I am new to F5 and LTM and apologize if this is the wrong forum or if I am not providing the appropriate information etc.
I have a custom mobile app I wrote where via custom headers I want to filter via Irule if the traffic is allowed to my backend server.
I configured a virtual server accepting HTTPS traffic on port 443. I added a SSL profile for my certificates (self signed) to the Client SSL Profile. I did specify the default serverssl profile for the Server SSL profile.
I created a pool with two nodes ( both pointing to the same server one via Ip the other via FQDN both for HTTPS)
I added the Pool to the virtual server and add my irule to the virtual server.
It is not a network/routing issue as I can curl the backend server successfully directly from the F5 terminal.
I have to assume that I have a F5 configuration issue and I would appreciate it if someone could point me in the appropriate direction.
I very much appreciate any help and apologize for the long post.
Thank YOU pullbox
Try to capture the traffic via tcpdump and see if you can see any bloackage 3-Handshake.
if you have time just remove ServerSSL and add serverssl-insecure-compatible. if any issue with server SSL error. Give one try and share result.
Try to log the reset cause (https://my.f5.com/manage/s/article/K13223) and see if F5 provides any cause for the reset packet.
Since the iRule logs goes up to the HTTP request, I suspect either a connection problem with the server or a pool member selection failure, the reset logs will tell you
Thank you so much for the feedback.
After I enabled it, this is what I am seeing.
TCP/IP Reset Cause
RST Cause: Count
Flow expired (sweeper) 4
No flow found for ACK 1
No local listener 32027
No server selected 1
RST from BIG-IP internal Linux host 187450
TCP RST from remote system 3
TCP retransmit timeout 172
handshake timeout 4
Appreciate all your help. I am a novice in reading pcap files.
Below screenshot of the traffic
...209 = F5
...35 = my endpoint
.6 = mobile device
per the screenshot traffic from .6 (mobile device) to .35 (endpoint) is TCP retransmission.
What do I have to look at to see what is causing this?
Apologize again if this is kind of a stupid question but I am a noob in this.
Appreciate pointing me in the right direction.
This capture does not show any RST packet but instead it shows a weird problem: the TCP connexion is not correctly established between 192.168.83.209 (the self ip doing monitoring?) and 192.168.83.35, you have SYN, SYN-ACK but no ACK which is mandatory for the TCP 3-way handshake, could it be the problem? I can't tell with the few amount of information about your setup. But I can see few things that may be worth troubleshooting: you don't have source address translation enabled in your VS which causes the traffic not getting back from the backend, and it seems that the VS address is the same as your self IP, this later is technically possible but sometimes it may cause problems.