sporadic user authenication issues
Dominique.Petitpierre at unige.ch
Thu Feb 19 15:58:03 EST 2015
On 02/18/2015 02:24 AM, Rhian Resnick wrote:
> Check the tcp idle parameters in this document might help.
In principle the issue mentioned in that document should not occur in
recent version of F5 BIG-IP LTM if the virtual server's "Source Port"
parameter is not set to "Preserve Strict".
For LTM version 11.5.0 and higher you might be affected by this
In our case it caused health monitors to fail sporadically and mark
"down" pool members for a very short time, then service failover to
another node would break the current TCP sessions, which might go
unnoticed for some time by waiting clients.
A clue is unexplained monitor quick "down"/"up" events in F5's /var/log/ltm,
and also SYN->, SYN/ACK<-, RST/ACK-> sequences in packet traces when
the TCP port is 54321.
(If they had chosen another more inconspicuous TCP port number than
54321 I might not have been intrigued and could be still searching for
the sporadic connection reset cause ...)
Mr Dominique Petitpierre, user=Dominique.Petitpierre domain=unige.ch
IT Division, University of Geneva, Switzerland
More information about the users