Reset from VS

Question

Hi all,
&nbsp;we have a BIG-IP running 9.3.1 and we're experiencing the following problem:
&nbsp;a VS is generating and sending TCP segments to clients from time to time but we can't understand why.
&nbsp;VS is configured as follows:&nbsp;
&nbsp;virtual VS {
&nbsp;   destination A.B.C.D:8180
&nbsp;   ip protocol tcp
&nbsp;   profile http oneconnect tcp-lan-optimized
&nbsp;   pool P1
&nbsp;}&nbsp;
&nbsp;pool P1 {
&nbsp;   snat disable
&nbsp;   monitor all http
&nbsp;   member 10.15.121.103:8180
&nbsp;   member 10.15.121.109:8180
&nbsp;}&nbsp;
&nbsp;clients (which are in a different vlan behind the LB) produce a big amount of traffic hitting the VS but the issue pops up just for a few connections from time to time.
&nbsp;It shouldn't be due to timeout and also we didn't notice any server down event when the reset segments were sent.
&nbsp;I checked all cases when reset are sent, but nothing seems to match to what we have in place.
&nbsp;Is it possible to create an iRule which logs the reset frames or explains somehow the reason of it?.
&nbsp;The LB_FAILED event shouldn't occur since we can't see any server down event in logs.
&nbsp;Thanks in advance for your help&nbsp;

hooleylist · Answer

Hi Eridano, 
&nbsp;  
&nbsp; When you say TCP segments, what do you mean?  Is LTM sending a RST to the client?  If so, do you see a corresponding RST coming from the serverside?  I'd suggest capturing a tcpdump with the client and serverside traffic together to compare what's happening on both sides of LTM.  If you need help capturing or analyzing TCP dumps, you can check the following solution or open a case with F5 Support: 
&nbsp;  
&nbsp; SOL411: Overview of packet tracing with the tcpdump utility  
&nbsp; http://support.f5.com/kb/en-us/solutions/public/0000/400/sol411.html 
&nbsp;  
&nbsp; Note that it is not possible to use an iRule to log TCP flags on individual packets. 
&nbsp;  
&nbsp; Aaron

eridano_di_piet · Answer

Hi Hoolio,
&nbsp;we have already snooped both on clientside and serverside: we didn't notice any TCP RST coming from servers so it seems that it is the LTM itself generating them.
&nbsp;It happens from time to time, consider that we had just 5 resets on about 1 million connections, but when it happens we loose traffic so it's not acceptable.
&nbsp;We tried to avoid using oneconnect, but resets are still present.
&nbsp;Thanks for your help.&nbsp;

Forum Discussion

Reset from VS

2 Replies

Recent Discussions

[ASM] - what is "Browser Challange file" ?

Rewrite uri translation not working

no available managed rule groups for Israel il-central-1

About shun list for L7 DDoS?

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

Related Content

BIGIP resets connecion

After applied ASM Policy to Virtual Server, connections will reset with Internal error in log

Wrong Key GUI , Can't reset BIG-IP to factory defaults

F5 Big-IP i4600 Root Password Reset

Getting TCP Reset-0 from server when routing HTTPS traffic via F5