Forum Discussion

adick's avatar
adick
Icon for Nimbostratus rankNimbostratus
Feb 09, 2024

TCL errors

Hey Team, We are experiencing some TCL errors with one of our iRules.   I didn't build the iRule, but have inherited it from a past engineer, so I don't have a ton of knowledge on the specifics, bu...
application delivery
KeesvandenBos's avatar
KeesvandenBos
Icon for MVP rankMVP
Feb 09, 2024

Hi,

The error occurs when the rule1_msg1 variable is empty.
This could happen if a client doesn't complete the 3way handshake and send a reset. Then the CLIENT_CLOSE event is hit without the client sending any data, leaving rule1_msg1 being never created in the other events.

Maybe you can solve this by adding this line in the when RULE_INIT { section

when RULE_INIT {
    set static::http_rule1_dest ""
    set static::http_rule1_tmplt ""
    set rule1_msg1 ""
}

Hope it helps.

Cheers,

Kees

  • adick's avatar
    adick
    Icon for Nimbostratus rankNimbostratus
    Feb 09, 2024

    Thanks Kees!

    This seems to be a good solution.  

    Could there be other reasons the CLIENT_CLOSE event could get hit without the client sending data?  I'm wondering if this iRule could be causing any problems with the VIPs that it is configured on?  I heard from someone when you see TCL errors it usually means the VIP communication was cut off early.

    Or if because it only triggers on CLIENT_CLOSE maybe it is something where the client already had problems communicating and this is just the error that triggers when there is another issue present.

     

    Thanks

    • KeesvandenBos's avatar
      KeesvandenBos
      Icon for MVP rankMVP
      Feb 11, 2024

      Your welcome.

      CLIENT_CLOSED events gets triggers by the client ending the connection. And yes it is true, any TCL error will cause the Virtual Server to stop processing traffic.

      rule1_msg1 not being filled with data (and causing the TCL error) will only happen if a client doesn't send any data after the connection has been created, same for SERVER_CLOSED TCL error. If this irule is attached to a virtual server without a proxy profile (L7 connection) the BIG-IP will create the server connection the moment thhttps://my.f5.com/manage/s/article/K8082e client connection is completed. If the client doesn't send any data, in the end the pool member will close its connection with the BIG-IP.
      K8082 explains the differences between virtual server types.

      It could be a client issue causing these erros' Still it is better to first create an empty variable to make sure you do not run into issues.

      Cheers,
      Kees