TCP monitor on two nodes fail erratically

Question

Good day,&nbsp;
We have a setup of consisting of four LTM's, two for external clients in a dmz, two for internal clients on the local network. 
Only the internal devices are in a HA group.&nbsp;
Currently some of our external clients need to be redirected to applications on the internal network.&nbsp;
Configuration of external application:
External listener
Pool with internal node pointing to internal listener/VS
Node which is the internal VS
We are using icmp/tcp_half_open as part of testing/monitoring&nbsp;
The external VS server runs for days and then fails.
Once it failed we disable the node and enable it which marks the monitor as up, it can run for hours/minutes/days and eventually fails again.
According to logs we can't reach it via icmp. 
My first feeling was network related however we have multiple applications created on the same VLAN identical to the troublesome VIP's monitoring with icmp.&nbsp;
Any suggestions?&nbsp;

mvdg · Answer

Hi,&nbsp;
The best way to investigate this issue is creating tcpdumps on both external and internal F5 devices. When it fails, do you see the external F5 send an ICMP? If so, does the internal F5 receives the ICMP? Create a file you can import in Wireshark.&nbsp;
Are there any other devices between external and internal F5? Firewall or router? Can you see something there?&nbsp;
With these kind of issues tcpdump and Wireshark are the tools to use.&nbsp;
Good luck.&nbsp;
Martijn.&nbsp;

Forum Discussion

TCP monitor on two nodes fail erratically

Recent Discussions

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

VLAN Failsafe Functionality

Related Content

Node Monitoring vs Pool Monitoring

node monitor vs pool monitor?

Single Node Persistence

Which IP initiates health monitoring of nodes when F5 are in HA?

iRule for host rewriting between nodes

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS