Please find my answers below along with relevant screenshots.I hope my answers are satisfactory.

Can you tell us the type of errors jmeter is reporting? During TCP connects, SSL handshakes, HTTP related timeouts, TCP reset after sending HTTP requests, bad HTTP responses? 

Ans. Dont see any error as such in jmeter.log.

Do you have the feeling to hit a certain hard limits, or is the error rate progressive? 

Ans.I feel the error is due to certain limits because the way i test is like the no of threads will be equal to the total number of requests that must be sent in 5 mins.eg. if its 10000/min then 50000 threads.I am able to say so because when i was sendind 1000req/min i.e., 5000/min i saw no errors.Please find the attachment for this.The error rate is progressive.

How many TCP session do you use for the Test? What is your RTT between Client and F5. HTTP/2 or HTTP/1.1 tests? 

Ans .I dont know how to find out the number of tcp sessions while running the Jmeter test.The round trip time for a single postman call to my node(node js application) ranges between 2.32 to 2.50 secs.

You may explain your VS setup slightly to allow us to understand where bottlenecks could be happen? Using SNAT / SNAT Pools, using SSL-Offload, OneConnect? 

Ans.Since this is a trial license and we are running on one CPU i havent configured SNAT / SNAT Pools, using SSL-Offload, OneConnect .My BIG IP LTM is hosted on an AWS ec2-instance which points to a pool consisting of the node(ec2-instance) having a node js application that is used for load testing.The requests made to this server has les size.This app responds with a response size as preferred.We control this via a parameter in our curl/postman call.

Could you please reset your VS, HTTP profile and Pool statistics and share the results after a test is done?

Ans.Reset Pool statistics,couldnt find how to reset VS and HTTP Profile and hence updated VS.

> Ans. Dont see any error as such in jmeter.log.

Log information are indeed not that helpful to figure out the cause of the err 😞

> Ans.I feel the error is due to certain limits because the way i test is like the no of threads will be equal to the total number of requests that must be sent in 5 mins.eg. if its 10000/min then 50000 threads.I am able to say so because when i was sendind 1000req/min i.e., 5000/min i saw no errors.Please find the attachment for this.The error rate is progressive.

I assume a single thread opens a single TCP connection from your client to the F5 and just sends a single request to the F5. The F5 will then open for each client side TCP connection a unique server side TCP connection. Unless you exceed 64k concurrent connections (limitation if not using SNAT pools) you should not hit a well known hard limit. Seems to be a pure load specific issue then...

> Ans .I dont know how to find out the number of tcp sessions while running the Jmeter test.The round trip time for a single postman call to my node(node js application) ranges between 2.32 to 2.50 secs.

See answer above. If using a single TCP connection for each request the response time should not matter. 

Ans.Since this is a trial license and we are running on one CPU i havent configured SNAT / SNAT Pools, using SSL-Offload, OneConnect .My BIG IP LTM is hosted on an AWS ec2-instance which points to a pool consisting of the node(ec2-instance) having a node js application that is used for load testing.The requests made to this server has les size.This app responds with a response size as preferred.We control this via a parameter in our curl/postman call.

Can you please provide screenshoot of the VS configuration? Gray out sensible information as needed.

Did you checked the CPU load during your tests? Does it spike agressively?

Ans.Reset Pool statistics,couldnt find how to reset VS and HTTP Profile and hence updated VS.

To access the VS, TCP and HTTP statistics you may click on the "Statistics" button...

It will open the Statistics of the Virtual Server and the attached TCP and HTTP profiles (see Profile dropdown in the middle of the screen).

For troubleshooting purposes you may use two destinct TCP and/or HTTP profiles (same settings, just a different name) on your VS for client-side and server-side traffic. Then we could narrow down if the request failing at the client or server side and probably figure out a more deatiled reason for jmeters "meaningless errors".

Also: Please reply to the question of my initial post...

Do you see any abnormal logs in LTM? Things which only appear when load gets too high? 

 Cheers, Kai

Do you see any abnormal logs in LTM? Things which only appear when load gets too high? 

Ans.I looked at the system and audit logs but there are many.I tried clearing them using

/etc/init.d/syslog-ng stop

rm -f /var/log/ltm

/etc/init.d/syslog-ng start

 However the system and audit logs dont seem to be removed(only the local traffic logs get removed).Any way to remove these logs as well.I did log in via putty and check var/log/ltm but it has a lot of log listings and i didnt wanrt to mess up the set up at this juncture by deleting any log listed.Any way to identify just the system and audit logs and remove them?

Hi Sand87ch,

you could flush your logs via SSH.

[itacs@kw-f5-dev:Active:Standalone] / # > /var/log/ltm
[itacs@kw-f5-dev:Active:Standalone] / # > /var/log/audit
[itacs@kw-f5-dev:Active:Standalone] / # > /var/log/messages

Instead of flushing those logs, you could just use tail your ltm log during your tests to see what happens...

[itacs@kw-f5-dev:Active:Standalone] / # tail -f /var/log/ltm

If the default logs wont give you a clue whats happening, you may turn on TCP-RST logging and repeat the test again...

Configuring the BIG-IP system to log TCP RST packets (f5.com)

Cheers, Kai

Hi Kai,

I will do this.Meanwhile following this doc viz., https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-12-1-0/27.h...  i made some changes and tested.

However still the errors keep coming in jmeter like the screenshot posted yesterday.

I made the changes in my Big IP VE ,nodes and pools.i set the following in my BIGIP VE

virtual server advanced section

And set the request queue depth to yes in pools but without any success.

I would recommend to remove such limits, if you dont have the need to restict one VS from consuming too much network ressources, so that other VS can continue to work stable.

Cheers, Kai

Hi @Kai_Wilke 

I did tail the logs using tail -f /var/log/ltm  and saw the following

This means that your F5 is sending to much RST-Response because someone tried to access a non-existing service port on your F5. 

Err Msg: 011e0001:4: Limiting open port RST response from 501 to 500 packets/sec (f5.com)

The only explanation for this would be, that your Pool got marked down so that your VS will be  marked down too and your test still tries to access your VS (causing the system to send reset responses).

Can you please verify if your pool became unhealthy during your tests?

Cheers, Kai

Sorry...

The log lines you send where complaining about "Limiting open port RST" and not "Limiting closed port RST" (both messages exist) 

The "Limiting open port RST" happens if the F5 receives a "Non-SYN" packet on a open port, but does not have a related connection for it. This may happen with legitimate traffic if network issues interrupting bidirectional communication...

@Heath_Parrott pointed out "Connection Table" limits in AWS. Those may be a good explanation for the interrupted communication you see in your logs. Did you already clarified with AWS?

Cheers, Kai

I am using the F5 Big IP VE BYOL(14.xxx)livcense available in AWS marketplace.And yes the instance is T2 medium.Sorry that my posting confused you.By 1CPu i meant 1 boot location as shown in the attachment below.

The instance i am using is m5.xlarge having 4 cpu and 16GB ram.I hope this is ok.

Yes with BIG-IP running on an m5.xl 4CPU:16GB ram you should be good to load test as that configuration from a BIG-IP standpoint.  The M5xl still has a connection table on the small side (WRT to the AWS SG - sorry AWS does not publicly publish these numbers) that you may be hitting and you should disable connection tracking to ensure that is not the issue. (see AWS documentation on how).  I would recomend doing this if you have not since it is an external limit on the system that will not show up in the BIG-IP logs. 

My expereince on hitting SG table limits plays out like:

Generate Traffic load --> Latency --> error.  Let the test bed sit for 15 minutes and you can repeat at will.  Repeating more frequently you hit the error sooner.    

@Heath_Parrott  Reading the document it seems that if the security group allows all inbound and outbound connections then this tracking and blocking of connections wont occur.Correct me if i am wrong.I enabled all traffic on our big ip VE on AWS but still the jmeter tests shows the same errors.Am i missing something here?

What is the SG config on both BIG-IP and the backend application (also how many application servers are in the pool)?

What is the instance type on the backend?

You will have connection tracking limits in all scenarios unless the SG reads permit 0.0.0.0/0 ANY in both directions.  

Here are the areas that you can exhaust network resources based on how you described the situation and possible mitigation:

The easiest things to narrow down the issue 

1. SG changes

2. Increase all instances to larger types and / or add more instances to the pool

3. Run a load test with client side entropy (many source IPs) if you are not. 

If it works with 1 request then MTU is unlikely.  MTU issues and lack of functioning PMTUD normally manifest from the outset.  

Hi sand87ch,

Contact F5 sales specialists. They will send you 45-day eval keys for any VE you like to test.

@Heath_Parrott showed you how to search for the "bandwith utilization" error messages in LTM log. I'm almost confident you will find some of those "exceeded" messages. And yes, those may explain the strange behaviour you see during the tests. 

Cheers, Kai