Forum Discussion

Sumit7595_36869's avatar
Sumit7595_36869
Icon for Nimbostratus rankNimbostratus
Aug 15, 2018

504 Timeout Error response from F5 Big IP LTM

Hi All,

 

We have a site Example: example.registraition.com which had a traffic flow as below:

 

End user --> F5 --> Servers

 

Now we have added Distil Networks in between for additional security. Hence now the traffic flow is as below:

 

End user --> Distil --> F5 --> Servers

 

Now we see a very strange behavior on the site. Sometimes it throws 504 timeout error while accessing the site (Example: example.registraition.com) and when we bypass distil by doing host entry, we do not see any issue.

 

When we checked this with Distil team, we got an understanding that it is our F5 load balancer VIP which is not responding and hence we get 504. When we checked the logs in server, we found that during 504 errors, the request is not even reaching to server.

 

Note: There is no restriction (packet filter) applied on the Virtual server where the site is pointing to. Please help me resolve this issue.

 

application delivery
BIG-IP
LTM
security

3 Replies

Sort By
  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Aug 15, 2018

    If I had a pound for every time someone told me that the request didn't make it to the server because it wasn't logged, I'd be a rich man.

     

    Logs when present will tell you what happened. When not present, it tells you nothing except it didn't work properly. Absence of logs does not imply that the request didn't make it. (Doesn't mean it did either, but you can't prove a negative generally).

     

    You do however need to poke around more... Maybe it's a client that isn't sending the whole request so BigIP is waiting (buffering) until it gets everything.

     

  • Lee_Sutcliffe's avatar
    Lee_Sutcliffe
    Icon for Nacreous rankNacreous
    Aug 15, 2018

    Given this is a 504, it relates to a gateway timeout. Are you sure that traffic is returning by the correct route?

    If you lack the logs, the easiest way (if you're able to reproduce the error) is to do a packet capture on your F5. It should tell you if traffic is arriving on your F5 and if it's returning correctly.

    tcpdump -s0 -ni 0.0:n

  • santhi_372587's avatar
    santhi_372587
    Icon for Nimbostratus rankNimbostratus
    Sep 20, 2018

    I had similar issue if I add google shield after end user and I am not seeing any logs on the server too.Please advice suggestion to solve this.