For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Eridano_Di_Piet's avatar
Eridano_Di_Piet
Icon for Nimbostratus rankNimbostratus
Oct 21, 2010

Reset from VS

Hi all,

 

we have a BIG-IP running 9.3.1 and we're experiencing the following problem:

 

a VS is generating and sending TCP segments to clients from time to time but we can't understand why.

 

VS is configured as follows:

 

 

virtual VS {

 

destination A.B.C.D:8180

 

ip protocol tcp

 

profile http oneconnect tcp-lan-optimized

 

pool P1

 

}

 

 

pool P1 {

 

snat disable

 

monitor all http

 

member 10.15.121.103:8180

 

member 10.15.121.109:8180

 

}

 

 

clients (which are in a different vlan behind the LB) produce a big amount of traffic hitting the VS but the issue pops up just for a few connections from time to time.

 

It shouldn't be due to timeout and also we didn't notice any server down event when the reset segments were sent.

 

I checked all cases when reset are sent, but nothing seems to match to what we have in place.

 

Is it possible to create an iRule which logs the reset frames or explains somehow the reason of it?.

 

The LB_FAILED event shouldn't occur since we can't see any server down event in logs.

 

Thanks in advance for your help

 

config
design

2 Replies

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Oct 21, 2010
    Hi Eridano,

     

     

    When you say TCP segments, what do you mean? Is LTM sending a RST to the client? If so, do you see a corresponding RST coming from the serverside? I'd suggest capturing a tcpdump with the client and serverside traffic together to compare what's happening on both sides of LTM. If you need help capturing or analyzing TCP dumps, you can check the following solution or open a case with F5 Support:

     

     

    SOL411: Overview of packet tracing with the tcpdump utility

     

    http://support.f5.com/kb/en-us/solutions/public/0000/400/sol411.html

     

     

    Note that it is not possible to use an iRule to log TCP flags on individual packets.

     

     

    Aaron
  • Eridano_Di_Piet's avatar
    Eridano_Di_Piet
    Icon for Nimbostratus rankNimbostratus
    Oct 22, 2010
    Hi Hoolio,

     

    we have already snooped both on clientside and serverside: we didn't notice any TCP RST coming from servers so it seems that it is the LTM itself generating them.

     

    It happens from time to time, consider that we had just 5 resets on about 1 million connections, but when it happens we loose traffic so it's not acceptable.

     

    We tried to avoid using oneconnect, but resets are still present.

     

    Thanks for your help.