For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

steelplate_8766's avatar
steelplate_8766
Icon for Nimbostratus rankNimbostratus
May 25, 2010

sNAT to Windows server and port collision

Hi, I have an F5 doing sNAT, and the problem I face is that the windows server keeps the port in time_wait (currently default 240 seconds windows 2003 server). The F5 will attempt to reuse the client...
config
design
Jerome_42901's avatar
Jerome_42901
Icon for Nimbostratus rankNimbostratus
Jun 10, 2010
I've had this port collision issue as well on a application we load balance that involves very short lived connections.

 

 

To address the issue, I've created a custom FastL4 profile with custom tcp close timeout that matches the TcpTimedWaitDelay we set on the windows servers (which we lowered from 240s to 30s iirc), and added more IP's to the SNAT pool. We have not faced another port collision issue since this "fix" went live.

 

 

I hope it helps. edit: I'm not sure toying with sysctl on the F5 itself will help in any way, as I think it would only impact TCP connections to the F5 services (ssh, https, whatever) but not to the VIP.