Dropped Connections

Question

The issue we are seeing is that the F5 Load balancer is trying to initiate a new connection to the backend server with a source port that has not been completely closed on the backend server yet (still in TIME_WAIT) from a previous connection. This causes us to see a TCP Port Number Reuse message in the captures and the backend servers are not responding to the new SYN messages from the F5. The F5 then resets the connection because it sends 3 SYN packets without a response. There is a snippet of the capture in the image attached.&nbsp;
We are trying to figure out what the options are to fix this behavior. 
1)Can we look into enabling OneConnect source mask? If we do this how does this affect other VIPs? Is this a global configuration?
2)Perhaps we need to build a SNAT pool for this VIP to use instead of automap?
3)Do we need to change the Virtual server type to allow us to adjust the TCP timers? What is the best practice?&nbsp;

justin1 · Answer

We are having the exact same issue. Did you get a solution to this?

boneyard · Answer

while it might look similar the chance is pretty small you encounter the exact same issue three years later.

it is probably worth the effort to start a new question and explaining your situation well (TMOS version, virtual server config, ...) with the capture that is lost in the original question.

Forum Discussion

Dropped Connections

Recent Discussions

self-directed requests fail because of no certificate

Decode ObjectSID from Base64-encode string

iRule - Url rewrite and header replace and pool selection not working

ip x-forwarding

F5 ASM API-Protection Policy

Related Content

Scanning for CVE-2017-9841 Drops Precipitously

Site-to-Site Connectivity in F5 Distributed Cloud Network Connect – Reference Architecture

Dropping connections after a specific part of URI

How do I drop traffic on ASM?

Drop reason counters.rx_portd_rdisc

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS