TCP monitor on two nodes fail erratically

Question

Good day,&nbsp;
We have a setup of consisting of four LTM's, two for external clients in a dmz, two for internal clients on the local network. 
Only the internal devices are in a HA group.&nbsp;
Currently some of our external clients need to be redirected to applications on the internal network.&nbsp;
Configuration of external application:
External listener
Pool with internal node pointing to internal listener/VS
Node which is the internal VS
We are using icmp/tcp_half_open as part of testing/monitoring&nbsp;
The external VS server runs for days and then fails.
Once it failed we disable the node and enable it which marks the monitor as up, it can run for hours/minutes/days and eventually fails again.
According to logs we can't reach it via icmp. 
My first feeling was network related however we have multiple applications created on the same VLAN identical to the troublesome VIP's monitoring with icmp.&nbsp;
Any suggestions?&nbsp;

martijn_van_de1 · Answer

Hi,&nbsp;
The best way to investigate this issue is creating tcpdumps on both external and internal F5 devices. When it fails, do you see the external F5 send an ICMP? If so, does the internal F5 receives the ICMP? Create a file you can import in Wireshark.&nbsp;
Are there any other devices between external and internal F5? Firewall or router? Can you see something there?&nbsp;
With these kind of issues tcpdump and Wireshark are the tools to use.&nbsp;
Good luck.&nbsp;
Martijn.&nbsp;

Forum Discussion

TCP monitor on two nodes fail erratically

1 Reply

Recent Discussions

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Related Content

node monitor vs pool monitor?

Health monitor question

Node Monitoring vs Pool Monitoring

create an external monitor with curl to all nodes with different host names

F5 Distributed Cloud - Regional Edge Health Monitoring Insights