Forum Discussion

jose_fernan_gue's avatar
jose_fernan_gue
Icon for Nimbostratus rankNimbostratus
May 22, 2014

TCP connections on F5 LTM VE

Hi All,

 

Just want to ask if this is a normal behavior on F5 LTM VE. This is my setup: 1 LTM VE with 2 Linux VE web server. LTM is configured with http and https standard virtual server using the default tcp profile.

 

The issue is when connecting in either the http and https VS it seems that the entry of my PC' IP on the connection table only last for around 5 sec as per checking the connection table in cli and in the statistics.

 

I have cheked the tcp profile and its idle timeout is set to 300 sec.

 

Regards, Jopy

 

5 Replies

  • May be you want to look directly at the web server config. It may be resetting connections. You can catch this behavior by sniffin' directly on the linux server terminal with something like:

     

    tcpdump --nni eth0

     

    **If you see the reset (R) from the web server IP,then the virtual server will answer the same.

     

    Please have a look to his article:

     

    http://support.f5.com/kb/en-us/solutions/public/0000/400/sol411.html?sr=37562714

     

    regards. hheredia

     

  • Hi,

     

    Below are the capture of the tcpdump it seems that the internal vlan ip 10.10.10.1 is the one sending the (R)reset flag

     

    23:34:59.063021 IP 10.10.10.1.35840 > 10.10.10.2.http: S 1589453853:1589453853(0) win 5840 23:34:59.065541 IP 10.10.10.2.http > 10.10.10.1.35840: S 3686360985:3686360985(0) ack 1589453854 win 5792 . some output omitted . 23:34:59.098055 IP 10.10.10.1.35840 > 10.10.10.2.http: F 8:8(0) ack 2897 win 91 23:34:59.099024 IP 10.10.10.2.http > 10.10.10.1.35840: P 2897:4097(1200) ack 8 win 5792 23:34:59.099613 IP 10.10.10.1.35840 > 10.10.10.2.http: R 1589453861:1589453861(0) win 0

     

  • Is there a chance the clients are using HTTP/1.0 rather than HTTP/1.1? IE has a bad habit of doing this. If that's the case, every request results in a new connection being established and then torn down. Definitely take a look at the client browser settings. Perhaps use IEHTTPHeaders or something similar to confirm.

     

  • For Firefox, use LiveHTTPHeaders. It's pretty simple to use and you'd be looking for HTTP/1.0 or HTTP/1.1 in the request line of all requests from the client.

     

    Alternatively you can look at the the statistics in the GUI: Menu Path: Statistics > Module Statistics > Local Traffic > Statistics Type: Profiles Summary - then click HTTP and look for the number of HTTP/1.0 and HTTP/1.1 requests.