CirrusI have LTM 10350v with two images installed 13.1.0.8 and 12.1.2 (currently 13.x is running)
I am seeing some issue with 13.1.0.8 so thinking to switch it to 12.1.2 for testing, so question is do it create any issue when we go back to older image, like it will break existing configuration or HA configuration etc? (do i need reconfigure everything again?)
Do i need to re-activate license also?
MVP,
https://support.f5.com/csp/article/K13765410
Hope it helps!
Mayur
CirrusReason i asked Activation question because this box is in lab and nobody has any idea about licensing, Let's assume we don't have active support in that case am i going to be in trouble to switch boot image? I don't care about configuration because its in LAB.
Altostratusjust for information - did you checked release notes of newer versions of 13 regarding your issue?
Currently available ist
13.1.3.3 Release
CirrusI am seeing very odd behavior, I am doing load-testing on F5 and found SNAT pool sending warning "inet port exhaustion", i am just keep adding IPs in SNAT pool and still getting error, i have added 15 IPs in pool and i have almost 500k Users so based on math i have enough port capacity. I did dump connection table and found each SNAT only hitting 20k around ports so its not anywhere close.
So trying to troubleshoot that issue and i check release and i didn't see any indication of bug or issue.
Altostratussomething like that?
20569-1 : BIG-IP Source IP cmp-hash setting is distributing traffic unequally
Component: TMOS
Symptoms:
After a period of time, Inet port exhaustion error messages begin to be reported, and traffic starts to fail:
crit tmm1[17985]: 01010201:2: Inet port exhaustion on <ip_address> to <ip_address>.
Conditions:
1. BIG-IP system uses sock or virtIO drivers; cmp-hash is src-ip.
2. Both VLANs are set to Source Address CMP Hash configuration.
3. Pool members are distributed to different TMM cores based on the VLAN configuration.
4. Traffic is load balanced to the pool member mapped to the other core.
Impact:
The system reports Inet port exhaustion error messages, and traffic starts to fail.
Cirrus
This is interesting, In SNAT statistics i am seeing its equally spreading traffic across all SNAT pool members.
https://cdn.f5.com/product/bugtracker/ID720569.html
In above article they are saying "The cmp-hash src-ip setting has been improved to avoid unequal distribution." so how do i configure cmp-hash src-ip setting ?
My current model F5 model is 10350 running 13.1.0.8 version of software and this guys having issue related SNAT.
If i am running same load-test on F5 model 10200 running 12.0.0.0 and i not seeing any issue. do you think it issue of 13.x.x.x ? That is why i want to revert my image to verify.
CirrusDo you think if i change following will fix my issue?
modify net vlan <src_vlan_name> cmp-hash src-ip
CirrusVery interesting my error went away as soon as i did.
modify net vlan <src_vlan_name> cmp-hash src-ip
Altostratusok, so the issue resolved? 😊
CirrusIt stopped logging in /var/log/ltm but now when i running my load-test with 500k TCP connection with 800/s rate then some of my tcp connection not getting through and client saying failed to connect.
I have tried bunch of new TCP profile, buffer adjustment and all short of thing but no improvement but then i decided to add more SNAT ip in pool and that works i didn't get error of connection failure so i thought let me load more tcp connection so i start my load-testing with 600k tcp connection with 800/s rate and that test failed again with connection failure, so trying to understand why SNAT source port starving? I have check connection table and its not using all 64k ports but still something somewhere not right. Do you have any clue to trace this kind of issue? I may enable TCP reset cause logs and see..
Altostratuswhat kind of test is this? sometimes it can be problem with the application that it has fixed source port area e.g. 3CX Voip Client