For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Matt_70198's avatar
Matt_70198
Icon for Nimbostratus rankNimbostratus
Sep 25, 2012

Need help deciphering this tcpdump / resets from F5

Network connectivity is in place between F5 and server, but I can't telnet to server on 80/443 and healthchecks are failing. If I remove healthcheck I can hit VIP from browser and webpage comes up ok...
config
design
Matt_70198's avatar
Matt_70198
Icon for Nimbostratus rankNimbostratus
Oct 02, 2012

We are using the normal http and https healthchecks. I was able to open a second session on the load balancer and capture traffic on the interface a little better.

 

16:48:06.687386 10.229.148.7.35891 > 10.229.192.206.http: S 104961729:104961729(0) win 5840 (DF)

 

 

16:48:06.688099 10.229.192.206.http > 10.229.148.7.35891: S 794931445:794931445(0) ack 2103057099 win 5792 (DF)

 

 

16:48:06.688342 10.229.148.7.35891 > 10.229.192.206.http: R 2103057099:2103057099(0) win 0 (DF)

 

 

We figured it out though, LB sent traffic to FW, and on to server, then server was sending return traffic back an asymetric path not through FW (it's a messed up environment). Had to add a static route on server and all was good.