Forum Discussion

Doran_Lum_13484's avatar
Doran_Lum_13484
Icon for Nimbostratus rankNimbostratus
Feb 27, 2014

Client receive socket error

Hi all, we have just finish the F5 VE setup and starting with the 1st tesing and we encounter socket error on the client side

 

We were able to telnet the VS IP & Port from the client.

 

I have capture the tcpdump between client to F5 and trying to understand the handshake part.. would anyone be able to advise ?

 

Note: I have replace the Source IP = Source IP and Virtual Server IP = VS

 

Tcp dump Client to F5

 

02:04:33.637019 IP SourceIP.61406 > VS.10443: S 393854717:393854717(0) win 8192

 

02:04:33.637120 IP VS.10443 > SourceIP.61406: S 1243836893:1243836893(0) ack 393854718 win 4380

 

02:04:33.639949 IP SourceIP.61406 > VS.10443: . ack 1 win 64240

 

02:04:33.645381 IP SourceIP.61406 > VS.10443: P 1:53(52) ack 1 win 64240

 

02:04:33.645436 IP VS.10443 > SourceIP.61406: P 1:803(802) ack 53 win 4380

 

02:04:33.658065 IP SourceIP.61406 > VS.10443: P 53:192(139) ack 803 win 63438

 

02:04:33.659210 IP VS.10443 > SourceIP.61406: . ack 192 win 4571

 

02:04:33.665987 IP SourceIP.61406 > VS.10443: P 192:198(6) ack 803 win 63438

 

02:04:33.666001 IP VS.10443 > SourceIP.61406: . ack 198 win 4577

 

02:04:33.675939 IP SourceIP.61406 > VS.10443: P 198:243(45) ack 803 win 63438

 

02:04:33.675991 IP VS.10443 > SourceIP.61406: . ack 243 win 4622

 

02:04:33.676781 IP VS.10443 > SourceIP.61406: P 803:809(6) ack 243 win 4622

 

02:04:33.676806 IP VS.10443 > SourceIP.61406: P 809:854(45) ack 243 win 4622

 

02:04:33.679213 IP SourceIP.61406 > VS.10443: . ack 854 win 63387

 

02:04:33.713061 IP SourceIP.61406 > VS.10443: P 243:456(213) ack 854 win 63387

 

02:04:33.713075 IP VS.10443 > SourceIP.61406: . ack 456 win 4835

 

02:04:38.637618 arp who-has VS tell 10.8.227.254

 

02:04:38.637648 arp reply VS is-at 00:50:56:84:0f:50 (oui Unknown)

 

02:04:45.675974 IP VS.10443 > SourceIP.61406: R 854:854(0) ack 456 win 4835

 

02:21:14.284465 arp who-has VS tell 10.8.227.254

 

02:21:14.284497 arp reply VS is-at 00:50:56:84:0f:50 (oui Unknown)

 

02:21:14.286888 IP SourceIP.61572 > VS.amanda: S 1407086659:1407086659(0) win 8192

 

02:21:14.287072 IP VS.amanda > SourceIP.61572: S 3400928483:3400928483(0) ack 1407086660 win 4380

 

02:21:14.297839 IP SourceIP.61572 > VS.amanda: . ack 1 win 64240

 

02:21:14.354429 IP SourceIP.61572 > VS.amanda: P 1:185(184) ack 1 win 64240

 

02:21:14.354708 IP VS.amanda > SourceIP.61572: . ack 185 win 4564

 

02:21:26.354475 IP VS.amanda > SourceIP.61572: R 1:1(0) ack 185 win 4564

 

02:21:44.002801 IP SourceIP.61573 > VS.amanda: S 2339575959:2339575959(0) win 8192

 

02:21:44.002899 IP VS.amanda > SourceIP.61573: S 939635479:939635479(0) ack 2339575960 win 4380

 

02:21:44.006175 IP SourceIP.61573 > VS.amanda: . ack 1 win 64240

 

02:21:44.072147 IP SourceIP.61573 > VS.amanda: P 1:185(184) ack 1 win 64240

 

02:21:44.072500 IP VS.amanda > SourceIP.61573: . ack 185 win 4564

 

02:21:49.002935 arp who-has VS tell 10.8.227.254

 

02:21:49.002970 arp reply VS is-at 00:50:56:84:0f:50 (oui Unknown)

 

02:21:56.071802 IP VS.amanda > SourceIP.61573: R 1:1(0) ack 185 win 4564

 

02:22:00.817201 IP SourceIP.61574 > VS.kamanda: S 1234005134:1234005134(0) win 8192

 

02:22:00.817378 IP VS.kamanda > SourceIP.61574: S 510475054:510475054(0) ack 1234005135 win 4380

 

02:22:00.820048 IP SourceIP.61574 > VS.kamanda: . ack 1 win 64240

 

02:22:00.859254 IP SourceIP.61574 > VS.kamanda: P 1:185(184) ack 1 win 64240

 

02:22:00.859539 IP VS.kamanda > SourceIP.61574: . ack 185 win 4564

 

02:22:12.858954 IP VS.kamanda > SourceIP.61574: R 1:1(0) ack 185 win 4564

 

  • Does the server have a route to the SNAT IP?

     

    Run a tcpdump on the server to see what is happening. Use

     

    tcpdump -i 0.0:nnn -s0 -X port 80 and host

     

    What does this tell you? If too much traffic replace the -X with -w /var/tmp/doran.cap to get a binary file you can view in Wireshark.

     

  • Thanks so much, I change the settings as below and it works.

     

    Source Address Translation: AutoMap

     

    Does the server have a route to the SNAT IP? Just in case I encounter a similar issue, where do I set this route...

     

  • On the server use "route add" to point the SNAT network to the next-hop address leading to the F5.