Forum Discussion
fluzocapacitor
Altocumulus
AltocumulusIssue with Capturing SYN-ACK Packets on F5 BigIP Virtual Server
Hello everyone, I have a virtual server set up on an F5 BigIP. I captured traffic on a client (IP: 10.16.x.x) of the balanced service and on the virtual server itself (IP: 10.16.y.y). On the client ...
fluzocapacitorAltocumulus
AltocumulusHello everyone,
Thank you for your suggestions. I have confirmed that there is no asymmetric traffic since the F5 is the default gateway for the pool nodes of the virtual server. Therefore, all packets must pass through the load balancer as the clients are on a different network.
Anyway, I agree with you that if the client-to-server flow were offloaded then I should also not see the ACK or GET packets.
Additionally, I wanted to provide more context for the issue. The problem arises when the SYN Cookie mechanism is enabled on the virtual server. Some servers are unable to connect to the service because they receive a server-reset (RST) packet. I was trying to capture traffic on both the client and the server (F5) to understand what was happening.
If you have any further suggestions or insights, I would greatly appreciate it.
Thank you!
boneyard
MVP
MVPCan you give changing those PVA settings a go? On a different non production VIP of course, see if it makes a different without offloading.
- fluzocapacitor
I wish I could. Unfortunately, I don’t have access to load balancers for testing in a non-production environment.
- boneyard
You dont need a whole load balancer to test this. Just create another Fast L4 profile with offload disabled and setup a different virtual server that uses that one, you can reuse the pool or create another.
Then access that virtual server and do the capture.