Forum Discussion
NimbostratusDOWN VIP responding back on TCP monitoring from 3DNS
We have a VIP configured with both SSL and http profile assigned on Big ip LTM (v10) . 3DNS (going to be decommed) is monitoring that VIP on TCP (port443) . We had raised a case with F5 and below is the respeonse . Can anyone explain why this is happening .Also we are asked to change the monitring to full L7 monitor (https monitor) ..How can this be achieved . I am not a F5 expert ..Its would nice if soemone can expalin in layman terms
1. DOWN VIP with ssl profile WITHOUT http profile
- full tcp handshake succeeds
- full ssl handshake succeeds
- RST sent by the server straight after last ssl handshake packet (server change cipher spec)
2. DOWN VIP with ssl profile WITH http profile
- full tcp handshake succeeds
- full ssl handshake succeeds
- LTM waits for the first client http request
- RST sent by the server straight after receiving the client http request.
The solution in this situation would be using a full L7 monitor (https monitor) on the monitoring device.
Thanks
1 Reply
Dayal_141213I guess I am bit late to respond on this :) However, here is what I think is happening- if it would help anyone else having same query. With HTTP profile, the F5 is capable of looking into the request. You achieve L7 capabilities. The loadbalancing is based on the HTTP request rather than the TCP connection. This in turn means that the F5 will wait for the first request to come through, before it makes a LB decision. And as there are no pool members available, it sends out a RST. Without HTTP profile, the F5 will not wait for the request and will try to make LB decision once the TCP connection is established. Thus it sends out TCP-RST without the request coming in.
