Forum Discussion

dkraut_23236's avatar
dkraut_23236
Icon for Nimbostratus rankNimbostratus
Mar 09, 2012

Troubleshooting intermittent connectivity via LTM?

We recently acquired LTM VE. Seems to be working well, but for one particular app, we are seeing intermittent connectivity from client browsers. Works, doesn't work, etc. I know, this sounds like a pool member not playing nice, but I've disabled all but one pool member to see if this resolved the issue, but we still get random browser access/timeouts. When you run into an intermittent issue like this, how does one determine the possible causes? I can ping the VIP, response times are low and consistent and the default IIS site loads without issue. It's only the custom web site on these servers that has trouble. Editing our hosts file so that our client points directly to the internal pool member resolves the issue so it appears to be F5 related, but what next? Thanks in advance!

 

 

  • Does the failure happen often enough that you could reproduce the issue while capturing a tcpdump on the VE? If so, analyzing the tcpdump would go a long way towards diagnosing the issue.

     

     

    Here is a general SOL on tcpdump:

     

     

    sol411: Overview of packet tracing with the tcpdump utility

     

    http://support.f5.com/kb/en-us/solutions/public/0000/400/sol411.html

     

     

    You could try syntax like the following where you have all but one pool member disabled:

     

     

    tcpdump -ni 0.0 -Xs0 -w/var/tmp/trace.1.dmp host CLIENT_IP or host POOL_MEMBER_IP

     

     

    You can use WinSCP to copy the trace off VE and Wireshark to view the trace. If you need help capturing or analyzing the trace, you can open a case with F5 Support.

     

     

    Or if you want some stabs in the dark from the community, you could post your (anonymized) virtual server, profiles and pool config using 'tmsh list ltm virtual VS_NAME list', 'tmsh list ltm pool POOL_NAME list', 'tmsh list ltm profile PROFILE_NAME list'.

     

     

    Aaron
  • Hi Aaron, as always, thank you for the valuable feedback! I think I may have resolved the issue. We noticed that the timeouts seemed to be associated with SSL requests. I found another thread in which you participated where you suggested using the Performance Layer 4 profile vs. Standard if the backend servers were performing SSL decryption. This seems to have fixed the issue since our backend web servers are indeed performing SSL decryption and not the F5. Thanks!!!!
  • There are many possible causes? As a starter for ten;

     

    1) What persistence method is used?

     

    2) Do you use authentication of any kind?

     

    3) What's the Virtual Server configuration and type?