Forum Discussion
ankuragiwal_102
May 09, 2011Nimbostratus
SNAT port collision to Windows Server
We are using FastL4 profile and we are seeing SNAT port collisions to external servers running Windows TCP/IP.
F5 reuses port as soon as it becomes available while Windows TCP/IP keeps closed port in TIME_WAIT state and ignores packets. This leads to intermittent errors in connection initiation.
Error Scenario: Server1 creates an outbound connection to an external server using source port P, transfers data and then closes connection. Server 2 creates another outbound connection to same external server using same source port P. F5 reuses port P as it became available, however external server’s Windows TCP/IP stack ignores packets as port P is in TIME_WAIT state (all 4 tuples are same in this case: source IP, source port, destination IP, destination port).
We are using default SNAT configuration which is “preserve”. Is there a workaround to this problem for FastL4 profile?
2 Replies
Sort By
- Do you have a OneConnect profile enabled on the virtual server? If so, you could remove it to prevent LTM from re-using the serverside connections for different clients. If you're not using OneConnect, LTM shouldn't be reusing serverside connections for different clients.
- We are not using OneConnect profile. I have confirmed that for two differnet clients, F5 is using same source port (this issue happens when as soon as first client closes connection, second client opens connection with same port). Modifying Windows TCP/IP stack is not an option. I will try changing SNAT configuration to "change".
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects