Forum Discussion
NimbostratusVirtual Server makes Three-Way Handshake with no acitve pools
Hi,
I know that this topic is not new, but I hope there is a (new) possibility to change the default behavior.
When a virtual server has no active poolmembers it still completes the three-way handshake before it drops the session. Our customer is using a F5 GTM and checks the availability of the virtual server with a normal tcp monitor. Even if the F5 LTM breaks the session immediately, the 3-way handshake succeeds which will be interpreted by the GTM as a function Virtual Server.
I tried with the well-known irule, but the behavior remains the same:
when CLIENT_ACCEPTED {
if { [active_members ] == 0 } {
log local0. "No nodes available for [LB::server pool].\
Resetting client connection: [IP::client_addr][TCP::client_port] -> [IP::local_addr]:[TCP::local_port]"
reject
}
}
Output from telnet:
telnet 10.19.198.11 7001 vrf pft-test Trying 10.19.198.11...
Connected to 10.19.198.11.
Escape character is '^]'.
Connection closed by foreign host.
Thanks for your feedback!
Roni
2 Replies
Vijay_ECirrus
CLIENT_ACCEPTED is triggered after the 3-way handshake. So, you will still see the connection being completed. F5 has full TCP/IP stack for client and another stack for server. It will usually accept the 3-way handshake before initiating 3-way handshake for the server/pool member, if you are using Standard VS.
Ronald_Meier_14Hi all
I got the solution for my problem from F5 case engineer:
Changing TCP profile...Connection Setup....Verified Accept ==> enabled.
telnet 10.19.198.11 7001 vrf pft-test Trying 172.21.198.23... telnet: Unable to connect to remote host: Connection refusedRoni
