Forum Discussion

swo0sh_gt_13163's avatar
swo0sh_gt_13163
Icon for Altostratus rankAltostratus
Dec 21, 2014

Standby Appliance receives HTTP Requests.

Hello Pros,

 

I am working on a weird issue. Where customer is using BigIP 8900 11.2.1 HF10. While performing health-check for a customer, I observed that standby unit was showing some HTTP Connection in the QKview graphs.

 

Since it is standby unit, it was a little surprising, and I requested for a remote session to validate the issue. I found that a few VS were showing "current connection" count to 2 or 5 in VS Statistics.

 

 

Just out of curiosity I want to know that under which circumstances we can see such result?

 

Thank you, Darshan

 

  • are you using connection mirroring?

    e.g.

     configuration
    
    [root@ve11a:Active:In Sync] config  tmsh list ltm virtual bar
    ltm virtual bar {
        destination 172.28.24.10:80
        ip-protocol tcp
        mask 255.255.255.255
        mirror enabled
        pool foo
        profiles {
            http { }
            tcp { }
        }
        rules {
            qux
        }
        source 0.0.0.0/0
        source-address-translation {
            type automap
        }
        vs-index 12
    }
    [root@ve11a:Active:In Sync] config  tmsh list ltm rule qux
    ltm rule qux {
        when HTTP_REQUEST {
      log local0. "hostname: [info hostname] \
        active: [HA::status active] standby: [HA::status standby] \
        client: [IP::client_addr]:[TCP::client_port]"
    }
    when HTTP_RESPONSE {
      log local0. "hostname: [info hostname] \
        active: [HA::status active] standby: [HA::status standby] \
        client: [IP::client_addr]:[TCP::client_port]"
    }
    }
    
     active
    
    root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) show ltm virtual bar raw
    
     (raw)
    ------------------------------------------------------------------
    Ltm::Virtual Server: bar
    ------------------------------------------------------------------
    Status
      Availability     : unknown
      State            : enabled
      Reason           : The children pool member(s) either don't have service checking enabled, or service check results are not available yet
      CMP              : enabled
      CMP Mode         : all-cpus
      Destination      : 172.28.24.10:80
    
    Traffic                             ClientSide  Ephemeral  General
      Bits In                                 3312          0        -
      Bits Out                                4320          0        -
      Packets In                                 6          0        -
      Packets Out                                5          0        -
      Current Connections                        0          0        -
      Maximum Connections                        1          0        -
      Total Connections                          1          0        -
      Evicted Connections                        0          0        -
      Slow Connections Killed                    0          0        -
      Min Conn Duration/msec                     -          -      169
      Max Conn Duration/msec                     -          -      169
      Mean Conn Duration/msec                    -          -      169
      Total Requests                             -          -        1
    
    SYN Cookies
      Status                         not-activated
      Hardware SYN Cookie Instances              0
      Software SYN Cookie Instances              0
      Current SYN Cache                          0
      SYN Cache Overflow                         0
      Total Software                             0
      Total Software Accepted                    0
      Total Software Rejected                    0
      Total Hardware                             0
      Total Hardware Accepted                    0
    
    CPU Usage Ratio (%)
      Last 5 Seconds                             0
      Last 1 Minute                              0
      Last 5 Minutes                             0
    
    [root@ve11a:Active:In Sync] config  tail -f /var/log/ltm
    Dec 21 23:14:27 ve11a info tmm1[14890]: Rule /Common/qux : hostname: ve11a.acme.local  active: 1 standby: 0  client: 172.28.24.1:57671
    Dec 21 23:14:27 ve11a info tmm1[14890]: Rule /Common/qux : hostname: ve11a.acme.local  active: 1 standby: 0  client: 172.28.24.1:57671
    
     standby
    
    root@(ve11b)(cfg-sync In Sync)(Standby)(/Common)(tmos) show ltm virtual bar raw
    
     (raw)
    ------------------------------------------------------------------
    Ltm::Virtual Server: bar
    ------------------------------------------------------------------
    Status
      Availability     : unknown
      State            : enabled
      Reason           : The children pool member(s) either don't have service checking enabled, or service check results are not available yet
      CMP              : enabled
      CMP Mode         : all-cpus
      Destination      : 172.28.24.10:80
    
    Traffic                             ClientSide  Ephemeral  General
      Bits In                                 3312          0        -
      Bits Out                                   0          0        -
      Packets In                                 6          0        -
      Packets Out                                0          0        -
      Current Connections                        0          0        -
      Maximum Connections                        1          0        -
      Total Connections                          1          0        -
      Evicted Connections                        0          0        -
      Slow Connections Killed                    0          0        -
      Min Conn Duration/msec                     -          -      268
      Max Conn Duration/msec                     -          -      268
      Mean Conn Duration/msec                    -          -      268
      Total Requests                             -          -        1
    
    SYN Cookies
      Status                         not-activated
      Hardware SYN Cookie Instances              0
      Software SYN Cookie Instances              0
      Current SYN Cache                          0
      SYN Cache Overflow                         0
      Total Software                             0
      Total Software Accepted                    0
      Total Software Rejected                    0
      Total Hardware                             0
      Total Hardware Accepted                    0
    
    CPU Usage Ratio (%)
      Last 5 Seconds                             0
      Last 1 Minute                              0
      Last 5 Minutes                             0
    
    [root@ve11b:Standby:In Sync] config  tail -f /var/log/ltm
    Dec 21 23:14:27 ve11b info tmm1[14917]: Rule /Common/qux : hostname: ve11b.acme.local  active: 0 standby: 1  client: 172.28.24.1:57671
    Dec 21 23:14:27 ve11b info tmm1[14917]: Rule /Common/qux : hostname: ve11b.acme.local  active: 0 standby: 1  client: 172.28.24.1:57671
    
    • Shiraz_84431's avatar
      Shiraz_84431
      Icon for Nimbostratus rankNimbostratus

      Hi Nitass,

       

      I am using connection mirroring and I see the same number of connections for virtual servers on both standby and active units. I also checked using the tcpdump command and found that on standby device, I see all the IN packets and on active IN and OUT Packets. Is this normal to even have the packets flow replicated on standby usnits when we have connection mirroring?

       

      Mohammed

       

    • Shiraz_84431's avatar
      Shiraz_84431
      Icon for Nimbostratus rankNimbostratus

      Hi Nitass,

       

      I am using connection mirroring and I see the same number of connections for virtual servers on both standby and active units. I also checked using the tcpdump command and found that on standby device, I see all the IN packets and on active IN and OUT Packets. Is this normal to even have the packets flow replicated on standby units when we have connection mirroring?

       

      Regards,

       

      Mohammed

       

  • are you using connection mirroring?

    e.g.

     configuration
    
    [root@ve11a:Active:In Sync] config  tmsh list ltm virtual bar
    ltm virtual bar {
        destination 172.28.24.10:80
        ip-protocol tcp
        mask 255.255.255.255
        mirror enabled
        pool foo
        profiles {
            http { }
            tcp { }
        }
        rules {
            qux
        }
        source 0.0.0.0/0
        source-address-translation {
            type automap
        }
        vs-index 12
    }
    [root@ve11a:Active:In Sync] config  tmsh list ltm rule qux
    ltm rule qux {
        when HTTP_REQUEST {
      log local0. "hostname: [info hostname] \
        active: [HA::status active] standby: [HA::status standby] \
        client: [IP::client_addr]:[TCP::client_port]"
    }
    when HTTP_RESPONSE {
      log local0. "hostname: [info hostname] \
        active: [HA::status active] standby: [HA::status standby] \
        client: [IP::client_addr]:[TCP::client_port]"
    }
    }
    
     active
    
    root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) show ltm virtual bar raw
    
     (raw)
    ------------------------------------------------------------------
    Ltm::Virtual Server: bar
    ------------------------------------------------------------------
    Status
      Availability     : unknown
      State            : enabled
      Reason           : The children pool member(s) either don't have service checking enabled, or service check results are not available yet
      CMP              : enabled
      CMP Mode         : all-cpus
      Destination      : 172.28.24.10:80
    
    Traffic                             ClientSide  Ephemeral  General
      Bits In                                 3312          0        -
      Bits Out                                4320          0        -
      Packets In                                 6          0        -
      Packets Out                                5          0        -
      Current Connections                        0          0        -
      Maximum Connections                        1          0        -
      Total Connections                          1          0        -
      Evicted Connections                        0          0        -
      Slow Connections Killed                    0          0        -
      Min Conn Duration/msec                     -          -      169
      Max Conn Duration/msec                     -          -      169
      Mean Conn Duration/msec                    -          -      169
      Total Requests                             -          -        1
    
    SYN Cookies
      Status                         not-activated
      Hardware SYN Cookie Instances              0
      Software SYN Cookie Instances              0
      Current SYN Cache                          0
      SYN Cache Overflow                         0
      Total Software                             0
      Total Software Accepted                    0
      Total Software Rejected                    0
      Total Hardware                             0
      Total Hardware Accepted                    0
    
    CPU Usage Ratio (%)
      Last 5 Seconds                             0
      Last 1 Minute                              0
      Last 5 Minutes                             0
    
    [root@ve11a:Active:In Sync] config  tail -f /var/log/ltm
    Dec 21 23:14:27 ve11a info tmm1[14890]: Rule /Common/qux : hostname: ve11a.acme.local  active: 1 standby: 0  client: 172.28.24.1:57671
    Dec 21 23:14:27 ve11a info tmm1[14890]: Rule /Common/qux : hostname: ve11a.acme.local  active: 1 standby: 0  client: 172.28.24.1:57671
    
     standby
    
    root@(ve11b)(cfg-sync In Sync)(Standby)(/Common)(tmos) show ltm virtual bar raw
    
     (raw)
    ------------------------------------------------------------------
    Ltm::Virtual Server: bar
    ------------------------------------------------------------------
    Status
      Availability     : unknown
      State            : enabled
      Reason           : The children pool member(s) either don't have service checking enabled, or service check results are not available yet
      CMP              : enabled
      CMP Mode         : all-cpus
      Destination      : 172.28.24.10:80
    
    Traffic                             ClientSide  Ephemeral  General
      Bits In                                 3312          0        -
      Bits Out                                   0          0        -
      Packets In                                 6          0        -
      Packets Out                                0          0        -
      Current Connections                        0          0        -
      Maximum Connections                        1          0        -
      Total Connections                          1          0        -
      Evicted Connections                        0          0        -
      Slow Connections Killed                    0          0        -
      Min Conn Duration/msec                     -          -      268
      Max Conn Duration/msec                     -          -      268
      Mean Conn Duration/msec                    -          -      268
      Total Requests                             -          -        1
    
    SYN Cookies
      Status                         not-activated
      Hardware SYN Cookie Instances              0
      Software SYN Cookie Instances              0
      Current SYN Cache                          0
      SYN Cache Overflow                         0
      Total Software                             0
      Total Software Accepted                    0
      Total Software Rejected                    0
      Total Hardware                             0
      Total Hardware Accepted                    0
    
    CPU Usage Ratio (%)
      Last 5 Seconds                             0
      Last 1 Minute                              0
      Last 5 Minutes                             0
    
    [root@ve11b:Standby:In Sync] config  tail -f /var/log/ltm
    Dec 21 23:14:27 ve11b info tmm1[14917]: Rule /Common/qux : hostname: ve11b.acme.local  active: 0 standby: 1  client: 172.28.24.1:57671
    Dec 21 23:14:27 ve11b info tmm1[14917]: Rule /Common/qux : hostname: ve11b.acme.local  active: 0 standby: 1  client: 172.28.24.1:57671
    
    • Shiraz_84431's avatar
      Shiraz_84431
      Icon for Nimbostratus rankNimbostratus

      Hi Nitass,

       

      I am using connection mirroring and I see the same number of connections for virtual servers on both standby and active units. I also checked using the tcpdump command and found that on standby device, I see all the IN packets and on active IN and OUT Packets. Is this normal to even have the packets flow replicated on standby usnits when we have connection mirroring?

       

      Mohammed

       

    • Shiraz_84431's avatar
      Shiraz_84431
      Icon for Nimbostratus rankNimbostratus

      Hi Nitass,

       

      I am using connection mirroring and I see the same number of connections for virtual servers on both standby and active units. I also checked using the tcpdump command and found that on standby device, I see all the IN packets and on active IN and OUT Packets. Is this normal to even have the packets flow replicated on standby units when we have connection mirroring?

       

      Regards,

       

      Mohammed

       

  • Hello Nitass,

     

    Nope, no connection mirroring is enabled on any of the VS/Persistence. However it seems enabled in HA configuration.

     

    What would be the impact of this configuration? If I only enable it in HA settings, but not on any VS or other objects.

     

    Apart from Mirroring, what else could be the possibility of this issue?

     

    Thank you, Darshan

     

  • What would be the impact of this configuration? If I only enable it in HA settings, but not on any VS or other objects.

     

    i understand connection is not mirrored until mirroring is enabled on virtual server.

     

    Apart from Mirroring, what else could be the possibility of this issue?

     

    not off top of my head. anyway, let us see what others say.

     

  • Hi Nitass,

     

    I am using connection mirroring and I see the same number of connections for virtual servers on both standby and active units. I also checked using the tcpdump command and found that on standby device, I see all the IN packets and on active IN and OUT Packets. Is this normal to even have the packets flow replicated on standby usnits when we have connection mirroring?

     

    Mohammed

     

  • Hi Nitass,

     

    I am using connection mirroring and I see the same number of connections for virtual servers on both standby and active units. I also checked using the tcpdump command and found that on standby device, I see all the IN packets and on active IN and OUT Packets. Is this normal to even have the packets flow replicated on standby units when we have connection mirroring?

     

    Regards,

     

    Mohammed