Forum Discussion

Jim_Betts_47293's avatar
Jim_Betts_47293
Icon for Nimbostratus rankNimbostratus
Dec 14, 2007

Outbound routing creates connections that never clear

Hello:

 

 

I installed my shiny new GTM/LTM last Sunday and things looked pretty good until yesterday afternoon.

 

 

I noticed on the Performance->Active Connections graph that there was a constant upward trend over the week. Yesterday it reached about 180K requests and consequently (I suspect this way why) the system rebooted itself - not cool in the middle of the work day.

 

 

I have defined a Local Traffic Pool with my two edge routers. I have set this as the "Default IPv4" destination under Network->Routes. This may be of no consequence but I defined separate VLANs for the edge routers - since they are different subnets this seemed logical.

 

 

Also per the docs I defined a wildcard virtual server (0.0.0.0:0) and assigned it to my internal VLAN. I'm not sure what this is doing for me as it has no pool or rule attached to it but I'm almost to the point of sprinkling chicken blood on it while chanting Yellow Submarine lyrics backwards.

 

 

Also, could I be looking at this from the wrong direction? Is it possibly my inbound traffic that is driving up the connection count? My site isn't one that people would stay connected to for more than an hour at the absolute tops.
config
design
  • Deb_Allen_18's avatar
    Deb_Allen_18
    Jan 31, 2008
    Aaron is right, this pattern smacks of indefinite reaper timeout. Check to make sure the timeout on the tcp profile isn't set to 0/indefinite.

     

     

    /deb
  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Dec 14, 2007
    Open a case with support on this. Check /var/core/ to see what process crashed.
  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Dec 14, 2007
    BTW, the route dictates where the LTM sends the traffic, the virtual forwarder 0.0.0.0/0 is required to allow the traffic to flow. In version 9, the F5 is a default-deny box, so any desired flows need permission, even if routes are present.
  • Jim_Betts_47293's avatar
    Jim_Betts_47293
    Icon for Nimbostratus rankNimbostratus
    Dec 14, 2007
    I have an open support case - the guy that is working on it seems to be more of an LTM person - not really familiar with GTM issues.

     

     

    There was no file in /var/core and nothing in the logs that indicated any error.
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Dec 18, 2007
    Is there a corresponding upward trend in memory consumption along with the increasing connection count? What was the TMM memory usage at when the restart happened?

    Out of curiosity, on the wildcard VIP's fastL4 profile, what is the timeout set to? I hope not indefinite. If you look at the 'b conn all show all' output, what are the majority of the connections you see? What are the idle count and idle timeout values for the connections?

    In this example, the idle count is 11 seconds and the timeout is 300:

    
VIRTUAL 1.2.3.241:ssh <-> NODE 1.2.3.246.241:ssh   LOCAL
    CLIENTSIDE 2.1.45.39:squid <-> 2.81.246.241:ssh
        (pkts,bits) in = (55, 58928), out = (47, 53584)
    SERVERSIDE 2.1.45.39:squid <-> 2.81.246.241:ssh
        (pkts,bits) in = (47, 53584), out = (55, 58928)
    PROTOCOL tcp   UNIT 0   IDLE 11 (300)   LASTHOP 4094 00:fc:0f:2c:bc:00

    Aaron
  • zak_thompson_86's avatar
    zak_thompson_86
    Icon for Nimbostratus rankNimbostratus
    Jan 24, 2008
    Running performance http?

     

     

    CR92810 , "fasthttp client FIN retransmission should be bounded".

     

     

    we had a similar problem and crahsed tmm a few times. now we have a CR in and waiting for a hotfixl.
  • Deb_Allen_18's avatar
    Deb_Allen_18
    Historic F5 Account
    Jan 31, 2008
    Aaron is right, this pattern smacks of indefinite reaper timeout. Check to make sure the timeout on the tcp profile isn't set to 0/indefinite.

     

     

    /deb