Reset from VS

Question

Hi all,
&nbsp;we have a BIG-IP running 9.3.1 and we're experiencing the following problem:
&nbsp;a VS is generating and sending TCP segments to clients from time to time but we can't understand why.
&nbsp;VS is configured as follows:&nbsp;
&nbsp;virtual VS {
&nbsp;   destination A.B.C.D:8180
&nbsp;   ip protocol tcp
&nbsp;   profile http oneconnect tcp-lan-optimized
&nbsp;   pool P1
&nbsp;}&nbsp;
&nbsp;pool P1 {
&nbsp;   snat disable
&nbsp;   monitor all http
&nbsp;   member 10.15.121.103:8180
&nbsp;   member 10.15.121.109:8180
&nbsp;}&nbsp;
&nbsp;clients (which are in a different vlan behind the LB) produce a big amount of traffic hitting the VS but the issue pops up just for a few connections from time to time.
&nbsp;It shouldn't be due to timeout and also we didn't notice any server down event when the reset segments were sent.
&nbsp;I checked all cases when reset are sent, but nothing seems to match to what we have in place.
&nbsp;Is it possible to create an iRule which logs the reset frames or explains somehow the reason of it?.
&nbsp;The LB_FAILED event shouldn't occur since we can't see any server down event in logs.
&nbsp;Thanks in advance for your help&nbsp;

hoolio · Answer

Hi Eridano, 
&nbsp;  
&nbsp; When you say TCP segments, what do you mean?  Is LTM sending a RST to the client?  If so, do you see a corresponding RST coming from the serverside?  I'd suggest capturing a tcpdump with the client and serverside traffic together to compare what's happening on both sides of LTM.  If you need help capturing or analyzing TCP dumps, you can check the following solution or open a case with F5 Support: 
&nbsp;  
&nbsp; SOL411: Overview of packet tracing with the tcpdump utility  
&nbsp; http://support.f5.com/kb/en-us/solutions/public/0000/400/sol411.html 
&nbsp;  
&nbsp; Note that it is not possible to use an iRule to log TCP flags on individual packets. 
&nbsp;  
&nbsp; Aaron

eridano_di_piet · Answer

Hi Hoolio,
&nbsp;we have already snooped both on clientside and serverside: we didn't notice any TCP RST coming from servers so it seems that it is the LTM itself generating them.
&nbsp;It happens from time to time, consider that we had just 5 resets on about 1 million connections, but when it happens we loose traffic so it's not acceptable.
&nbsp;We tried to avoid using oneconnect, but resets are still present.
&nbsp;Thanks for your help.&nbsp;

Forum Discussion

Reset from VS

Recent Discussions

XC Bot defense question

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

NetScaler to F5 Migration

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Related Content

BIGIP resets connecion

F5 Big-IP i4600 Root Password Reset

Reset Trust after upgrade

Wrong Key GUI , Can't reset BIG-IP to factory defaults

TCP Connection Reset between VIP and Client

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS