Forum Discussion
Remco
Jan 16, 2012Nimbostratus
Virtual sends [RST, ACK]
Hi,
we recently replaced Cisco CSS by F5 BigIP, but we know have a problem in our production environment under load which we did not noticed in out acceptance environment.
We have a virtual configured and on this virtual we have an irules which does pool selection based on the requested uri.
What I see in the tcpdumps I took, is that on an existing tcp session there are several GET and POST requests where I can see the identical GET or POST message is also send to a poolmember as you would expect. But sometimes on an open client tcp connection we are getting a http GET or POST request and I do not see the request being send to a poolmember. I do see the F5 is first responding with a ACK and than ~5 seconds later a [RST, ACK] is send back to the client terminating the TCP session.
The uri requested should match on of uri's in the irules and I don't have any poolmembers down messages in the ltm log. Some of the pools are used in combination with SNAT automap, the uri with problems are mostly for pools without snat.
I have seen a couple of post reporting the same behaviour, but haven't seen a solution. Does anybody know what can cause this behaviour and how it can be solved?
The problem looks a similar as posted at: http://devcentral.f5.com/Community/...ault.aspxv
- hooleylistCirrostratusHi Remco,
- RemcoNimbostratusHi Aroon,
- nitassEmployeeis nothing related to this sol at all?
- RemcoNimbostratusHi Nitass,
- nitassEmployee
did URL really match switch condition in the irule?
- RemcoNimbostratusI am also looking into the possibility the reset was send because it did not match any of the uri's in the switch statement. I have checked the tcpdump and on a first glance I only see requests that should match, but I will have closer look.
- RemcoNimbostratusFinally managed to replicate our problem in the acceptance environment.
- HamishCirrocumulusI think you'd need to do an LB::reselect pool if the request wasn't the first one in the tcp connection... I'm not certain that it's defined what happens otherwise (In fact I'm surprised it doesn't just fail).
- RemcoNimbostratusJust tried another options and it solved the problems.
- HamishCirrocumulusThe flag on the pool allows or disallows... Not enable or disable...
Recent Discussions
Related Content
Â
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects