JRahm
Admin
AdminLTM ignores tcp rst or fin flags and timouts connection
Posting on behalf of a member who is having trouble posting this:
Hello,
we have issue with one pool member. We have enabled https monitor for member. Monitor works fine and production traffic as well but we have noticed short service interruptions. After deeper investigation is seems that LTM ignores TCP packet with FIN or RST flag set and did not close TCP connection.
Take a look for tcpdump from LTM:
14:58:32.285201 IP 10.211.200.243.18724 > 10.211.212.72.https: S 1154236661:1154236661(0) win 14600 out slot1/tmm0 lis= flowtype=130 flowid=5700012E5F00 peerid=5700012E6500 conflags=626 inslot=0 inport=0 haunit=0 priority=0
14:58:32.299810 IP 10.211.212.72.https > 10.211.200.243.18724: S 2860122587:2860122587(0) ack 1154236662 win 14480 in slot1/tmm0 lis= flowtype=130 flowid=5700012E5F00 peerid=5700012E6500 conflags=626 inslot=0 inport=0 haunit=0 priority=0
14:58:32.299961 IP 10.211.200.243.18724 > 10.211.212.72.https: . ack 1 win 115 out slot1/tmm0 lis= flowtype=130 flowid=5700012E5F00 peerid=5700012E6500 conflags=626 inslot=0 inport=0 haunit=0 priority=0
14:58:32.300273 IP 10.211.200.243.18724 > 10.211.212.72.https: P 1:130(129) ack 1 win 115 out slot1/tmm0 lis= flowtype=130 flowid=5700012E5F00 peerid=5700012E6500 conflags=626 inslot=0 inport=0 haunit=0 priority=0
14:58:32.317345 IP 10.211.212.72.https > 10.211.200.243.18724: P 1:167(166) ack 130 win 243 in slot1/tmm0 lis= flowtype=130 flowid=5700012E5F00 peerid=5700012E6500 conflags=626 inslot=0 inport=0 haunit=0 priority=0
14:58:32.317487 IP 10.211.200.243.18724 > 10.211.212.72.https: . ack 167 win 123 out slot1/tmm0 lis= flowtype=130 flowid=5700012E5F00 peerid=5700012E6500 conflags=626 inslot=0 inport=0 haunit=0 priority=0
14:58:32.317895 IP 10.211.200.243.18724 > 10.211.212.72.https: P 130:205(75) ack 167 win 123 out slot1/tmm0 lis= flowtype=130 flowid=5700012E5F00 peerid=5700012E6500 conflags=626 inslot=0 inport=0 haunit=0 priority=0
14:58:32.317976 IP 10.211.200.243.18724 > 10.211.212.72.https: P 205:322(117) ack 167 win 123 out slot1/tmm0 lis= flowtype=130 flowid=5700012E5F00 peerid=5700012E6500 conflags=626 inslot=0 inport=0 haunit=0 priority=0
14:58:32.333454 IP 10.211.212.72.https > 10.211.200.243.18724: . ack 322 win 243 in slot1/tmm0 lis= flowtype=130 flowid=5700012E5F00 peerid=5700012E6500 conflags=626 inslot=0 inport=0 haunit=0 priority=0
14:58:32.360053 IP 10.211.212.72.https > 10.211.200.243.18724: P 167:332(165) ack 322 win 243 in slot1/tmm0 lis= flowtype=130 flowid=5700012E5F00 peerid=5700012E6500 conflags=626 inslot=0 inport=0 haunit=0 priority=0
14:58:32.360329 IP 10.211.200.243.18724 > 10.211.212.72.https: P 322:375(53) ack 332 win 131 out slot1/tmm0 lis= flowtype=130 flowid=5700012E5F00 peerid=5700012E6500 conflags=626 inslot=0 inport=0 haunit=0 priority=0
14:58:32.360408 IP 10.211.212.72.https > 10.211.200.243.18724: P 332:385(53) ack 322 win 243 in slot1/tmm0 lis= flowtype=130 flowid=5700012E5F00 peerid=5700012E6500 conflags=626 inslot=0 inport=0 haunit=0 priority=0
14:58:32.360618 IP 10.211.212.72.https > 10.211.200.243.18724: F 385:385(0) ack 322 win 243 in slot1/tmm0 lis= flowtype=130 flowid=5700012E5F00 peerid=5700012E6500 conflags=626 inslot=0 inport=0 haunit=0 priority=0
14:58:32.374770 IP 10.211.212.72.https > 10.211.200.243.18724: R 2860122919:2860122919(0) win 0 in slot1/tmm0 lis= flowtype=130 flowid=5700012E5F00 peerid=5700012E6500 conflags=626 inslot=0 inport=0 haunit=0 priority=0
15:03:33.381555 IP 10.211.200.243.18724 > 10.211.212.72.https: R 375:375(0) ack 386 win 0 out slot1/tmm0 lis= flowtype=130 flowid=5700012E5F00 peerid=5700012E6500 conflags=62E inslot=0 inport=0 haunit=0 priority=0 rst_cause="[0x1eb69cd:625] {peer} Flow expired (sweeper) (idle timeout)
Any idea what is going on? In the same pool we have another pool member but with different monitor and it works fine.
