LTM Nonterminating HTTPS VIP Not Working

Question

Experiencing intermitten non rendering https VIP issues.  We have created multiple nonterminating https VIPs that intermittenly render https requests.  The browser will spin until it returns a destination unreachable.  While this is happening each server is up in the pool and successful renders https requests to a browser.  &nbsp;
&nbsp;Troubleshooting the issue we replaced the primary F5 with a new unit and the the issue stopped happening.  In testing failover this week we made the standby unit active and everything worked fine but when we returned the primary to active it could not render https request.  After a reboot the primary still would not render the HTTPS VIPs.  Then we forced the standby to active and the VIPs rendered successfully.  We then forced the primary to active and the VIPs render successfully again.  &nbsp;
&nbsp;F5 Details:
&nbsp;F5 LTM 6900
&nbsp;BIGIP 10.2.1 Build 297.0 Final  &nbsp;&nbsp;
&nbsp;Config:
&nbsp;pool air_app {
&nbsp;    monitor all tcp
&nbsp;    members {
&nbsp;         123.133.40.50:https {}
&nbsp;         123.133.40.51:https {}
&nbsp;    }
&nbsp;}&nbsp;
&nbsp;virtual air_app {
&nbsp;   snat automap
&nbsp;   pool air_app
&nbsp;   destination 123.41.20:https
&nbsp;   ip protocol tcp
&nbsp;   persist source_addr
&nbsp;}&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;Any and all help is appreciated,
&nbsp;Thanks,
&nbsp;Clinton&nbsp;&nbsp;

hooleylist · Answer

Hi Clinton, 
&nbsp;  
&nbsp; That's an odd one.  Could it be some kind of ARP issue?  Are you able to run a tcpdump while the failure is occurring looking for traffic to/from the VIP and pool members?  If so, what do you see? 
&nbsp;  
&nbsp; Also, if you're not decrypting the SSL, you could change from a standard VS to a Performance L4 VS with a FastL4 profile to improve performance. 
&nbsp;  
&nbsp; Aaron

lowes_branch_fa · Answer

Aaron, 
&nbsp; Thanks for the lead.  Got to looking at the network setup and the network uplinks of several port channels were not going to the correct switch interfaces.  Problem should be fixed. 
&nbsp;  
&nbsp; Thanks, 
&nbsp; Clinton

hamish · Answer

You're not running LACP active on the port-channels? Very important...  
&nbsp;  
&nbsp; H

Forum Discussion

LTM Nonterminating HTTPS VIP Not Working

3 Replies

Recent Discussions

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Related Content

monitor does not work https

How to make DNS resolutions in an HTTP request event work FOR you, not against you

How HTTP/2 Compression works under the hood

iRule for AFM IP Intelligence security policy to work with HTTP XFF (X-Forwarded-For) headers

HTTP redirect working but HTTPS not working