Forum Discussion

steph_01_143006's avatar
steph_01_143006
Icon for Nimbostratus rankNimbostratus
Sep 05, 2014

Error on "when CLIENT_ACCEPTED" IRule

Hello,

 

I created the following Irule in order to increase the TCP idle TimeOut for certain applications. When a connexion occur, in /var/log/ltm file I see systematically the following error and it dosen't work properly:

 

Sep 5 15:42:11 F5-Prod err tmm[7623]: 01220001:3: TCL error: /Common/IR_TCP_TimeOut - no serverside connection established (line 1) invoked from within "TCP::server_port" ("1423" arm line 4) invoked from within "switch [TCP::local_port] { 1423 { .......

 

Even so my IRule is very simple :

 

when CLIENT_ACCEPTED {

 

switch [TCP::local_port] {

 

1423 {

 

set idle 3600

 

IP::idle_timeout 3600

 

}

 

default {

 

set idle 300

 

IP::idle_timeout 300

 

} } }

 

when SERVER_CONNECTED {

 

IP::idle_timeout $idle }

 

Do you have some idea? Thank you

 

APM
application delivery
design
devops
idle
iRules
LTM
security

8 Replies

Sort By
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Sep 05, 2014

    Sep 5 15:42:11 F5-Prod err tmm[7623]: 01220001:3: TCL error: /Common/IR_TCP_TimeOut - no serverside connection established (line 1) invoked from within "TCP::server_port" ("1423" arm line 4) invoked from within "switch [TCP::local_port] { 1423 { .......

     

    i do not see TCP::server_port in the irule. is it complete irule?

     

  • steph_01_143006's avatar
    steph_01_143006
    Icon for Nimbostratus rankNimbostratus
    Sep 05, 2014

    Yes this is the complete IRule.

     

    I get the example here: https://devcentral.f5.com/wiki/iRules.IP__idle_timeout.ashx

     

    When I replace "switch [TCP::local_port]" by "switch [TCP::server_port]" it doesn't work as well.

     

    • nitass's avatar
      nitass
      Icon for Employee rankEmployee
      Sep 05, 2014
      why do you want to change TCP::local_port to TCP::server_port? TCP::local_port is destination port on clientside connection (between client and bigip).
  • steph_01_143006's avatar
    steph_01_143006
    Icon for Nimbostratus rankNimbostratus
    Sep 05, 2014

    It was just a test, because I don't really understand why there is an error.

     

    I suspected a bug with TCP::local_port ...

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Sep 05, 2014

    I suspected a bug with TCP::local_port ...

    i did not get an error.

     config

[root@ve11a:Active:In Sync] config  tmsh list ltm rule qux
ltm rule qux {
    when CLIENT_ACCEPTED {
  log local0. ""
  switch [TCP::local_port] {
    1423 {
      set idle 3600
      IP::idle_timeout 3600
    }
    default {
      set idle 300
      IP::idle_timeout 300
    }
  }
}
when SERVER_CONNECTED {
  log local0. ""
  IP::idle_timeout $idle
}
}

 /var/log/ltm

[root@ve11a:Active:In Sync] config  tail -f /var/log/ltm
Sep  5 08:27:39 ve11a info tmm[15094]: Rule /Common/qux CLIENT_ACCEPTED:
Sep  5 08:27:39 ve11a info tmm[15094]: Rule /Common/qux SERVER_CONNECTED:
  • steph_01_143006's avatar
    steph_01_143006
    Icon for Nimbostratus rankNimbostratus
    Sep 05, 2014

    So no bug :-), but the problem still there. When a connexion occur with port 1423 there is the following error:

     

    Sep 5 15:42:11 F5-Prod err tmm[7623]: 01220001:3: TCL error: /Common/IR_TCP_TimeOut - no serverside connection established (line 1) invoked from within "TCP::server_port" ("1423" arm line 4) invoked from within "switch [TCP::local_port] { 1423 { .......

     

  • steph_01_143006's avatar
    steph_01_143006
    Icon for Nimbostratus rankNimbostratus
    Sep 24, 2014

    I have built the following simple IRule. It's working fine but the timeout is increased for all flows (no filter on port).

    when CLIENT_ACCEPTED {  
set the TCP idle timeout for the client to 3600
IP::idle_timeout 3600
    }   
when SERVER_CONNECTED {  
set the TCP idle timeout for the server to 3600
 IP::idle_timeout 3600
}
  • steph_01_143006's avatar
    steph_01_143006
    Icon for Nimbostratus rankNimbostratus
    Oct 29, 2014

    Hello,

     

    The error occurs because the Big IP receive some UDP traffic. The script does not managed UDP port. so a filter must be added at the start of the script.