Forum Discussion
NimbostratusTcpdump
Hi,
Can anyone analyse this tcpdump and tell what is going on between
S ---> virtral server |
05:13:03.978038 arp reply 192.168.20.80 is-at 00:0c:29:20:bf:44 (oui Unknown) 05:13:03.994973 IP 192.168.20.1.51279 > 192.168.20.80.http: S 636823370:636823370(0) win 8192 05:13:03.995011 IP 192.168.20.80.http > 192.168.20.1.51279: R 0:0(0) ack 636823371 win 0 05:13:04.229017 IP 192.168.20.1.51280 > 192.168.20.80.http: S 2262154919:2262154919(0) win 8192 05:13:04.229047 IP 192.168.20.80.http > 192.168.20.1.51280: R 0:0(0) ack 2262154920 win 0 05:13:04.510059 IP 192.168.20.1.51279 > 192.168.20.80.http: S 636823370:636823370(0) win 8192 05:13:04.510093 IP 192.168.20.80.http > 192.168.20.1.51279: R 0:0(0) ack 1 win 0 05:13:04.748137 IP 192.168.20.1.51280 > 192.168.20.80.http: S 2262154919:2262154919(0) win 8192 05:13:04.748168 IP 192.168.20.80.http > 192.168.20.1.51280: R 0:0(0) ack 1 win 0 05:13:04.992141 IP6 FE80::BD3E:89F0:C790:ACA2.55256 > FF02::C.ssdp: UDP, length 146 05:13:05.021110 IP 192.168.20.1.51279 > 192.168.20.80.http: S 636823370:636823370(0) win 8192 05:13:05.021152 IP 192.168.20.80.http > 192.168.20.1.51279: R 0:0(0) ack 1 win 0 05:13:05.255142 IP 192.168.20.1.51280 > 192.168.20.80.http: S 2262154919:2262154919(0) win 8192 05:13:05.255174 IP 192.168.20.80.http > 192.168.20.1.51280: R 0:0(0) ack 1 win 0 05:13:06.974926 IP 192.168.20.1.51278 > 192.168.20.80.http: S 784501436:784501436(0) win 8192 05:13:06.974958 IP 192.168.20.80.http > 192.168.20.1.51278: R 0:0(0) ack 784501437 win 0 05:13:07.484936 IP 192.168.20.1.51278 > 192.168.20.80.http: S 784501436:784501436(0) win 8192
Regards Dhananjaya.M
12 Replies
natheCirrocumulus
Can't definitely tell u why but the IP address 192.168.20.80 is resetting the connection. Is port 80 open? Or source address ACL in place?
Dhananjaya_1354Thanks Nathan,
Below is the virtual server configuration.
192.168.20.80 is the virtual server ip address. No acl is between the source and destination.
ltm virtual V_http { destination 192.168.20.80:http ip-protocol tcp mask 255.255.255.255 nat64 enabled persist { source_addr { default yes } } pool p_http profiles { http { } oneconnect { } tcp-wan-optimized { context clientside } wam-tcp-lan-optimized { context serverside } } source 0.0.0.0/24 source-address-translation { type automap } vlans { external internal } vlans-enabled }
Regards Dhananjaya.M
- nathe
Do u see any traffic on the serverside? Does the traffic hit a pool member?
- nathe
Did u mean to apply nat64 to the vs? Is that the issue?
- Dhananjaya_1354
Thanks Nathan,
Can we apply nat64 vs ? is it possible ?
Regards Dhananjaya.M
- natheyes, if you're converting an IPv6 address space VS to backend pool members in an IPv4 address space. Doesn't look like this is your scenario, however.
- Dhananjaya_1354Found below logs after enabling RST. Jul 25 23:39:35 f5 err tmm[9459]: 01230140:3: RST sent from 192.168.141.80:80 to 192.168.141.1:57235, [0x1598e97:1305] No local listener Jul 25 23:39:35 f5 err tmm[9459]: 01230140:3: RST sent from 192.168.141.80:80 to 192.168.141.1:57235, [0x1598e97:1305] No local listener Jul 25 23:42:05 f5 err tmm[9459]: 01230140:3: RST sent from 192.168.141.80:80 to 192.168.141.1:57241, [0x1598e97:1305] No local listener Jul 25 23:42:05 f5 err tmm[9459]: 01230140:3: RST sent from 192.168.141.80:80 to 192.168.141.1:57241, [0x1598e97:1305] No local listener Jul 25 23:42:06 f5 err tmm[9459]: 01230140:3: RST sent from 192.168.141.80:80 to 192.168.141.1:57241, [0x1598e97:1305] No local listener
- Dhananjaya_1354
Hi,
Can any one please provide the solution.
Regards Dhananjaya.M
nitass_89166Noctilucent
Jul 25 23:39:35 f5 err tmm[9459]: 01230140:3: RST sent from 192.168.141.80:80 to 192.168.141.1:57235, [0x1598e97:1305] No local listener
this log does not belong to V_http virtual server (since ip is not 192.168.20.80).
if you also enable TM.RstCause.Pkt db, you should be able to see reset cause in packet capture.
sol13223: Configuring the BIG-IP system to log TCP RST packets
http://support.f5.com/kb/en-us/solutions/public/13000/200/sol13223.html- Dhananjaya_1354Thanks to every one issue got fixed after mentioning the source. Sys::Version Main Package Product BIG-IP Version 11.3.0 Build 39.0 Edition VE Trial 11.3.0-HF1 (based on BIGIP 11.3.0HF6) Date Mon Mar 24 14:01:16 PDT 2014 ltm virtual V_http { destination 192.168.20.80:http ip-protocol tcp mask 255.255.255.255 nat64 enabled persist { source_addr { default yes } } pool p_http profiles { http { } oneconnect { } tcp-wan-optimized { context clientside } wam-tcp-lan-optimized { context serverside } } source 192.0.0.0/8 source-address-translation { type automap } vlans { external internal } vlans-enabled } Regards Dhananjaya.M
- nitass
Employee
Jul 25 23:39:35 f5 err tmm[9459]: 01230140:3: RST sent from 192.168.141.80:80 to 192.168.141.1:57235, [0x1598e97:1305] No local listener
this log does not belong to V_http virtual server (since ip is not 192.168.20.80).
if you also enable TM.RstCause.Pkt db, you should be able to see reset cause in packet capture.
sol13223: Configuring the BIG-IP system to log TCP RST packets
http://support.f5.com/kb/en-us/solutions/public/13000/200/sol13223.html- Dhananjaya_1354Thanks to every one issue got fixed after mentioning the source. Sys::Version Main Package Product BIG-IP Version 11.3.0 Build 39.0 Edition VE Trial 11.3.0-HF1 (based on BIGIP 11.3.0HF6) Date Mon Mar 24 14:01:16 PDT 2014 ltm virtual V_http { destination 192.168.20.80:http ip-protocol tcp mask 255.255.255.255 nat64 enabled persist { source_addr { default yes } } pool p_http profiles { http { } oneconnect { } tcp-wan-optimized { context clientside } wam-tcp-lan-optimized { context serverside } } source 192.0.0.0/8 source-address-translation { type automap } vlans { external internal } vlans-enabled } Regards Dhananjaya.M
