Forum Discussion

shantidutbansod's avatar
shantidutbansod
Icon for Nimbostratus rankNimbostratus
Mar 14, 2019

Only newly created VSes are Reseting all the traffic

Hello All,

 

On my F5 cluster there are few VIPs which are UP and Running. I need to create new VIP to setup a new VPN. While doing it I realized something is not fine and any traffic sent to these new VIPs is being Reset by F5. After that just to test I started creating new VIPs just by changing IP address of the working Existing ones. And now I am sure that everything is being Reset by the F5.

 

Following is the console output of tcpdump, this is exactly same with any new VIP that I am creating. Anyone has any idea about this, that whats getting wrong.

 

application delivery
BIG-IP
LTM

5 Replies

Sort By
  • shantidutbansod's avatar
    shantidutbansod
    Icon for Nimbostratus rankNimbostratus
    Mar 14, 2019

    11:04:08.432224 IP 10.194.1.52.56387 > 10.194.1.155.https: SWE 2768861009:2768861009(0) win 8192 11:04:08.432271 IP 10.194.1.155.https > 10.194.1.52.56387: R 0:0(0) ack 2768861010 win 0 11:04:08.432276 IP 10.194.1.52.56388 > 10.194.1.155.https: SWE 3343896122:3343896122(0) win 8192 11:04:08.432287 IP 10.194.1.155.https > 10.194.1.52.56388: R 0:0(0) ack 3343896123 win 0 11:04:08.694935 IP 10.194.1.52.56389 > 10.194.1.155.https: SWE 2484741480:2484741480(0) win 8192 11:04:08.694960 IP 10.194.1.155.https > 10.194.1.52.56389: R 0:0(0) ack 2484741481 win 0 11:04:08.934903 IP 10.194.1.52.56387 > 10.194.1.155.https: S 2768861009:2768861009(0) win 8192 11:04:08.934951 IP 10.194.1.155.https > 10.194.1.52.56387: R 0:0(0) ack 1 win 0 11:04:08.934956 IP 10.194.1.52.56388 > 10.194.1.155.https: S 3343896122:3343896122(0) win 8192 11:04:08.934967 IP 10.194.1.155.https > 10.194.1.52.56388: R 0:0(0) ack 1 win 0 11:04:09.198017 IP 10.194.1.52.56389 > 10.194.1.155.https: S 2484741480:2484741480(0) win 8192 11:04:09.198055 IP 10.194.1.155.https > 10.194.1.52.56389: R 0:0(0) ack 1 win 0 11:04:09.433433 IP 10.194.1.52.56387 > 10.194.1.155.https: S 2768861009:2768861009(0) win 8192 11:04:09.433483 IP 10.194.1.155.https > 10.194.1.52.56387: R 0:0(0) ack 1 win 0 11:04:09.433488 IP 10.194.1.52.56388 > 10.194.1.155.https: S 3343896122:3343896122(0) win 8192 11:04:09.433499 IP 10.194.1.155.https > 10.194.1.52.56388: R 0:0(0) ack 1 win 0 11:04:09.696840 IP 10.194.1.52.56389 > 10.194.1.155.https: S 2484741480:2484741480(0) win 8192 11:04:09.696866 IP 10.194.1.155.https > 10.194.1.52.56389: R 0:0(0) ack 1 win 0

     

  • Michael_Saleem1's avatar
    Michael_Saleem1
    Icon for Cirrus rankCirrus
    Mar 14, 2019
    • Is there at least one pool member showing as 
      available
      ?
    • Do you have SNAT enabled on the virtual server?

    Could you please provide the virtual server and pool configuration please?

    tmsh list ltm virtual 

    tmsh list ltm pool

  • shantidutbansod's avatar
    shantidutbansod
    Icon for Nimbostratus rankNimbostratus
    Mar 14, 2019

    Hello, Following are the outputs, I just changed some if the names from the output. I have a working different VIP with this same exact config on this same device.

     

    ltm virtual VPN { description VPN_VS destination 10.194.1.155:https fallback-persistence ABC_desti ip-protocol tcp mask 255.255.255.255 persist { ABC_source { default yes } } pool XYZ profiles { clientssl { context clientside } tcp { } } source 0.0.0.0/0 source-address-translation { type automap } vs-index 21 }

     

    (tmos) list ltm pool XYZ ltm pool XYZ { description "ABC Production" members { AEABUABCAPP01.FGHDJ.COM:hosts2-ns { address 10.194.1.176 session monitor-enabled state up } aeabuABCapp02.FGHDJ.com:hosts2-ns { address 10.194.1.177 session monitor-enabled state up } } monitor http }

     

  • Yoann_Le_Corvi1's avatar
    Yoann_Le_Corvi1
    Icon for Cumulonimbus rankCumulonimbus
    Mar 14, 2019

    Hi

     

    Many different factors can cause reset packet to be sent by Big IP. Instead of listing them all here, have a look at this :

     

    https://support.f5.com/csp/article/K9812

     

    If nothing obvious comes out, enable RST packet login

     

    modify /sys db tm.rstcause.log value enable

     

    And provide the output from /var/log/ltm here.

     

    Thanks

     

  • Luke_W_386520's avatar
    Luke_W_386520
    Icon for Nimbostratus rankNimbostratus
    Mar 20, 2019

    Hello shantidutbansode2

    From your output, I can see that you do not have an HTTP profile (Layer 7 Inspection) on your VS. Try adding the HTTP profile to your VS and see if this helps.

    tmsh modify ltm virtual VPN profiles add { http }