For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Daniel_Ao_10370's avatar
Daniel_Ao_10370
Icon for Nimbostratus rankNimbostratus
May 29, 2017

Client stuck in TCP SYN sometimes

Hello all, After upgraded LTM from 3600 (TMOS version 10.2) to 2000 (TMOS version 11.5.4). I found that sometime Client may stuck in TCP SYN status. Below is my scenario.   I created 1 Virtual Se...
application delivery
BIG-IP
dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
May 29, 2017

Hi,

Best way to find out is:

  • Do tcpdump on BIG-IP - something like 
    tcpdump -nni -s0 0.0:p host [VS IP]
    - not sure if this will work, you can try 
    tcpdump -nni -s0 0.0:p 'host [client 1 IP] or host [client 2 IP]'
  • Issue 
    watch -n 1 tmsh show sys connection cs-server-addr [VS IP]

Then you should see more or less what happens on BIG-IP when two clients are connecting to VS. Sure best option is do that in test environment where you are not processing thousands of connections.

But seems to be kind of bug, because you should get RST after Idle Timeout set TCP profile - except if you have Reset on Timeout disabled in TCP profile.

Piotr