cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Knowledge sharing: Troubleshooting/investigating SSL and HTTP issues

1.This is what I call the F5 magic article and only if F5 has written in diffent name, so that it jumps as the first article when someone searches for such issues, as it has most of the info for HTTP and SSL data collection like tcpdumps that are decrypted with the f5 inernal variables :nnnp and etc. and after that the information can be used to resolve many issues:

 

 

https://support.f5.com/csp/article/K06028005

 

 

 

 

2.For SSL handshake issues the ssl debug i enabled by default in newer versions:

 

https://support.f5.com/csp/article/K15292

 

 https://support.f5.com/csp/article/K11058264

 

 https://support.f5.com/csp/article/K17045

 

https://support.f5.com/csp/article/K23452071

 

 

 

3.For logging the TCP RST if the F5 sends one there are global variables https://support.f5.com/csp/article/K13223. Also if the irule is causing the RST because of a config error look in the /var/log/ltm for "TCL error:" messages or for "reject" in the irule.

 

https://support.f5.com/csp/article/K13905

 

https://support.f5.com/csp/article/K9812

 

https://support.f5.com/csp/article/K10191

 

 

 

4. If you TCL Errors google the error and solve it (also check the F5 ihealth if it detected issue with the irule and check the error in F5 bug tracker https://support.f5.com/csp/bug-tracker) and if needed use the "Catch" command to escape the error.

 

 

https://devcentral.f5.com/s/articles/irules-101-07-catch

 

 

 

 

5.For HTTP request timeout because the F5 HTTP profiles or TCP connection timeout because the TCP profiles the TCP RST variables should log this.

 

 

 

6.Also when writting an iRule youca set variables that log the clock time at the Client_Accepted , HTTP_REQUEST etc. events and then to log the variables in /var/log/ltm or for example in splunk and then to compare when TCP handshake was done and after what time the HTTP_REQUEST event was triggered maybe at its end or start etc.

 

 

See the Splunk iRule and for example the variables:

 

set tcp_start_time [clock clicks -milliseconds]

set req_start_time [clock format [clock seconds] -format "%Y/%m/%d %H:%M:%S"]

 

 

https://docs.splunk.com/Documentation/AddOns/released/F5BIGIP/Setup

 

 

You can modify the Irule to log to /var/log/ltm if needed but I don't recommend logging much data locally. Read:

 

https://support.f5.com/csp/article/K55131641

 

https://devcentral.f5.com/s/articles/the101-irules-101-logging-amp-comments

 

https://clouddocs.f5.com/api/irules/HSL.html

 

 

 

7.This is great catching slowness caused by the F5 or pool member server. If you can enable the analytics module on the VIP.

 

https://techdocs.f5.com/kb/en-us/products/big-ip_analytics/manuals/product/analytics-implementations...

0 REPLIES 0