Forum Discussion
ieflores_38076
Mar 16, 2011Nimbostratus
F5 maintains a SSL session opened until 16 seconds after it receives a FIN request
Hi, I´ve configured a basic https monitor with these parameters:
Send string: HEAD / HTTP/1.1\r\nHost: \r\nConnection: close
Receive string: HTTP/1.1
It is working fine, th...
L4L7_53191
Mar 23, 2011Nimbostratus
Wow, that's a good one. There could be a few things going on here. I'm betting that this is a typical half-close, TIME_WAIT thing but we can't confirm that until we track down the source of that 16 seconds. If I am right, I'd expect to see a MSL of 8 seconds somewhere on the host side of the BigIP, but that seems odd to me somehow. Just to make sure I understand: I would expect the client (BigIP) to send the first FIN here, so are you seeing something like this?
(C) (S)
FIN---> close_wait
fin_wait <--- ACK
time_wait <---- FIN
...16 seconds pass, you go get a beer, etc.
ACK---> closed
Is that diagram correct?
Also, have you by chance tried this with a typical HTTP monitor? Is that monitor HEAD request correct? I'd expect \r\n\r\n at the end to complete it. If you're seeing the FIN come from the server first, I wonder if it's responding to a request that's incomplete (missing the two CRLF), then sending its FIN, at which point there's some timeout on the request side...but I suppose I'd expect a RST in that picture...hmm you got me churning on this one!
One other note: there's been some debate on RFC 2616 and HTTP connection management regarding how much consideration was given to how TCP does its thing. If you're interested you may want to read through this - not that it's got a solution to this issue but it may be a factor:
http://lists.w3.org/Archives/Public/ietf-http-wg-old/2001JanApr/0036.html
-- and and old but really interesting draft discussing connection management.
http://ftp.ics.uci.edu/pub/ietf/http/draft-ietf-http-connection-00.txt
Keep us posted, and more data would be appreciated :)
-Matt
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects