Forum Discussion
NimbostratusWhy I am able to Telnet to VIP when pool members are down ??
Why I am able to telnet to a VIP (port 443) when all pool members actually down, VS showing down as well. Could someone please explain in brief.
irig4u_152672Because the VIP you have created is listening on the IP address and the port specified
Samir_Jha_52506Noctilucent
Its default behavior of Standard virtual server, A Standard virtual server processes connections using the full proxy architecture. The three-way TCP 3-way- handshake occurs on the client side of the connection before the F5 LTM system initiates the TCP 3-way-handshake on the server side of the connection. Please go through link.
https://support.f5.com/csp/article/K8082
tatmotivCirrostratus
That's indeed right for standard virtuals with a TCP profile attached to it, but the BigIP will nevertheless issue a TCP reset immediately after the established 3WHS, so the connection should not stay "up". If you have a fastL4 virtual, the BigIP will instead reply with a TCP Reset to the first SYN packet of the client, so the connection will not even establish. See https://support.f5.com/csp/article/K9812 for details:
When all pool members are unavailable due to being disabled, forced offline, or down, the BIG-IP RST behavior varies slightly depending on the virtual server type. If the virtual server references a TCP profile (Standard virtual server type), the system allows the three-way TCP handshake to complete before sending the TCP RST to the client. If the virtual server references a FastL4 profile, the system sends a TCP RST packet in response to a connection attempt. The TCP RST packet is sent on the client side of the connection, and the source IP address of the reset is the relevant virtual server IP address.
Avinash1528_239it depends on what type of virtual server you are using. also you need to check if "Notify status to virtual address" is check or not
- Samir_Jha_52506
Its completely depend on Types of Virtual Server. Infect
will not make any changes.Notify status to virtual addressNotify Status to Virtual Address check box. When you select this setting, the virtual server notifies its associated virtual address of its status with respect to pool member availability.
Stanislas_Piro2Cumulonimbus
fortunately, virtual server answers even if pool members are down.
How can we use
or Maintenance page irules (or any other irules) if virtual server does not answer!Fallback Host- dragonflymr
Hi,
Main issue with testing VS (one with HTTP profile assigned) via telnet is how Standard VS handles new connection:
- 3WHS is always performed
- VS is waiting for first HTTP request from client before selecting member and performing 3WHS on server side.
Now, if you are sending any data using telnet (like pressing any key when telnet session is open) VS will be sending ACK but not doing anything else (except resetting I Idle timeout on created client side flow).
If you will handle telnet session close gracefully (ctrl=] then quit) VS will even perform proper 4WC (FIN-ACK exchange).
So everything looks OK considering telnet, but proofs nothing.
Even worse, when using
it will report connection as Open and Accepted.show ltm profile tcpWhat will happen depends as well on Verified Accept enabled - you will get immediate RST (not recommended for HTTP type VSs).
As already mentioned a lot depends on VS config, for example Standard VS without HTTP profile immediately respond with RST, when checking
it will be reported as No pool member available.show net rst-causeSo conclusion is that only way to test is to send at least one HTTP request after 3WHS and better use tools like curl for testing.
Piotr