Forum Discussion

bcrogerz's avatar
bcrogerz
Icon for Cirrus rankCirrus
Oct 09, 2012

Able to telnet to virtual when the pool members are down ?

Hello Folks,

 

I am trying to understand a strange behaviour seen on the LTMs.

 

Configs

 

---------------------------------------------------

 

virtual abdc {

 

pool abdc

 

destination 1.1.1.1:http

 

ip protocol tcp

 

rules SNAT2VIP

 

profiles {

 

http-xff {}

 

tcp-lan-optimized {

 

serverside

 

}

 

tcp-wan-optimized {

 

clientside

 

}

 

}

 

}

 

+-> POOL MEMBER abdc_80/2.2.2.2:http inactive,down

 

+-> POOL MEMBER abdc_80/3.3.3.3:http inactive,down

 

-------------------------------------------------------------------------------------------

 

 

Question :

 

1.) why is that i am able to successfully telnet to the virtual ip ?

 

2.) Is the bigip not suposed to send a reset packet when all the pool members are down ?

 

3.) I have a GTM polling this LTM virtual with a tcp_half_open monitor along with bigd , the GTM sees the virtual to be UP though the virtual is down on the LTM. ( more of tied to the 1st question )

 

Please help me in understanding this

 

Ps

 

( i know its not right to mix the bigd and tcp monitors for a LTM virtual on the GTM..)

 

 

 

 

3 Replies

  • have you seen this one?

     

     

    sol8082: Overview of TCP connection set-up for BIG-IP LTM virtual server types

     

    http://support.f5.com/kb/en-us/solutions/public/8000/000/sol8082.html

     

     

    hope this helps.
  • Roger, just in case you don't find that document clear enough I'll quickly break it down for you;

     

     

    1) You can telnet to the Virtual Server even with the Pool Members down. This is the full proxy in effect, the BIG-IP is terminating your connection and will establish a different one to a Pool Member when it needs to.

     

    2) The TCP three way handshake is completed but the moment you send a HTTP request on this connection, you'll then get the RST. This is normal behavior for a Standard Virtual Server with a HTTP Profile assigned.

     

    3) Use a HTTP monitor (that sends a HTTP request) and this won't occur.
  • Perfect! it makes perfect sense now !

     

     

    Many thanks both of you

     

     

    Roger