For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Valentine_96813's avatar
Valentine_96813
Icon for Nimbostratus rankNimbostratus
Aug 01, 2011

Randomized Ports

I have been working an issue with a client regarding a high number of reported errors connecting to a production pool. After several monitors and lots of trial and error, we discovered that it was re...
microsoft
partner
Valentine_96813's avatar
Valentine_96813
Icon for Nimbostratus rankNimbostratus
Aug 08, 2011
We are using 3600 and 8900s running 10.1 HF2. We SNAT to an Server VLAN IP on a VS by VS basis. Basically, if a VS is a Prod or DEV VS it will be in the same FE VS range, but the SNAT for each would be different being that the BE devices are on different networks. Each FE VS has its own corresponding unique SNAT just like its listening IP.

 

 

We found this issue primarily on our Windows boxes using sniffers and the NMAP command. What we would see, is from the SNAT address a number or requests preserving the client ports. Using NMAP, we would see the number of open ports on the server. Occasionally, under load, we would see a request coming in to the server but no ack. Using NMAP, we would see that that paticular port would already be considered open and the server would ignore the traffic and the user would receive a "page cannot be displayed" or "404". F5 support had us turn of preserver ports and the problem went away.

 

 

What I am looking for, is some other way to address this problem that would allow me to turn that function back on.