sNAT to Windows server and port collision

Sorry for delay, have turned on alerts so I see replies now :-)

 

 

No, we are not using oneconnect.

 

 

our server is windows 2003 which has TcpTimedWaitDelay registry setting available, which we can set lower than the documented setting to 1 second. However, according to MS, in 2008 server, if you set it below 30 seconds it will revert to the default of 240 seconds without informing you.

 

 

Our problem is when the server initiates close and goes through the RFC 793 close process, the server ends up in time_wait for 2xMSL. by default this is 240 seconds on windows 2003 server.

 

 

However, the F5 immediately tries to reuse this port (<150ms from sending the ACK to the server FIN and the new SYN). The server ignores this, the F5 retries the SYN 3 times then sends a RST to the client. The client then errors to the user.

 

 

We have added a large range of ip's to the sNAT pool and set "Port Reuse" (not strict) and the server TcpTimedWaitDelay to 1 second to minimize the problem occurring but it still could.

 

 

If we have no pool and "Port Change" we see the client fail immediately as the second tcp connection will always be a reuse.

 

 

If the F5 is following the RFC, it should respect the MSL before reusing a port, so I am assuming the F5 has some really really low MSL and this mismatch is the problem ?

 

 

 

 

 

from our F5

 

 

 

 

net.ipv4.tcp_tw_reuse = 0

 

net.ipv4.tcp_tw_recycle = 0

 

net.ipv4.tcp_rfc1337 = 0