Forum Discussion

tal112_242253's avatar
tal112_242253
Icon for Nimbostratus rankNimbostratus
Jan 06, 2016

current connections won't decrease in Nodes

I Have BIGIP and i have problem in the connection limit...

 

I have 74 Nodes in one pool 1 virtual server with presistence profile the type configuration of the virtual server is performance (layer 4) until yesterday all works perfect...

 

one day i see that all the nodes in my pool are in they top limit 15 out of 15 for each node

 

the F5 show Current Connections for 1 node is 60 so i enter the server (windows server 2012) and see that was only 10 logged in users all active no idle...

 

the Current Connections only goes up and not update or sync with the real number of Current Connections

 

what can cause this problem??

 

  • Hi, why are you limiting the connections to 15? this limit is the TCP concurrent connections limit not the actual count of connected user. In other words one unique user can generate dozens of connections simultaneously for each session. Maybe I didn't understand your question, can you share this command output "tmsh list ltm virtual VS_name" and an excerpt of "tmsh list ltm node"

     

  • ltm virtual Terminal_2012_UDP {
        destination 10.19.23.50:any
        mask 255.255.255.255
        persist {
            source_addr {
                default yes
            }
        }
        pool TRM_2012
        profiles {
            fastL4 { }
        }
        snat automap
        translate-port disabled
    }
    

    your correct i see from every user 3 - 4 TCP connections from the same ip... (i use the command "tmsh show sys connection ss-server-addr serverip") how can i allow or force only 1 TCP connection?

    this is one example

    10.110.10.86:63026 10.19.23.85:3389 18.1.1.72:3389 tcp 1 10.110.10.86:63745 10.19.23.85:3389 18.1.1.72:3389 udp 0 10.19.71.202:52968 18.1.1.72:3389 18.1.1.72:3389 tcp 1 10.19.71.202:53000 18.1.1.72:3389 18.1.1.72:3389 tcp 1

    i have connection from .202 2 tcp connection?! why?! and why the f5 i counting the tcp and the udp in the user .86

  • Hi,

    I think this output is for another VS than Terminal_2012_UDP

    10.110.10.86:63026 10.19.23.85:3389 18.1.1.72:3389 tcp 1 
    10.110.10.86:63745 10.19.23.85:3389 18.1.1.72:3389 udp 0 
    10.19.71.202:52968 18.1.1.72:3389 18.1.1.72:3389 tcp 1 
    10.19.71.202:53000 18.1.1.72:3389 18.1.1.72:3389 tcp 1
    

    To filter the connections of this VS, use tmsh 'show sys conn cs-server-addr 10.19.23.50'

    your correct i see from every user 3 - 4 TCP connections from the same ip... (i use the command "tmsh show sys connection ss-server-addr serverip") how can i allow or force only 1 TCP connection?

    I think you would need to set up an irule for that, there is some examples in DevCentral. However, I would double check that this limit won't break things because depending on the application that will transit on this VS -which is an all ports VS- you'll likely have traffic that needs more than one active TCP connection. Additionally sometimes clients or servers just hang up without properly closing the TCP connection, this will let an idle TCP connection referenced on F5 for a default of 5 minutes preventing legitimate connection to establish if you set up a limit of 1