Forum Discussion

Amit585731's avatar
Amit585731
Icon for Nimbostratus rankNimbostratus
Jan 14, 2016

Regarding http vip

Dear All,

 

We are seeing an issue where when directly hitting the server the application working fine but when going via vip the request fails. I checked on tcpdump and found that for httpget request via vip we were seeing 401 in response header. The vip is standard vip, http type. So it can be possible that f5 does http inspection and when getting response 401 it is dropping connection. While when directly hitting the application server since source is browser the it may be ignoring the 401 code. Please suggest.

 

Thanks for your help in advance.

 

Thanks

 

  • No, the LTM should send the 401 response back to the client provided the VIP is up. Do you have a monitor on the pool possibly marking the pool down because of the 401? Can you share your pcap?

     

    • Amit585731's avatar
      Amit585731
      Icon for Nimbostratus rankNimbostratus
      Hi Brad, Thanks for response. The VIP is up not sure why users are getting page not available. One thing I noticed that the application using auth header i.e. basic realm, OAuth etc. When they are directly hitting the pool member we are seeing OAuth as the URL of backend application to which pool member is pointing. But when going via VIP, in OAuth header we are seeing VIP URL. So is this something needed to be checked? Do OAuth needs to be same at pool member and backend. Please suggest. I will collect the wireshark and try to paste here. Thanks.
  • No, the LTM should send the 401 response back to the client provided the VIP is up. Do you have a monitor on the pool possibly marking the pool down because of the 401? Can you share your pcap?

     

    • Amit585731's avatar
      Amit585731
      Icon for Nimbostratus rankNimbostratus
      Hi Brad, Thanks for response. The VIP is up not sure why users are getting page not available. One thing I noticed that the application using auth header i.e. basic realm, OAuth etc. When they are directly hitting the pool member we are seeing OAuth as the URL of backend application to which pool member is pointing. But when going via VIP, in OAuth header we are seeing VIP URL. So is this something needed to be checked? Do OAuth needs to be same at pool member and backend. Please suggest. I will collect the wireshark and try to paste here. Thanks.