TCP::collect at client side seem to block server conversation

Question

I try to implement simple iRule to check the TCP payload both client side and server side. The conversation is full duplex so we can not expect the sequence of communication. The following iRule seem to block the server side connection.&nbsp;
&nbsp;when CLIENT_ACCEPTED {
&nbsp;  TCP::collect
&nbsp;}
&nbsp;when CLIENT_DATA {
&nbsp; log "check TCP payload"
&nbsp;}&nbsp;
&nbsp;when SERVER_CONNECTED {
&nbsp;  TCP::collect
&nbsp;}&nbsp;
&nbsp;when SERVER_DATA {
&nbsp; log "Check TCP payload"
&nbsp;}&nbsp;
&nbsp;For example, client open connection to server port 8081 (S:1034,D:8081) but after TCP handshake, not data send from client. In the same time, server start feed traffic to client use previous connection (S:8081, D:1034) but data never reach the client. It seem like iRule hang at CLIENT_ACCEPTED event (TCP::collect). 
&nbsp;Is it normal?

nicolas_menant · Answer

Hi,&nbsp;
&nbsp;Have you try using TCP::release ? Click here

redapple_76292 · Answer

TCP::release after TCP::collect does not help. It seem like BIG-IP wait for data from client until TCP timeout before process.

spark_86682 · Answer

There is a way to accomplish this, but there are some caveats to the solution. Before I discuss it here, I would like to know if you have a case open with F5 support on this issue?

Forum Discussion

TCP::collect at client side seem to block server conversation

Recent Discussions

XC Bot defense question

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

NetScaler to F5 Migration

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Related Content

TCP::collect and large TLS v1.3 client hello packets

Conversion license

HTTP method conversion

BIG-IP Configuration Conversion Scripts

Calling All Conversations!

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS