Forum Discussion
We are far from 2012 but I just fall in this thread and after some analysis, I decided to answer with the problems identified in this scenario:
1. SYN packet from F5 self-ip, server-side, not answered:
09:59:05.152362 arp who-has XXX.XXX.XXX.153 tell XXX.XXX.XXX.142 out slot1/tmm0 lis=
09:59:05.152940 arp reply XXX.XXX.XXX.153 is-at 00:50:56:84:27:44 in slot1/tmm1 lis=
09:59:08.151357 IP XXX.XXX.XXX.144.51298 > XXX.XXX.XXX.153.http: S 2929947028:2929947028(0) win 4380 out slot1/tmm0 lis=NOS_Test
09:59:11.351549 IP XXX.XXX.XXX.144.51298 > XXX.XXX.XXX.153.http: S 2929947028:2929947028(0) win 4380 out slot1/tmm0 lis=NOS_Test
09:59:14.551543 IP XXX.XXX.XXX.144.51298 > XXX.XXX.XXX.153.http: S 2929947028:2929947028(0) win 4380 out slot1/tmm0 lis=NOS_Test
09:59:17.751434 IP XXX.XXX.XXX.144.28570 > XXX.XXX.XXX.153.http: S 1018696290:1018696290(0) win 4380 out slot1/tmm0 lis=NOS_Test
09:59:20.751355 IP XXX.XXX.XXX.144.28570 > XXX.XXX.XXX.153.http: S 1018696290:1018696290(0) win 4380 out slot1/tmm0 lis=NOS_Test
We can see the “BAD/offending” server is not responding to SYN packets from F5 with source address “XXX.XXX.XXX.144”. Reasons:
• Assuming there is not Firewall ACL at the “BAD/offending server” (I would check this to be sure)
• There is a routing problem in the “BAD/offending” server:
o Either is responding to the SYN packet thru another interface/GW, which definitely not the F5
o It lacks a default route and, in case the F5 source address inside the SYN packet is in another subnet, then the “BAD/offending” in unable to respond to the SYN packet
So I would probably review the routing configuration on the offending server in order to solve this issue.
KR, Francisco