Forum Discussion

fluzocapacitor's avatar
fluzocapacitor
Icon for Altocumulus rankAltocumulus
Jun 10, 2024

Issue with Capturing SYN-ACK Packets on F5 BigIP Virtual Server

Hello everyone, I have a virtual server set up on an F5 BigIP. I captured traffic on a client (IP: 10.16.x.x) of the balanced service and on the virtual server itself (IP: 10.16.y.y). On the client ...
application delivery
wendelyes's avatar
wendelyes
Icon for Altostratus rankAltostratus

Hello,

 

Yes, with this configuration the session is going to be candidate to offload after the first SYN packet. You can change the TCP offload state to EST and you will be sure that the SYN-ACK packet is not going to be offloaded.

 

Anyway, I don't think the offload is the root cause of your issue. If the client-to-server flow is offloaded then you should also not see the ACK or GET packet.

I think you issue is related with asymmetric traffic and that the SYN-ACK does not go through the f5

 

Regards

fluzocapacitor's avatar
fluzocapacitor
Icon for Altocumulus rankAltocumulus
Jun 17, 2024

Hello everyone,

Thank you for your suggestions. I have confirmed that there is no asymmetric traffic since the F5 is the default gateway for the pool nodes of the virtual server. Therefore, all packets must pass through the load balancer as the clients are on a different network.

Anyway, I agree with you that if the client-to-server flow were offloaded then I should also not see the ACK or GET packets.

Additionally, I wanted to provide more context for the issue. The problem arises when the SYN Cookie mechanism is enabled on the virtual server. Some servers are unable to connect to the service because they receive a server-reset (RST) packet. I was trying to capture traffic on both the client and the server (F5) to understand what was happening.

If you have any further suggestions or insights, I would greatly appreciate it.

Thank you!

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Jun 30, 2024

    Can you give changing those PVA settings a go? On a different non production VIP of course, see if it makes a different without offloading.

    • fluzocapacitor's avatar
      fluzocapacitor
      Icon for Altocumulus rankAltocumulus
      Jun 30, 2024

      I wish I could. Unfortunately, I don’t have access to load balancers for testing in a non-production environment.

      • boneyard's avatar
        boneyard
        Icon for MVP rankMVP
        Jul 01, 2024

        You dont need a whole load balancer to test this. Just create another Fast L4 profile with offload disabled and setup a different virtual server that uses that one, you can reuse the pool or create another.

        Then access that virtual server and do the capture.