Forum Discussion
Neeraj_Jags_152
Cirrus
CirrusRemode Desktop not Load Balancing Round Robin
I have F5 - LTM with below h/w CPU Status Index Temp(degC) Fan Speed(rpm) 1 33 15913
Platform Name C112 BIOS Revision OBJ-0433-xx Build: 1.12.137.0 10/30/2012 Base MAC 00:23:e9:70:d2:c0
-- in partition called = scms_prod created one Virtual Server = Type Standard for VIP on port 3389 as per the document from F5 http://www.f5.com/pdf/deployment-guides/f5-microsoft-remote-desktop-services-dg.pdf and having two Nodes with SNAT and Persistance Profile is rdp and NO-iRule Method- Round Robin. But connection on Pool are not load balancing . what could be the problem and how to troubleshoot.
Neeraj_Jags_152delete /ltm persistence persist-records mode msrdp virtual PIM-PSM-MGT_3389_vs
- Neeraj_Jags_152
hi mike, am I wrote the correct command , which you referring or something different ?
- Neeraj_Jags_152
Below output CMP enabled, do you think I should disable it?
show /ltm virtual PIM-PSM-MGT_3389_vs ------------------------------------------------------------------ Ltm::Virtual Server: PIM-PSM-MGT_3389_vs ------------------------------------------------------------------ Status Availability : available State : enabled Reason : The virtual server is available CMP : enabled CMP Mode : all-cpus Destination : VIP%2:3389 Traffic ClientSide Ephemeral General Bits In 114.0G 0 - Bits Out 271.1G 0 - Packets In 67.0M 0 - Packets Out 89.9M 0 - Current Connections 7 0 - Maximum Connections 81 0 - Total Connections 6.2K 0 - Min Conn Duration/msec - - 1.2K Max Conn Duration/msec - - 434.9M Mean Conn Duration/msec - - 17.7M Total Requests - - 0 SYN Cookies Status not-activated Hardware SYN Cookie Instances 0 Software SYN Cookie Instances 0 Current SYN Cache 0 SYN Cache Overflow 0 Total Software 0 Total Software Accepted 0 Total Software Rejected 520 Total Hardware 0 Total Hardware Accepted 0 CPU Usage Ratio (%) Last 5 Seconds 0 Last 1 Minute 0 Last 5 Minutes 0 (END) - Neeraj_Jags_152
I am still confused with number connections v/s persistent connection.
when I see the show ltm pool then I see the connections on node-1 = 45 and node-2 = 5, when I check the show /ltm persistence persist-records mode msrdp then see the only 7 lines.msrdp AVPR-PMPS VIP%2:3389 Node-1%2:3389 (tmm: 1) msrdp AVPR-PMPS VIP%2:3389 Node-1%2:3389 (tmm: 3) msrdp AVPR-PMPS VIP%2:3389 Node-1%2:3389 (tmm: 2) msrdp PSMConnec VIP%2:3389 Node-2%2:3389 (tmm: 0) msrdp PSMConnec VIP%2:3389 Node-2%2:3389 (tmm: 1) msrdp PSMConnec VIP%2:3389 Node-2%2:3389 (tmm: 2) msrdp PSMConnec VIP%2:3389 Node-2%2:3389 (tmm: 3)how to check with persistent connection have how many connections ? how to co relate them?
I think you may be running into this: https://support.f5.com/kb/en-us/solutions/public/9000/000/sol9093.html
Can you try testing with the domain name hardcoded into the .rdp file and see if you get more even load balancing?
Hi Neeraj,
the persistence table dump above actually only shows two persistence records for the persistence values of "AVPR-PMPS" and "PSMConnec".
The seven lines just display the retrieved entries from the different TMM instances (traffic management microkernel; it looks like you are running a system with 4 virtual cores tmm0 - tmm3).
The msrdp persistence profile looks for the client logon name (used to be stored in the MSTSHASH-cookie - if I remember right; you can track it in a tcpdump) and keeps it along with the mapping to one of the real servers selected initially in the persistence table.
Unfortunately the persistence value seems to be limited to eight characters only in your TMOS version and with a domain information as prefix to a logon name you may end up with a very small number of persistence table entries, as the trailing data (beyond the eight characters) is simply ignored for the load balancing / persistence decision .
As a result nearly each new incoming request seems to match an existing persistence records and will be forwarded to the related pool member.
This issue is not new and I would like you to raise a support case and a feature request, please.
Recently I tried to use "least connections" load balancing method with a customer. Unfortunately it seems the connection brokering forced the client to open a direct connection to the selected RDP server and the BIG-IP was bypassed. That´s why no current connections showed up in the pool member statistics and "least connections" selected always the first available pool member of the configuration as all members had the "same" number of connections (0) from the BIG-IP perspective.
Perhaps it was necessary to adjust settings on the terminal server client or the RDP server to get all connections "routed" through the BIG-IP but I had no chance to evaluate it by now. To achieve at least a distribution among the available RDP serves I configured "round robin".
Thanks, Stephan- Neeraj_Jags_152
Hi mike, I have gone through the link you provided and it was really addition to my knowledge, I tried as per the suggestion but did not see the domain entry in .rdp conf file.
- It may be controlled by an RDP client setting; I will test when I get a chance.
- Neeraj, what version of the RDP client are you using? I'm testing with a domain-joined Windows 8.1 machine and a non-domain Windows 7 machine, and I do not see the domain name being included in the msrdp persistence table entries.
- Neeraj_Jags_152Hi Mike, I got the where is a catch of domain name. it should be entered in computer name... xyz.domain-name. but here we are using destination as IP Based. communication thats why I think we are not required to enter domain name.
- Neeraj_Jags_152
Hi Stephan,
the description you provided , helped a lot to understand further.
you and mike both correct that it only carries 8 characters in name. Let me have tcpdump and try to dig/smell the cookie value for each connection.This is live/production environment and have lots of running connection already exist at anytime to make huge traffic. so in TCPDUMP I have to first catch , which is new connection and then have to follow the same connection where -which node it sent to ?
but my only worry is, how I will be able to get the clue that which new connection goes to which node from tcpdump ?
is it not possible to have each new connections for Virtual.IP:RDP goes to next node (round robin), irrespective of cookie.
.., Neeraj - Neeraj_Jags_152
Shall I disable the CMP,
will there be any negative impact or any service outage, if yes how much time ?- Hi Neeraj, from my perspective there is no reason to disable CMP. In current TMOS versions I won´t expect CMP related issues here. I just mentioned CMP to explain the multiple persistence table records. In case you disable CMP for a virtual server all related traffic will stick to tmm0 and might overload it. Thanks, Stephan
- Neeraj_Jags_152Yes Stephan, you correct , disabling CMP does not made scenario better. I though based on "https://support.f5.com/kb/en-us/solutions/public/14000/300/sol14358.html" this explanation, if I will disable the CMP atleast I will be able to understand if CMP is culprit. but here CMP is not the problem.... But problem still exist RDP is not load balancing for round robin..
- Neeraj_Jags_152
Stephan, I tried to edit the .rdp file and added below parameters one by one . Cookie: mstshash=UserName Cookie: mstshash=HName Cookie: msts=IpAddressAndPortNumber result. it worked - Cookie: mstshash=UserName, I get the username in tcpdump. however when I tried HName, I did get the domain name in tcpdump, but for rest of the parameter, I find in tcpdump only username by which user login. however still the load balancing did not worked. my BAD.- Hi Neeraj, thanks a lot for the update! As far as I understand, the mstshash cookie primarily helps to maintain persistency. So if you apply a msrdp persistence profile, the value of the mstshash cookie should be taken into account to select the poolmember. With this setting I would expect changed output when dumping the persistence table. The UserName provided by the cookie will hopefully show up as persistence key. Regarding the load balancing algorithm: When testing it a couple of weeks on customer site I observed a very similar effect. I assume, the session directory sends a kind of redirect to the mstsc client and due to the one-armed deployment the client connects directly to the target server. The question for me is about kind of load balancing and persistence algorithm on Microsoft side. To figure this out it would be necessary to monitor the connection distribution to the terminal servers as well. One more aspect on the load balancing method on the F5. The deployment guide recommends to use "least connections". In a one-armed deployment (as described above) the client seems to establish a direct connection to the terminal server and bypasses the load balancer. So the load balancer is not able to count current connections per pool member and "least connection" will simply result in always picking the first pool member in the list. That´s why I believe "round robin" fits better for a setup like this. In the next couple of weeks I will probably continue to work with my client on this subject and I will keep you posted. Thanks again, Stephan
