Forum Discussion
matsg_347866
Nimbostratus
NimbostratusF5 not Forwarding RST Packets
Hi all,
We're seeing some strange client behavior which the F5 LTM does not seem to handle well. The client sets up a SOCKS connection towards load balanced web proxy servers. After some time it sends a [FIN, ACK]. The web proxy sends an [ACK], then some SOCKS data and finally [FIN, ACK]. The client, however, simply sends two [RST] packets. I'm not sure which ones it is responding to exactly since the web proxy just sent three packets. What troubles me most, though, is that the resets are not being forwarded to the web proxy, which leads to it trying to send another FIN because its connection hasn't been yet been terminated correctly.
If I understand correctly this would mean that for the F5 the client side connection has been closed (due to the reset) but the server side connection is still open.
Is there a way the F5 could forward the reset so that the server side connection is also closed?
Thank you in advance for your ideas.
Kind regards, Mats
matsg_347866Here is a capture of the traffic:
1 0.000000 → TCP 85 60808 → 1080 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2274775105 TSecr=0 WS=128 2 0.000071 → TCP 104 60808 → 1080 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2274775105 TSecr=0 WS=128 3 0.000302 → TCP 108 1080 → 60808 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460 SACK_PERM=1 TSval=1954717130 TSecr=2274775105 WS=1 4 0.000581 → TCP 108 1080 → 60808 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460 SACK_PERM=1 TSval=1954717130 TSecr=2274775105 WS=1 5 0.001064 → TCP 96 60808 → 1080 [ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=2274775107 TSecr=1954717130 6 0.001074 → TCP 96 60808 → 1080 [ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=2274775107 TSecr=1954717130 7 0.001255 → Socks 100 Version: 5 Connect to server request 8 0.001523 → Socks 100 Version: 5 Connect to server request 9 0.002309 → Socks 98 Version: 5 Connect to server response 10 0.002320 → Socks 98 Version: 5 Connect to server response 11 0.002695 → TCP 96 60808 → 1080 [ACK] Seq=5 Ack=3 Win=29312 Len=0 TSval=2274775109 TSecr=1954717132 12 0.002699 → Socks 116 Version: 5 13 0.002714 → TCP 96 60808 → 1080 [ACK] Seq=5 Ack=3 Win=29312 Len=0 TSval=2274775109 TSecr=1954717132 14 0.002718 → Socks 116 Version: 5 15 0.004594 → TCP 96 1080 → 60808 [ACK] Seq=3 Ack=25 Win=65535 Len=0 TSval=1954717133 TSecr=2274775109 16 0.004600 → Socks 98 Version: 5 User authentication reply 17 0.004612 → TCP 96 1080 → 60808 [ACK] Seq=3 Ack=25 Win=65535 Len=0 TSval=1954717133 TSecr=2274775109 18 0.004618 → Socks 98 Version: 5 User authentication reply 19 0.005105 → Socks 106 Version: 5 20 0.005325 → Socks 106 Version: 5 21 0.006328 → Socks 106 Version: 5 User authentication reply 22 0.006351 → Socks 106 Version: 5 User authentication reply 23 0.024885 → TCP 96 60808 → 1080 [FIN, ACK] Seq=35 Ack=15 Win=29312 Len=0 TSval=2274775131 TSecr=1954717136 24 0.028217 → TCP 96 60808 → 1080 [FIN, ACK] Seq=35 Ack=15 Win=29312 Len=0 TSval=2274775131 TSecr=1954717136 25 0.028885 → TCP 96 1080 → 60808 [ACK] Seq=15 Ack=36 Win=65535 Len=0 TSval=1954717158 TSecr=2274775131 26 0.028890 → Socks 106 Version: 5 User authentication reply 27 0.028912 → TCP 96 1080 → 60808 [ACK] Seq=15 Ack=36 Win=65535 Len=0 TSval=1954717158 TSecr=2274775131 28 0.029154 → TCP 96 1080 → 60808 [FIN, ACK] Seq=25 Ack=36 Win=65535 Len=0 TSval=1954717159 TSecr=2274775131 29 0.029175 → Socks 106 Version: 5 User authentication reply 30 0.029187 → TCP 96 1080 → 60808 [FIN, ACK] Seq=25 Ack=36 Win=65535 Len=0 TSval=1954717159 TSecr=2274775131 31 0.029695 → TCP 84 60808 → 1080 [RST] Seq=36 Win=0 Len=0 32 0.029926 → TCP 65 60808 → 1080 [RST] Seq=36 Win=0 Len=0 33 0.337830 → TCP 87 [TCP Retransmission] 1080 → 60808 [FIN, PSH, ACK] Seq=15 Ack=36 Win=65535 Len=10 TSval=1954717468 TSecr=2274775131 34 0.337856 → TCP 119 [TCP Retransmission] 1080 → 60808 [FIN, PSH, ACK] Seq=15 Ack=36 Win=65535 Len=10 TSval=1954717468 TSecr=2274775131