Forum Discussion

EastCoast_16835's avatar
EastCoast_16835
Icon for Nimbostratus rankNimbostratus
Mar 22, 2016

iRule Event Agent in APM policy causes strange connection resets

I have an LTM with a simple test APM Policy like this and getting strange behaviour.

 

Start -> iRule Event Agent -> Logon Page -> Deny

 

When the iRule Event Agent block is present, the Logon Page is not displayed. I get connection reset in 80% cases. If I remove the iRule Event Agent block, the Logon page is always displayed correctly.

 

The iRule Event Agent block does absolutely nothing and has no iRule attached. TCPDUMP traces show internal F5 communications 127.20.1.3 -> 127.20.1.254 that end by SYN Timeouts.

 

Has anyone seen this kind of issues? The same APM policy works properly on another box.

 

Version: 11.4.1 HF9

 

APM
application delivery
BIG-IP

3 Replies

Sort By
  • Josiah_39459's avatar
    Josiah_39459
    Historic F5 Account
    Mar 22, 2016

    Yes, there are a number of issues with placing the irule event before the logon page (usually specific to the client: ios, vmware, etc). If you don't need to put it before the logon page, I would avoid it. If you must, please explain in more detail the workflow.

     

    • mrichter's avatar
      mrichter
      Icon for Nimbostratus rankNimbostratus
      Jun 13, 2016
      What are the number of issues? I am also experiencing this problem and need iRules to be invoked before certain login or display pages. Could you provide additional information?
  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Jun 13, 2016

    Hi,

     

    if you need to execute some action before logon page, use irule event ACCESS_POLICY_STARTED instead of using irule event in VPE.

     

    You can also execute some tcl code in variable assign.