F5 XC 503 upstream_reset_before_response_started{protocol_error}
Hello Community, I would like to share some additional information regarding the 503 response code in F5 XC. When the origin server sends a response to XC that is not compliant with HTTP RFC standards, the platform may return a 503. For example, if the origin server responds with a 204 status code but includes a message body, Envoy (the underlying data plane) will treat this as RFC non-compliant and therefore block the content. As a result, XC will return a 503 response to the client. 503 upstream_reset_before_response_started{protocol_error} Check if the http response headers from the origin-server have any invalid field names. Query the the origin-server directly via cURL or something equivalent. Usually indicates that XC is seeing an error in one of the http-headers of the response from the server. We would need to see the http headers that the origin-server is responding with to identify the issue. In one of the scenarios, it was seen that the origin-server may have a total of more than 100 headers (mostly duplicate headers), which XC will treat as failure parsing the response.F5 XC HTTP 404 rout_not_found / rsp_code 404
I would like to add more point about the HTTP 404 error: route_not_found / rsp_code 404 in an XC (RE + CE) deployment. 1. Even if XC has the correct host match value in the route, you might still observe a 404 response. In such cases, check the DNS configuration on the CEs. A possible reason could be that the CEs are unable to resolve DNS for host which is configured in route. 2. Even if XC has the correct host match value, the path might not match. For example, if you have a single route as shown below and the request comes as https://example.com/, you may see rsp_code 404 , as it is not matching any routes. Example : HTTP Method:ANY Path Match : Prefix Prefix:/hello Headers Host example.com Orginpool: example_orgin pool https://my.f5.com/manage/s/article/K000147490
F5 XC and Azure FrontDoor
Hi all, I would like to ask for some advice how to configure application behind Azure FrontDoor on F5 XC solution. As Azure FD required valid SSL certificate to forward traffic we used on BIG-IP workaround with "WAF domain" where valid certificate was used and we were able to connect to the application from FD via AWAF. XC create DNS for virtual host (loadbalancer) in format ves-io-uuid.ac.vh.ves.io but address has not valid SSL certificate so FD is not able to connect. Does someone has certain experiences with such implementation? Another question is how do you recognize clients in such cases? Especially when one domain is behind Azure FD or another CDN and another is not. By default client is recognized by IP address so in case that traffic is forwarded via CDN/FD we need to change User Identifier from "Client IP Address" to different object, for example some header. But what about application what is not behind CDN. How it will be recognized? Can I combine it somehow on one vhost (loadbalancer)? Thank you.