Forum Discussion
Do you see any abnormal logs in LTM? Things which only appear when load gets too high?
Ans.I looked at the system and audit logs but there are many.I tried clearing them using
/etc/init.d/syslog-ng stop
rm -f /var/log/ltm
/etc/init.d/syslog-ng start
However the system and audit logs dont seem to be removed(only the local traffic logs get removed).Any way to remove these logs as well.I did log in via putty and check var/log/ltm but it has a lot of log listings and i didnt wanrt to mess up the set up at this juncture by deleting any log listed.Any way to identify just the system and audit logs and remove them?
Hi Sand87ch,
you could flush your logs via SSH.
[itacs@kw-f5-dev:Active:Standalone] / # > /var/log/ltm
[itacs@kw-f5-dev:Active:Standalone] / # > /var/log/audit
[itacs@kw-f5-dev:Active:Standalone] / # > /var/log/messages
Instead of flushing those logs, you could just use tail your ltm log during your tests to see what happens...
[itacs@kw-f5-dev:Active:Standalone] / # tail -f /var/log/ltm
If the default logs wont give you a clue whats happening, you may turn on TCP-RST logging and repeat the test again...
Configuring the BIG-IP system to log TCP RST packets (f5.com)
Cheers, Kai
- sand87chDec 07, 2022Cirrus
Hi Kai,
I will do this.Meanwhile following this doc viz., https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-12-1-0/27.html i made some changes and tested.
However still the errors keep coming in jmeter like the screenshot posted yesterday.
I made the changes in my Big IP VE ,nodes and pools.i set the following in my BIGIP VE
And set the request queue depth to yes in pools but without any success.
- Kai_WilkeDec 07, 2022MVP
I would recommend to remove such limits, if you dont have the need to restict one VS from consuming too much network ressources, so that other VS can continue to work stable.
Cheers, Kai
- sand87chDec 07, 2022Cirrus
- Kai_WilkeDec 07, 2022MVP
This means that your F5 is sending to much RST-Response because someone tried to access a non-existing service port on your F5.
Err Msg: 011e0001:4: Limiting open port RST response from 501 to 500 packets/sec (f5.com)
The only explanation for this would be, that your Pool got marked down so that your VS will be marked down too and your test still tries to access your VS (causing the system to send reset responses).
Can you please verify if your pool became unhealthy during your tests?
Cheers, Kai
- Kai_WilkeDec 07, 2022MVP
Sorry...
The log lines you send where complaining about "Limiting open port RST" and not "Limiting closed port RST" (both messages exist)
The "Limiting open port RST" happens if the F5 receives a "Non-SYN" packet on a open port, but does not have a related connection for it. This may happen with legitimate traffic if network issues interrupting bidirectional communication...
Heath_Parrott pointed out "Connection Table" limits in AWS. Those may be a good explanation for the interrupted communication you see in your logs. Did you already clarified with AWS?
Cheers, Kai