time_wait connection in a VS

Hi cmdmss,

the statistics command indeed just tells about the number of clientside connections in tcp time-wait. No information about the specific client IPs is provided.

The default time wait setting in the tcp profile is 2,000 ms only (2 sec) and one would need to dump it continuosly and verify it with a simultaneous tcpdump to figure out the client with the high connection rate from constant source port (causing a time wait issue). (If I got your clients request right.)

Did you check one of the troubleshooting options from SOL13223 already?

tmsh show /net rst-cause

In my first response I mentioned two knowledge base solutions (one was wrong, sorry about that). How about turning on the inclusion of the TCP RST cause into the RESET packets?

To run a tcpdump with a filter to RST packets (dumped to /shared/tcpresets.cap and to be analyzed by WireShark with the F5 Ethernet Trailer plugin) only you may want to use the following syntax:

tcpdump -nnni 0.0:nnnp -s 0 -c 100000 -w /shared/tcpresets.cap 'tcp[13] & 4!=0'

(Please see SOL13637 for details on the F5 ethernet trailer feature.)

This trace should help to figure out the clients which get a RST because they try to open a new connection while the BIG-IP still have it in time wait (may be caused be duplicated SYNs as well).

If you turn on the reset cause transmission the RST packet should contain the related information:

tmsh modify /sys db tm.rstcause.pkt value enable

To turn it off you will use the following command:

tmsh modify /sys db tm.rstcause.pkt value disable

I recommended to turn on the reset cause transmission for troubleshooting purposes only.

Thanks, Stephan