Forum Discussion
swo0sh_gt_13163
Altostratus
AltostratusStandby Appliance receives HTTP Requests.
Hello Pros,
I am working on a weird issue. Where customer is using BigIP 8900 11.2.1 HF10. While performing health-check for a customer, I observed that standby unit was showing some HTTP Connection in the QKview graphs.
Since it is standby unit, it was a little surprising, and I requested for a remote session to validate the issue. I found that a few VS were showing "current connection" count to 2 or 5 in VS Statistics.
Just out of curiosity I want to know that under which circumstances we can see such result?
Thank you, Darshan
ShirazHi Nitass,
I am using connection mirroring and I see the same number of connections for virtual servers on both standby and active units. I also checked using the tcpdump command and found that on standby device, I see all the IN packets and on active IN and OUT Packets. Is this normal to even have the packets flow replicated on standby units when we have connection mirroring?
Regards,
Mohammed
- Shiraz
Hi Nitass,
I am using connection mirroring and I see the same number of connections for virtual servers on both standby and active units. I also checked using the tcpdump command and found that on standby device, I see all the IN packets and on active IN and OUT Packets. Is this normal to even have the packets flow replicated on standby usnits when we have connection mirroring?
Mohammed
swo0sh_gt_13163Thanks Nitass!
- nitass
Employee
What would be the impact of this configuration? If I only enable it in HA settings, but not on any VS or other objects.
i understand connection is not mirrored until mirroring is enabled on virtual server.
Apart from Mirroring, what else could be the possibility of this issue?
not off top of my head. anyway, let us see what others say.
- swo0sh_gt_13163
Hello Nitass,
Nope, no connection mirroring is enabled on any of the VS/Persistence. However it seems enabled in HA configuration.
What would be the impact of this configuration? If I only enable it in HA settings, but not on any VS or other objects.
Apart from Mirroring, what else could be the possibility of this issue?
Thank you, Darshan
nitass_89166Noctilucent
are you using connection mirroring?
e.g.
configuration [root@ve11a:Active:In Sync] config tmsh list ltm virtual bar ltm virtual bar { destination 172.28.24.10:80 ip-protocol tcp mask 255.255.255.255 mirror enabled pool foo profiles { http { } tcp { } } rules { qux } source 0.0.0.0/0 source-address-translation { type automap } vs-index 12 } [root@ve11a:Active:In Sync] config tmsh list ltm rule qux ltm rule qux { when HTTP_REQUEST { log local0. "hostname: [info hostname] \ active: [HA::status active] standby: [HA::status standby] \ client: [IP::client_addr]:[TCP::client_port]" } when HTTP_RESPONSE { log local0. "hostname: [info hostname] \ active: [HA::status active] standby: [HA::status standby] \ client: [IP::client_addr]:[TCP::client_port]" } } active root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) show ltm virtual bar raw (raw) ------------------------------------------------------------------ Ltm::Virtual Server: bar ------------------------------------------------------------------ Status Availability : unknown State : enabled Reason : The children pool member(s) either don't have service checking enabled, or service check results are not available yet CMP : enabled CMP Mode : all-cpus Destination : 172.28.24.10:80 Traffic ClientSide Ephemeral General Bits In 3312 0 - Bits Out 4320 0 - Packets In 6 0 - Packets Out 5 0 - Current Connections 0 0 - Maximum Connections 1 0 - Total Connections 1 0 - Evicted Connections 0 0 - Slow Connections Killed 0 0 - Min Conn Duration/msec - - 169 Max Conn Duration/msec - - 169 Mean Conn Duration/msec - - 169 Total Requests - - 1 SYN Cookies Status not-activated Hardware SYN Cookie Instances 0 Software SYN Cookie Instances 0 Current SYN Cache 0 SYN Cache Overflow 0 Total Software 0 Total Software Accepted 0 Total Software Rejected 0 Total Hardware 0 Total Hardware Accepted 0 CPU Usage Ratio (%) Last 5 Seconds 0 Last 1 Minute 0 Last 5 Minutes 0 [root@ve11a:Active:In Sync] config tail -f /var/log/ltm Dec 21 23:14:27 ve11a info tmm1[14890]: Rule /Common/qux : hostname: ve11a.acme.local active: 1 standby: 0 client: 172.28.24.1:57671 Dec 21 23:14:27 ve11a info tmm1[14890]: Rule /Common/qux : hostname: ve11a.acme.local active: 1 standby: 0 client: 172.28.24.1:57671 standby root@(ve11b)(cfg-sync In Sync)(Standby)(/Common)(tmos) show ltm virtual bar raw (raw) ------------------------------------------------------------------ Ltm::Virtual Server: bar ------------------------------------------------------------------ Status Availability : unknown State : enabled Reason : The children pool member(s) either don't have service checking enabled, or service check results are not available yet CMP : enabled CMP Mode : all-cpus Destination : 172.28.24.10:80 Traffic ClientSide Ephemeral General Bits In 3312 0 - Bits Out 0 0 - Packets In 6 0 - Packets Out 0 0 - Current Connections 0 0 - Maximum Connections 1 0 - Total Connections 1 0 - Evicted Connections 0 0 - Slow Connections Killed 0 0 - Min Conn Duration/msec - - 268 Max Conn Duration/msec - - 268 Mean Conn Duration/msec - - 268 Total Requests - - 1 SYN Cookies Status not-activated Hardware SYN Cookie Instances 0 Software SYN Cookie Instances 0 Current SYN Cache 0 SYN Cache Overflow 0 Total Software 0 Total Software Accepted 0 Total Software Rejected 0 Total Hardware 0 Total Hardware Accepted 0 CPU Usage Ratio (%) Last 5 Seconds 0 Last 1 Minute 0 Last 5 Minutes 0 [root@ve11b:Standby:In Sync] config tail -f /var/log/ltm Dec 21 23:14:27 ve11b info tmm1[14917]: Rule /Common/qux : hostname: ve11b.acme.local active: 0 standby: 1 client: 172.28.24.1:57671 Dec 21 23:14:27 ve11b info tmm1[14917]: Rule /Common/qux : hostname: ve11b.acme.local active: 0 standby: 1 client: 172.28.24.1:57671- Shiraz_84431
Nimbostratus
Hi Nitass,
I am using connection mirroring and I see the same number of connections for virtual servers on both standby and active units. I also checked using the tcpdump command and found that on standby device, I see all the IN packets and on active IN and OUT Packets. Is this normal to even have the packets flow replicated on standby units when we have connection mirroring?
Regards,
Mohammed
- Shiraz_84431
Hi Nitass,
I am using connection mirroring and I see the same number of connections for virtual servers on both standby and active units. I also checked using the tcpdump command and found that on standby device, I see all the IN packets and on active IN and OUT Packets. Is this normal to even have the packets flow replicated on standby usnits when we have connection mirroring?
Mohammed
- nitass
are you using connection mirroring?
e.g.
configuration [root@ve11a:Active:In Sync] config tmsh list ltm virtual bar ltm virtual bar { destination 172.28.24.10:80 ip-protocol tcp mask 255.255.255.255 mirror enabled pool foo profiles { http { } tcp { } } rules { qux } source 0.0.0.0/0 source-address-translation { type automap } vs-index 12 } [root@ve11a:Active:In Sync] config tmsh list ltm rule qux ltm rule qux { when HTTP_REQUEST { log local0. "hostname: [info hostname] \ active: [HA::status active] standby: [HA::status standby] \ client: [IP::client_addr]:[TCP::client_port]" } when HTTP_RESPONSE { log local0. "hostname: [info hostname] \ active: [HA::status active] standby: [HA::status standby] \ client: [IP::client_addr]:[TCP::client_port]" } } active root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) show ltm virtual bar raw (raw) ------------------------------------------------------------------ Ltm::Virtual Server: bar ------------------------------------------------------------------ Status Availability : unknown State : enabled Reason : The children pool member(s) either don't have service checking enabled, or service check results are not available yet CMP : enabled CMP Mode : all-cpus Destination : 172.28.24.10:80 Traffic ClientSide Ephemeral General Bits In 3312 0 - Bits Out 4320 0 - Packets In 6 0 - Packets Out 5 0 - Current Connections 0 0 - Maximum Connections 1 0 - Total Connections 1 0 - Evicted Connections 0 0 - Slow Connections Killed 0 0 - Min Conn Duration/msec - - 169 Max Conn Duration/msec - - 169 Mean Conn Duration/msec - - 169 Total Requests - - 1 SYN Cookies Status not-activated Hardware SYN Cookie Instances 0 Software SYN Cookie Instances 0 Current SYN Cache 0 SYN Cache Overflow 0 Total Software 0 Total Software Accepted 0 Total Software Rejected 0 Total Hardware 0 Total Hardware Accepted 0 CPU Usage Ratio (%) Last 5 Seconds 0 Last 1 Minute 0 Last 5 Minutes 0 [root@ve11a:Active:In Sync] config tail -f /var/log/ltm Dec 21 23:14:27 ve11a info tmm1[14890]: Rule /Common/qux : hostname: ve11a.acme.local active: 1 standby: 0 client: 172.28.24.1:57671 Dec 21 23:14:27 ve11a info tmm1[14890]: Rule /Common/qux : hostname: ve11a.acme.local active: 1 standby: 0 client: 172.28.24.1:57671 standby root@(ve11b)(cfg-sync In Sync)(Standby)(/Common)(tmos) show ltm virtual bar raw (raw) ------------------------------------------------------------------ Ltm::Virtual Server: bar ------------------------------------------------------------------ Status Availability : unknown State : enabled Reason : The children pool member(s) either don't have service checking enabled, or service check results are not available yet CMP : enabled CMP Mode : all-cpus Destination : 172.28.24.10:80 Traffic ClientSide Ephemeral General Bits In 3312 0 - Bits Out 0 0 - Packets In 6 0 - Packets Out 0 0 - Current Connections 0 0 - Maximum Connections 1 0 - Total Connections 1 0 - Evicted Connections 0 0 - Slow Connections Killed 0 0 - Min Conn Duration/msec - - 268 Max Conn Duration/msec - - 268 Mean Conn Duration/msec - - 268 Total Requests - - 1 SYN Cookies Status not-activated Hardware SYN Cookie Instances 0 Software SYN Cookie Instances 0 Current SYN Cache 0 SYN Cache Overflow 0 Total Software 0 Total Software Accepted 0 Total Software Rejected 0 Total Hardware 0 Total Hardware Accepted 0 CPU Usage Ratio (%) Last 5 Seconds 0 Last 1 Minute 0 Last 5 Minutes 0 [root@ve11b:Standby:In Sync] config tail -f /var/log/ltm Dec 21 23:14:27 ve11b info tmm1[14917]: Rule /Common/qux : hostname: ve11b.acme.local active: 0 standby: 1 client: 172.28.24.1:57671 Dec 21 23:14:27 ve11b info tmm1[14917]: Rule /Common/qux : hostname: ve11b.acme.local active: 0 standby: 1 client: 172.28.24.1:57671- Shiraz_84431
Hi Nitass,
I am using connection mirroring and I see the same number of connections for virtual servers on both standby and active units. I also checked using the tcpdump command and found that on standby device, I see all the IN packets and on active IN and OUT Packets. Is this normal to even have the packets flow replicated on standby units when we have connection mirroring?
Regards,
Mohammed
- Shiraz_84431
Hi Nitass,
I am using connection mirroring and I see the same number of connections for virtual servers on both standby and active units. I also checked using the tcpdump command and found that on standby device, I see all the IN packets and on active IN and OUT Packets. Is this normal to even have the packets flow replicated on standby usnits when we have connection mirroring?
Mohammed