sporadic user authenication issues
Dominique Petitpierre
Dominique.Petitpierre at unige.ch
Thu Feb 19 15:58:03 EST 2015
Hello,
On 02/18/2015 02:24 AM, Rhian Resnick wrote:
>
> Check the tcp idle parameters in this document might help.
>
>
> http://markgamache.blogspot.com/2010/12/tuning-f5-big-ip-performance-to-ruin.html
In principle the issue mentioned in that document should not occur in
recent version of F5 BIG-IP LTM if the virtual server's "Source Port"
parameter is not set to "Preserve Strict".
For LTM version 11.5.0 and higher you might be affected by this
vicious "bug":
https://support.f5.com/kb/en-us/solutions/public/15000/900/sol15907.html?sr=43956069
In our case it caused health monitors to fail sporadically and mark
"down" pool members for a very short time, then service failover to
another node would break the current TCP sessions, which might go
unnoticed for some time by waiting clients.
A clue is unexplained monitor quick "down"/"up" events in F5's /var/log/ltm,
and also SYN->, SYN/ACK<-, RST/ACK-> sequences in packet traces when
the TCP port is 54321.
(If they had chosen another more inconspicuous TCP port number than
54321 I might not have been intrigued and could be still searching for
the sporadic connection reset cause ...)
Regards,
--
Mr Dominique Petitpierre, user=Dominique.Petitpierre domain=unige.ch
IT Division, University of Geneva, Switzerland
More information about the users
mailing list