Forum Discussion

sandy16's avatar
sandy16
Icon for Altostratus rankAltostratus
Feb 20, 2013

frequent logout on a https VIP.

Hi, need some help here....

 

we are experiencing frequent logouts when connecting to a https VIP on the F5. If the users connect to the individual servers, everything stays fine. On the F5 i have end-to-end SSL configured, which means I have a client SSL profile and a server SSL profile. Please advise ??

 

7 Replies

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Is it a regular logout or more random? Could it be the TCP profile Idle Timeout setting on the VIP?

     

     

    Just a thought.

     

     

    N
  • Steve - Yes I am using cookie persistence with the cookie method of "HTTP cookie insert".

     

    Nathan - we get logged out relatively quickly (although sporadically). I am using the built-in TCP profile for the client side. I really do not want to change any settings on that.
  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    I'd probably look to tcp/ssl dump to see if that gives you any clues as to where the break is appearing.

     

     

    Others on here may have a better clue as to what's going wrong though.
  • Certainly the tcpdump will give you the clearest picture. You might also want to use LiveHTTPHeaders or something similar on the client to check the cookie is being inserted and to see if there are any other obvious clues.
  • I have the tcpdump and have it opened in wireshark. What should i look for?
  • look for tcp resets and the reason for it

     

     

    In the filter search for "http" and see where is the 3way handshake is complete or not, also you can check the packets one-bu-one and identify who is resetting the connection

     

     

    Alternatively tou can filter for these values:

     

    tcp.analysis.retransmission

     

    tcp.analysis.rto

     

     

     

    Also I'll recommend to paste your VIP, POOL & Profile config here (after removing/modifying sensitive/proprietary data so someone can suggest if there is some configuration issue)

     

     

    Thanks

     

    Ajmal