Forum Discussion

aj11's avatar
aj11
Icon for Nimbostratus rankNimbostratus
Mar 03, 2017

Sporadic 404 errors - where is this coming from?

We are getting sporadic 404 errors that show "Powered by Jetty" on a basic 404 page. We have a pool of servers using a VIP hosting a file, but random requests return this 404 page (maybe about 25%). It does not seem to be browser specific as it has happened on FF, Safari, IE and Chrome, across Windows and Mac platforms. We suspect the 404s are coming from the servers, but the dev testers claim there are none in the server logs, and when they test directly to the hosts, it works each time. We've set up tcpdumps on the F5 but the captures are somewhat difficult to read and sometimes the 404, even though the file downloads failed, does not show up in the capture (opened Wireshark). Stats show the loads are not overbearing for the pool members. We're running LTM 12.1.1. Has anyone experienced this? Is there a way to determine for sure something is up between the F5 and the servers? Is it possible the request URI gets malformed somehow when forwarded to the pool members?

 

application delivery
BIG-IP
LTM

5 Replies

Sort By
  • Amine_Kadimi's avatar
    Amine_Kadimi
    Icon for MVP rankMVP
    Mar 03, 2017

    The 404 pages are surely coming from the backend servers because F5 doesn't use jetty. Can you confirm what F5 is getting when you request the url from the CLI using curl:

    curl http://member_address/uri

    Try with every pool member.

  • Vijay_E's avatar
    Vijay_E
    Icon for Cirrus rankCirrus
    Mar 06, 2017

    You can try a simple iRule to log the 404 responses. Usually, 404 indicates a broken link or a old link that hasn't been transitioned over. Reference link.

    when HTTP_RESPONSE {
  if { [HTTP::status] == 404 } {
   log local0. "============================================="
   log local0. "$LogString (response) - status: [HTTP::status]"
   foreach aHeader [HTTP::header names] {
      log local0. "$aHeader: [HTTP::header value $aHeader]"
   }
   log local0. "=============================================" 
   }
}
  • Nicholas_P__308's avatar
    Nicholas_P__308
    Icon for Cirrus rankCirrus
    Mar 06, 2017

    If powered by Jetty it appears you are running into issues with the number of sessions. I would check the parameters for it, not familiar with it but there should be a httpd.conf or something of the sort where you can tinker with the TTL and max sessions.

     

  • aj11's avatar
    aj11
    Icon for Nimbostratus rankNimbostratus
    May 03, 2017

    So basically, the core of the issue was that there were sporadic double GET requests from the source that showed up in the same TCP stream, according to F5 support, which we also saw in our logs here. It was an issue for our Developers to look at since it appears it came into the F5 that way. The F5 VIP and traffic policy looks at the TCP stream on the back end and uses a "1st match" policy ("the Big-IP inspect every HTTP request and in doing that we will see if it correctly sends every HTTP request to the correct pool", F5 support stated), so if a GET request for one URI is in the same TCP stream as the second, different URI, it may get load balanced improperly. OneConnect was recommended to use, and one of the benefits of OneConnect, they said, is that it forces the LTM to inspect every packet since it's reusing/maintaining server-side connections, which prevents this.

    Additional details:

    - OneConnect increases the system’s network connection efficiency by keeping server side connections open and re-using them for new client requests
- Connection pooling allows new client side requests coming into the system to utilize existing server side requests that are already formed
- This optimization feature not only saves system resources on the BIG-IP, but also on the servers.
- OneConnect profiles allow you to manipulate various settings, such as maximum number of times server side connections can be re-used, and the maximum age of those entries.