Forum Discussion
fluzocapacitor
Altocumulus
AltocumulusIssue with Capturing SYN-ACK Packets on F5 BigIP Virtual Server
Hello everyone, I have a virtual server set up on an F5 BigIP. I captured traffic on a client (IP: 10.16.x.x) of the balanced service and on the virtual server itself (IP: 10.16.y.y). On the client ...
wendelyes
Altostratus
AltostratusHello,
Yes, with this configuration the session is going to be candidate to offload after the first SYN packet. You can change the TCP offload state to EST and you will be sure that the SYN-ACK packet is not going to be offloaded.
Anyway, I don't think the offload is the root cause of your issue. If the client-to-server flow is offloaded then you should also not see the ACK or GET packet.
I think you issue is related with asymmetric traffic and that the SYN-ACK does not go through the f5
Regards
fluzocapacitorHello everyone,
Thank you for your suggestions. I have confirmed that there is no asymmetric traffic since the F5 is the default gateway for the pool nodes of the virtual server. Therefore, all packets must pass through the load balancer as the clients are on a different network.
Anyway, I agree with you that if the client-to-server flow were offloaded then I should also not see the ACK or GET packets.
Additionally, I wanted to provide more context for the issue. The problem arises when the SYN Cookie mechanism is enabled on the virtual server. Some servers are unable to connect to the service because they receive a server-reset (RST) packet. I was trying to capture traffic on both the client and the server (F5) to understand what was happening.
If you have any further suggestions or insights, I would greatly appreciate it.
Thank you!
boneyardMVP
Can you give changing those PVA settings a go? On a different non production VIP of course, see if it makes a different without offloading.
- fluzocapacitor
I wish I could. Unfortunately, I don’t have access to load balancers for testing in a non-production environment.