For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

OcasionalLB's avatar
OcasionalLB
Icon for Nimbostratus rankNimbostratus
Mar 24, 2020

Why is Loose Close needed with nPath

Hello,   I had a case today where I was load balancing traffic to a web server with nPath (Direct server return). I encountered problems with certain API endpoints where, due to the code, there w...
application delivery
LTM
PeteWhite's avatar
PeteWhite
Icon for Employee rankEmployee
Mar 24, 2020

Loose init is more normally the issue with nPath although they generally go together - loose close allows any fin packet to remove the flow. As to why it was the issue, I suggest you do some more investigation to see what was going wrong previously - it was probably related to the source port preservation rather than the loose close

OcasionalLB's avatar
OcasionalLB
Icon for Nimbostratus rankNimbostratus
Mar 24, 2020

F5 manual says to enable Loose close when configuring nPath.

 

In my case, if I disable Loose close, it stops working. Looking at the tcpdump from the client and the server, I can see servers sending content back to the client, client is ACK-ing it, but the ACK is never passed from F5 to the server. This is why I suspect the F5 removes the connection from connection table, but I'm not sure why. As soon as I enable Loose close, it starts working.

 

Idle timeout was set to 300s and TCP close timeout to 5s.