Forum Discussion

Moonlit's avatar
Moonlit
Icon for Cirrus rankCirrus
Nov 09, 2015

APM Network Access tunnel randomly stops transmitting data

Hi all,

 

My users who are connected via a split-tunnel lose all connectivity with resources routed over the VPN.

 

The set-up is a HA pair of Virtual Editions with 1 tunnel group always running on one active unit running version 11.5.3 HF1.

 

Description of the problem:

 

  • Nothing abnormal is logged on either the BIGIP or the client when this happens.
  • Problem is resolved by clicking Disconnect and reconnecting the tunnel.

     

  • Occurs up to 10 times a day for some users, have not been able to replicate it myself. Occurs for many users at different times, so it looks like the BIGIP itself is causing this for a selection or maybe 60% of the users at random intervals. Have not been able to find anything linking the affected users.

     

  • Occurs on both Win7/32bit, Win7/64bit, Win8.1 and Windows 10 clients.

     

  • Occurs when using the Internet Explorer VPN interface, very few here use the Edge Client so far.

     

  • Did not happen right after the last upgrade (to version 11.5.3 HF1), but started some time after this. Can't see any correlation to changes made by me, though I suspect there is one.

     

  • I have been able to run a "tcpdump -i connectivityprofile host x.x.x.x" to sniff all traffic to one user, when the problem occurred. The BIGIP simply stops sending data over the tunnel. so the fault must be in the central unit rather than locally on the clients.

     

  • With NOTICE logging level on APM, nothing is logged when the problem occurs.

     

  • On the client, nothing is logged when the client occurs. The client keeps on logging the periodic messages when it checks the version of IE every 5 minutes or so.

     

I've been troubleshooting this problem for over a month now, and have attempted the following remedies without success:

 

  1. Upgraded BIGIP to 3Gbps/s because it was logging this message: Nov 4 12:54:28 BIG10001 notice tmm[15811]: 01010045:5: Bandwidth utilization is 806 Mbps, exceeded 75% of Licensed 1000 Mbps

     

  2. Resolved a known problem causing the BIGIP to log about 8000 more "server current connections" due to a ping sweep being made by a monitor server.

     

  3. Manually verify each setting in the NA config such as timeout values, but they all look correct from the Help description.

     

Today I will try rebooting the F5, but if anyone else has this problem I'd like to provide comfort and tell them they're not alone :)

 

I'll create a ticket on this if the reboot doesn't work.

 

Sincerely, Dag

 

3 Replies

  • we have similar issue with 11.5.3 (viprion hw). No split-tunnelling but many users loose connectivity to backend devices. Issue seem to raise when we are over about 1Gb TMM mem usage. Ticket open by F5 since 2 weeks.
  • That's very interesting! Please update me here if you get any useful feedback from F5.

     

    • Moonlit's avatar
      Moonlit
      Icon for Cirrus rankCirrus
      Rebooted and tried using the other HA unit, to no avail. Have created a support ticket for this.