MySQL active connection never bleed off to other pool member
I am running galera MySQL behind F5 with performance Layer 4 type and i have setup 3 mysql node in pool member with Priority so only 1 mysql node will be used and other two will be standby. So everything was good but i found today when i shutdown Primary node which was active and i found my application break and when i have checked logs found: (2006, "MySQL server has gone away (error(104, 'Connection reset by peer'))") So solution was restart application, look like active member mysql connection not bleeding off to other pool member, what is wrong with my setup?
Akamai and OneConnect
Hello: Does anyone use Akamai with F5 LTM OneConnect? Based on Akamai link https://community.akamai.com/thread/4306-does-akamai-have-timeout-setting-that-amount-of-time-the-server-will-wait-for-certain-events-before-failing-a-request Akamai prefer idle timeout 301 sec. I thought this is idle timeout on oneconnect? but someone else say it is tcp idle timeout. Another say it is http keepalive timeout? since we use SNAP automap, that makes me think F5 ltm is a proxy, maybe someone could shed some light. ThanksiRule to disable OneConnect for a list of source IP addresses
I'm trying to resolve an issue with a legacy application that doesn't like OneConnect. All traffic from the legacy application originates from a know list of source IP addresses, which I'm including in an iRule Data Group called 'Legacy_App'. The current iRule is sending traffic from those source IP addresses to a specific pool called 'pool_Legacy'. The virtual server has an http profile and OneConnect profile with a /32 netmask. All other applications connecting to the virtual server are working fine. I'm only looking for a way to disable OneConnect specifically for traffic coming from the addresses in the Data Group 'Legacy_App'. This is what the current iRule looks like: when CLIENT_ACCEPTED { if {[class match [IP::client_addr] equals Legacy_App]} { pool pool_Legacy } } I've seen the OneConnect options for iRules: ONECONNECT::reuse disable ONECONNECT::detach disable Will adding one of those work? Should they be used with the CLIENT_ACCEPTED event?OneConnect with /32
Hi there, sorry for bringing up this topic with another new thread, but all the official F5 documentations as well as several devcentral posts doesn't 100% answer my question. Is there any "special" feature, which is only enabled with a OneConnect mask of /32? I mean this connection balancing vs. request balancing, which becomes important e.g. with Akamai clients and Cookie persistence or any special iRule business logic. It's always stated, that you should enable OneConnect with /32, but no further details why exactly with /32. Does the OneConnect profile (in combination with the HTTP profile) solves the issue or is it just with the /32 mask? Or is this maybe also depending on other settings like the usage of SNAT, where with the standard SNAT automap option and just a single floating IP all clients are "mapped" to the same sourceIP, so the OneConnect mask doesn't matter at all. Any more details or background information would be very helpful! Thank you! Ciao Stefan :)
Java application persistence issue with load balancer
I have a java application running on 2 web servers, load balanced in round robin fashion and cookie insert persistence on VIP. From what I understand of the application, it keeps doing some kind of pulse check with server every few seconds because of which the java app disconnects as it is getting bounced bw one server and other, meaning persistence is not working for subsequent connections made by the java applet. I cannot use source/dest_addr persistence, so it has to be cookie persistence. I somehow managed to disable the pulse check within application, which made the app stable and no disconnects were noticed. However after a while some of the tabs/pages started to throw errors which I believe is due to server switch at the F5 load balancing. Any ideas what else can be done to ensure the java application connection made to one server is persistent for subsequent connections made from same source?
Connection re-use on the backend with HTTP/3 virtual server
Hello Group, I have created a simple setup in order to do an HTTP/3 (on the client side, only) performance testing using F5 BIGIP on AWS. TG (simulates client, sends HTTP/3 traffic) --> F5 BIG IP (HTTP/3 virtual server) --> Backend (servers are simulated by my TG tool, handling HTTP/1.1 traffic). In F5 i have an HTTP/3 virtual server (based on UDP, since QUIC protocol is built on top of the UDP) After capturing several traces, i am noticing that on the backend, where i'm handling HTTP/1.1 traffic, connection re-use is not working (after each GET request the connection closes, and opens up a new one) and therefore i'm really low on performance. I can't enabled OneConnect feature on my HTTP/3 virtual server (this option is not available) So, regarding my question, is there any way i can enable connection re-use on the backend? Any suggestions would be great. Thanks in advance!OneConnect, SSL Bridging and Apache2 server
Hi, I am using config as in subject. Everything works OK, Idle TCP connections are reused. Only problem is that Apache2 server is closing TCP connection with SSL session after 20s when no traffic is reaching server. That is not related to Keep-Alive settings on BIG-IP or Apache2 server, the same settings are used for HTTP traffic and all timeouts on BIG-IP or server are respected, idle connection is closed after 298s (Keep-Alive Timeout set on Apache2 server). Verified by trace - server is sending FIN-ACK to BIG-IP. So it seems that there is some SSL related timeout used by Apache2 - problem is I can't find any info how to change it - any help appreciated. Piotr
iRule: Log SNAT IP's when using Oneconnect
Hello F5 Friends, I'm at a bit of a loss for how to write an iRule here and I'm hoping you all can help me out. I have a need to send a security vendor the Client Side and Server Side IP addresses used for all connections coming in through my F5. I tested out this iRule below and it logs successfully and forwards off to our vendor successfully within our infrastructure. when SERVER_CONNECTED { # log clientside and serverside connection details to /var/log/ltm log local0. "Clientside connection: SrcIP:Port [clientside {IP::remote_addr}]:[clientside {TCP::remote_port}] to DstIP:Port [clientside {IP::local_addr}]:[clientside {TCP::local_port}] translates to Serverside connection: SrcIP:Port [IP::local_addr]:[TCP::local_port] to DstIP:Port [IP::remote_addr]:[TCP::remote_port]" } Unfortunately, I found out after this was in place that it wasn't generating logs for all connections coming into the associated virtuals. (I have this iRule applied to All virtuals on my F5.) Through some testing I found that this iRule was not logging for connections where the Server Side connection was being reused by the oneconnect profile. Next I tried using the "LB_SELECTED" event instead of "SERVER_CONNECTED" and in this case I see that I'm logging on all HTTP requests that come inbound. So the first event doesn't trigger enough and the second event triggers too often. I was hoping for some help in finding that happy medium. Can someone help me with the right event trigger or logic in the iRule that would log the CS IP's and SS IP's as each new front end connection is established to a back end server when Oneconnect is in the mix? Thanks, Jeff
OneConnect Statistics
While I'm testing OneConnect profile in my lab and I found that the statistics seems to be incorrect but I don't know why, below is the configuration I have done on the BIGIP: V-server, http profile, one connect profile ltm profile one-connect test-onceconnect { app-service none defaults-from /Common/oneconnect idle-timeout-override disabled limit-type none max-age 200 max-reuse 4 max-size 5 source-mask any } The connection is working fine but the output of (show ltm profile one-connect test-onceconnect) seems to be incorrect for me based on number of connections I have been initiated ----------------------------------------- Ltm::OneConnect Profile: test-onceconnect ----------------------------------------- Virtual Server NameN/A Connections Current Idle0 Maximum5 Total Reuses2 New9 when I checked the KB https://support.f5.com/csp/article/K8688 , I can see the below: Currently Idle: The number of currently idle connections in the connection pool. These are connections that are available for reuse. Maximum: The maximum number of idle connections in the connection pool. Total Reuses: The total number of times server-side connections have been reused. Typically, connections will be reused more than once, and each connection reuse will count separately toward the total. New: The total number of times new server-side connections have been created. so can someone help me to clarify more the difference between current Idle and Maximum, also what is the meaning of New. Also take in consideration that I did all the connections from the same machine and I set the mask to any so I should have number of Reuses much more than what I see above. one last question what will be the affect if I use OneConnect with profile that only use TCP profile (no HTTP exist).
