2768861009(0) win 8192 11:04:09.433483 IP 10.194.1.155.https > 10.194.1.52.56387: R 0:0(0) ack 1 win 0 11:04:09.433488 IP 10.194.1.52.56388 > 10.194.1.155.https: S 3343896122:3343896122(0) win 8192 11:04:09.433499 IP 10.194.1.155.https > 10.194.1.52.56388: R 0:0(0) ack 1 win 0 11:04:09.696840 IP 10.194.1.52.56389 > 10.194.1.155.https: S 2484741480:2484741480(0) win 8192 11:04:09.696866 IP 10.194.1.155.https > 10.194.1.52.56389: R 0:0(0) ack 1 win 0
Michael_Saleem1Cirrus
- Is there at least one pool member showing as
?available - Do you have SNAT enabled on the virtual server?
Could you please provide the virtual server and pool configuration please?
tmsh list ltm virtualtmsh list ltm pool- Is there at least one pool member showing as
- shantidutbansod
Hello, Following are the outputs, I just changed some if the names from the output. I have a working different VIP with this same exact config on this same device.
ltm virtual VPN { description VPN_VS destination 10.194.1.155:https fallback-persistence ABC_desti ip-protocol tcp mask 255.255.255.255 persist { ABC_source { default yes } } pool XYZ profiles { clientssl { context clientside } tcp { } } source 0.0.0.0/0 source-address-translation { type automap } vs-index 21 }
(tmos) list ltm pool XYZ ltm pool XYZ { description "ABC Production" members { AEABUABCAPP01.FGHDJ.COM:hosts2-ns { address 10.194.1.176 session monitor-enabled state up } aeabuABCapp02.FGHDJ.com:hosts2-ns { address 10.194.1.177 session monitor-enabled state up } } monitor http }
- Yoann_Le_Corvi1
Cumulonimbus
Hi
Many different factors can cause reset packet to be sent by Big IP. Instead of listing them all here, have a look at this :https://support.f5.com/csp/article/K9812
If nothing obvious comes out, enable RST packet login
modify /sys db tm.rstcause.log value enable
And provide the output from /var/log/ltm here.
Thanks
Luke_W_386520Hello shantidutbansode2
From your output, I can see that you do not have an HTTP profile (Layer 7 Inspection) on your VS. Try adding the HTTP profile to your VS and see if this helps.
tmsh modify ltm virtual VPN profiles add { http }