Forum Discussion
ieflores_38076
Mar 16, 2011Nimbostratus
F5 maintains a SSL session opened until 16 seconds after it receives a FIN request
Hi, I´ve configured a basic https monitor with these parameters:
Send string: HEAD / HTTP/1.1\r\nHost: \r\nConnection: close
Receive string: HTTP/1.1
It is working fine, the server is marked up when it is accesible and down when it is not. However, I did a packet capture to analyse the performance of this monitor and I noticed the following: After the F5 receives a FIN request from the server, it (the f5) maintains the session opened for sixteen seconds more, after this time the F5 ack the fin request and closes the connection.
Why is this happening? I mean, Why even though the F5 receives a FIN it waits sixteen seconds to close the session? What I´d like to happen is that the F5 closes the connection once it receives the FIN request, not after sixteen seconds.
Note: the sixteen seconds are not related with the frecuency nor the timeout, I´ve changed these parameters and the issue is the same.
- hooleylistCirrostratusHi,
- L4L7_53191NimbostratusWow, that's a good one. There could be a few things going on here. I'm betting that this is a typical half-close, TIME_WAIT thing but we can't confirm that until we track down the source of that 16 seconds. If I am right, I'd expect to see a MSL of 8 seconds somewhere on the host side of the BigIP, but that seems odd to me somehow. Just to make sure I understand: I would expect the client (BigIP) to send the first FIN here, so are you seeing something like this?
- ieflores_38076NimbostratusThanks for the interest Matt.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects