how to prove fallback host triggered is due to 1 bad request respond from backend server?

Use ssldump on the server facing VLAN to reveal any SSL negotiation issues. See askf5.com for command usage.

I suspect due to backend server respond with http 400 bad request(for example ,F5 send ssl client hello to backend server which only accept plain http),then lb failed,then fallback host in http profile trigged

does server send reset or close a connection (fin)?

When a Fallback Host is defined, and the connection attempt to the selected load balancing target has failed by the time the BIG-IP LTM system is ready to send the request, the BIG-IP LTM system sends the specified HTTP redirect in the following situations:

    A pool member has not been chosen (the system failed to select a pool or a pool member, or no pool members were available)
    A pool member is unreachable (when no route to the target exists)
    A pool member is unresponsive (resets a connection request)
    A pool member closes an established connection before the request is sent

sol6510: BIG-IP system fallback host behavior when a host is down

I suspect due to backend server respond with http 400 bad request(for example ,F5 send ssl client hello to backend server which only accept plain http),then lb failed,then fallback host in http profile trigged

does server send reset or close a connection (fin)?

When a Fallback Host is defined, and the connection attempt to the selected load balancing target has failed by the time the BIG-IP LTM system is ready to send the request, the BIG-IP LTM system sends the specified HTTP redirect in the following situations:

    A pool member has not been chosen (the system failed to select a pool or a pool member, or no pool members were available)
    A pool member is unreachable (when no route to the target exists)
    A pool member is unresponsive (resets a connection request)
    A pool member closes an established connection before the request is sent

sol6510: BIG-IP system fallback host behavior when a host is down

another thing I want to confirm is:

irule change only applied to new connection.but how to check the existing connection which use previous irule .

It affect the site for many pages since akamai keeps long connection with us,they don't create new connections for many hours ,I don't want to restart all these current connections ,just want to evaluate the impact.

I open a case with F5 TAC,but it seems it is difficult to find the connection which use previous irule .....

not sure whether I clarify my question here

correct me if I am wrong

these 2 pics are for same packet ,I just use wireshark decode as ssl and http ,otherwise it will not show the correct info ,haha

81.9 is F5,81.124 is backend server which only accept plain http

1:deacode 443 port as ssl

2:decode 443 port as http

Nitass ,u there? need your expertise .

i do not think it is due to bad request. i understand fallback is triggered because server-side connection fails.

hmm,is there any method to check existing connection is using old(cache) irule?

hello ,Nitass glad to hear from you again.

1: vs1 has irule 1 ,then connection1 is established . then I made change to irule1 ,then connection2 is established. Due to irule change only applied to new connection connection2 ,so connection1 still use cached or old irule1 How to check whether connection1 still use old/cached irule 1??

2:For the fallback host triggered problem,I made one test: one vip has server side ssl enabled,but pool behind it only accept plain http,everytime it can trigger a fallhost redirect.

1: vs1 has irule 1 ,then connection1 is established . then I made change to irule1 ,then connection2 is established. Due to irule change only applied to new connection connection2 ,so connection1 still use cached or old irule1 How to check whether connection1 still use old/cached irule 1??

i am not aware of it.

2:For the fallback host triggered problem,I made one test: one vip has server side ssl enabled,but pool behind it only accept plain http,everytime it can trigger a fallhost redirect.

i understand fallback is triggered because connection between bigip and server fails e.g. tcp reset.

1: vs1 has irule 1 ,then connection1 is established . then I made change to irule1 ,then connection2 is established. Due to irule change only applied to new connection connection2 ,so connection1 still use cached or old irule1 How to check whether connection1 still use old/cached irule 1??

i am not aware of it.

2:For the fallback host triggered problem,I made one test: one vip has server side ssl enabled,but pool behind it only accept plain http,everytime it can trigger a fallhost redirect.

i understand fallback is triggered because connection between bigip and server fails e.g. tcp reset.