Forum Discussion

Steve_A_130918's avatar
Steve_A_130918
Icon for Nimbostratus rankNimbostratus
Dec 19, 2013

SMTP Intermittent Connection Failure

Hi

 

I have a VIP fronting 3 Exchange 2007 transport hubs on smtp port 25. It appears to work correctly for 99% of the accessing servers, but for a couple it times out intermittently. You can test (via telnet) 5-10 times and it succeeeds every time, then you get a slow response, then it fails two or three times then responds again

 

I have put in an I-Rule to log the connections from the failing servers and if the VIP is set as a standard one, nothing is logged when the server connection fails, but if I change it to a 'Performance (Layer 4)' it logs the connection whether the connection to the smtp server succeeds or fails.

 

If I Wireshark the failing traffic on the originating server I can see the Syn, two retries and the fail, or normal traffic if the connection succeeds.

 

The failures don't appear to relate to a specific target host as they all respond to the server (when it does work), and connecting direct (not through the F5) works consistently.

 

Network Config: originating server 10.32.9.198/24 F5 VIP IP 10.32.9.201 F5 Self IP 10.32.8.23/24 SMTP Exchange servers 10.32.8.125, 10.32.8.126, 10.32.8.188

 

Can anyone suggest how to fix this?

 

Thanks

 

Steve

 

2 Replies

  • How about the F5 health check attempts and server responses? Have you captured a tcpdump at F5?

     

  • Managed to get a tcpdump against the source server at the F5.

     

    First (successful) connection show the usual syn / syn,ack / ack sequence, ending with a fin,ack / ack / fin,ack / ack sequence.

     

    Second (unsuccessful) connection shows syn / syn,ack / syn / syn,ack / syn / syn,ack / syn,ack then nothing and the connection drops.

     

    So it looks like the remote server is responding but the source server isn't accepting the response as valid and keeps retrying until it times out.

     

    I can email the dump file if anyone is willing to run it through wireshark and give me an opinion.

     

    Thanks

     

    Steve