Forum Discussion

jaikumar_f5's avatar
Jun 20, 2017

Article K15907 - TCP marked down incorrectly

Hi Folks,

I may need your opinion on this article - The BIG-IP system may incorrectly mark pool members down when health monitor traffic uses TCP source port 54321.

Well recently I'm observing some random logs marking the pool member down, well its happening at random time, so I'm not able to figure out why its happening. Well the log indicates the tcp down. But the server seems to UP all time. Unsure they was any network glitch. But since its happening everyday at random times, I doubt it could be the network.

From my understanding, if this article is true, I believe if I send connection from source port 54321 using netcat to the member it should fail. But I see its established, does this mean this article is not true in my case.

[LTM1:Active] ~  nc -p 54321 -t 20.20.20.20 80
^C
[LTM1:Active] ~  netstat -an | grep 54321
tcp        0      0 10.10.10.10:54321        20.20.20.20:80          ESTABLISHED

Since its happening at random time, I'm planning to put a tcpdump when this event occurs using alert conf file,

alert TCP_DOWN_CAPTURE " Pool /Common/test_pool member /Common/test_node:80 monitor status down " {
                exec command="tcpdump -npi 0.0 -vvv -s0 host 20.20.20.20 and port 80 -w /var/tmp/test.pcap -c 100"
}

Please suggest your opinions on this and if you have a better approach !!! Thanks.

No RepliesBe the first to reply