Forum Discussion
Client receive socket error
Hi all, we have just finish the F5 VE setup and starting with the 1st tesing and we encounter socket error on the client side
We were able to telnet the VS IP & Port from the client.
I have capture the tcpdump between client to F5 and trying to understand the handshake part.. would anyone be able to advise ?
Note: I have replace the Source IP = Source IP and Virtual Server IP = VS
Tcp dump Client to F5
02:04:33.637019 IP SourceIP.61406 > VS.10443: S 393854717:393854717(0) win 8192
02:04:33.637120 IP VS.10443 > SourceIP.61406: S 1243836893:1243836893(0) ack 393854718 win 4380
02:04:33.639949 IP SourceIP.61406 > VS.10443: . ack 1 win 64240
02:04:33.645381 IP SourceIP.61406 > VS.10443: P 1:53(52) ack 1 win 64240
02:04:33.645436 IP VS.10443 > SourceIP.61406: P 1:803(802) ack 53 win 4380
02:04:33.658065 IP SourceIP.61406 > VS.10443: P 53:192(139) ack 803 win 63438
02:04:33.659210 IP VS.10443 > SourceIP.61406: . ack 192 win 4571
02:04:33.665987 IP SourceIP.61406 > VS.10443: P 192:198(6) ack 803 win 63438
02:04:33.666001 IP VS.10443 > SourceIP.61406: . ack 198 win 4577
02:04:33.675939 IP SourceIP.61406 > VS.10443: P 198:243(45) ack 803 win 63438
02:04:33.675991 IP VS.10443 > SourceIP.61406: . ack 243 win 4622
02:04:33.676781 IP VS.10443 > SourceIP.61406: P 803:809(6) ack 243 win 4622
02:04:33.676806 IP VS.10443 > SourceIP.61406: P 809:854(45) ack 243 win 4622
02:04:33.679213 IP SourceIP.61406 > VS.10443: . ack 854 win 63387
02:04:33.713061 IP SourceIP.61406 > VS.10443: P 243:456(213) ack 854 win 63387
02:04:33.713075 IP VS.10443 > SourceIP.61406: . ack 456 win 4835
02:04:38.637618 arp who-has VS tell 10.8.227.254
02:04:38.637648 arp reply VS is-at 00:50:56:84:0f:50 (oui Unknown)
02:04:45.675974 IP VS.10443 > SourceIP.61406: R 854:854(0) ack 456 win 4835
02:21:14.284465 arp who-has VS tell 10.8.227.254
02:21:14.284497 arp reply VS is-at 00:50:56:84:0f:50 (oui Unknown)
02:21:14.286888 IP SourceIP.61572 > VS.amanda: S 1407086659:1407086659(0) win 8192
02:21:14.287072 IP VS.amanda > SourceIP.61572: S 3400928483:3400928483(0) ack 1407086660 win 4380
02:21:14.297839 IP SourceIP.61572 > VS.amanda: . ack 1 win 64240
02:21:14.354429 IP SourceIP.61572 > VS.amanda: P 1:185(184) ack 1 win 64240
02:21:14.354708 IP VS.amanda > SourceIP.61572: . ack 185 win 4564
02:21:26.354475 IP VS.amanda > SourceIP.61572: R 1:1(0) ack 185 win 4564
02:21:44.002801 IP SourceIP.61573 > VS.amanda: S 2339575959:2339575959(0) win 8192
02:21:44.002899 IP VS.amanda > SourceIP.61573: S 939635479:939635479(0) ack 2339575960 win 4380
02:21:44.006175 IP SourceIP.61573 > VS.amanda: . ack 1 win 64240
02:21:44.072147 IP SourceIP.61573 > VS.amanda: P 1:185(184) ack 1 win 64240
02:21:44.072500 IP VS.amanda > SourceIP.61573: . ack 185 win 4564
02:21:49.002935 arp who-has VS tell 10.8.227.254
02:21:49.002970 arp reply VS is-at 00:50:56:84:0f:50 (oui Unknown)
02:21:56.071802 IP VS.amanda > SourceIP.61573: R 1:1(0) ack 185 win 4564
02:22:00.817201 IP SourceIP.61574 > VS.kamanda: S 1234005134:1234005134(0) win 8192
02:22:00.817378 IP VS.kamanda > SourceIP.61574: S 510475054:510475054(0) ack 1234005135 win 4380
02:22:00.820048 IP SourceIP.61574 > VS.kamanda: . ack 1 win 64240
02:22:00.859254 IP SourceIP.61574 > VS.kamanda: P 1:185(184) ack 1 win 64240
02:22:00.859539 IP VS.kamanda > SourceIP.61574: . ack 185 win 4564
02:22:12.858954 IP VS.kamanda > SourceIP.61574: R 1:1(0) ack 185 win 4564
- IheartF5_45022Nacreous
Does the server have a route to the SNAT IP?
Run a tcpdump on the server to see what is happening. Use
tcpdump -i 0.0:nnn -s0 -X port 80 and host
What does this tell you? If too much traffic replace the -X with -w /var/tmp/doran.cap to get a binary file you can view in Wireshark.
- Doran_LumNimbostratus
Thanks so much, I change the settings as below and it works.
Source Address Translation: AutoMap
Does the server have a route to the SNAT IP? Just in case I encounter a similar issue, where do I set this route...
- IheartF5_45022Nacreous
On the server use "route add" to point the SNAT network to the next-hop address leading to the F5.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com