tcp rst
3 TopicsTCP RST sent after closing connection
Hi, I use this http monitor GET /healthcheck.html HTTP/1.1\r\nHost: \r\nConnection: Close\r\n\r\n but sometimes the Big-IP send a RST packet to the server after closing connection. packet captures Big-IP side: "2","2.310609","30.106.21.249","30.106.28.1","TCP","158","OUT s1/tmm0 : 50531 > http [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=1019319882 TSecr=0 WS=128" "3","2.310917","30.106.28.1","30.106.21.249","TCP","162","IN s1/tmm0 : http > 50531 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460 WS=8 SACK_PERM=1 TSval=535406092 TSecr=1019319882" "4","2.311510","30.106.21.249","30.106.28.1","TCP","150","OUT s1/tmm0 : 50531 > http [ACK] Seq=1 Ack=1 Win=14720 Len=0 TSval=1019319883 TSecr=535406092" "5","2.311525","30.106.21.249","30.106.28.1","HTTP","230","OUT s1/tmm0 : GET /healthcheck.html HTTP/1.1 " "6","2.311814","30.106.28.1","30.106.21.249","TCP","150","IN s1/tmm0 : http > 50531 [ACK] Seq=1 Ack=81 Win=263456 Len=0 TSval=535406092 TSecr=1019319883" "7","2.312667","30.106.28.1","30.106.21.249","HTTP","478","IN s1/tmm0 : HTTP/1.1 200 OK (text/html)" "8","2.312960","30.106.28.1","30.106.21.249","TCP","150","IN s1/tmm0 : http > 50531 [FIN, PSH, ACK] Seq=329 Ack=81 Win=263456 Len=0 TSval=535406092 TSecr=1019319883" "9","2.313261","30.106.21.249","30.106.28.1","TCP","150","OUT s1/tmm0 : 50531 > http [ACK] Seq=81 Ack=329 Win=15744 Len=0 TSval=1019319885 TSecr=535406092" "10","2.313264","30.106.21.249","30.106.28.1","TCP","150","OUT s1/tmm0 : 50531 > http [FIN, ACK] Seq=81 Ack=330 Win=15744 Len=0 TSval=1019319885 TSecr=535406092" "11","2.313557","30.106.28.1","30.106.21.249","TCP","150","IN s1/tmm0 : http > 50531 [ACK] Seq=330 Ack=82 Win=263448 Len=0 TSval=535406092 TSecr=1019319885" "12","2.313558","30.106.28.1","30.106.21.249","TCP","150","IN s1/tmm0 : [TCP Dup ACK 111] http > 50531 [ACK] Seq=330 Ack=82 Win=263448 Len=0 TSval=535406092 TSecr=1019319885" "13","2.313590","30.106.21.249","30.106.28.1","TCP","206","OUT s1/tmm0 : 50531 > http [RST, ACK] Seq=82 Ack=330 Win=0 Len=42 [F5RST: TCP 3WHS rejected]" I found this log on /var/log/ltm: RST sent from 30.106.21.249:39465 to 30.106.28.1:80, [0x1ecb7a7:1724] TCP 3WHS rejected In this packet capture, we can see that big-ip sent RST packet after receiving a duplicate ACK.. Is this behavior normal? packet captures server side: "No.","Time","Source","Destination","Protocol","Length","Info" "31","15.022157","30.106.21.249","30.106.28.1","TCP","78","50293 > http [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=1019159907 TSecr=0 WS=128" "32","15.022181","30.106.28.1","30.106.21.249","TCP","82","http > 50293 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460 WS=8 SACK_PERM=1 TSval=535246142 TSecr=1019159907" "33","15.023085","30.106.21.249","30.106.28.1","TCP","70","50293 > http [ACK] Seq=1 Ack=1 Win=14720 Len=0 TSval=1019159907 TSecr=535246142" "34","15.023093","30.106.21.249","30.106.28.1","HTTP","150","GET /healthcheck.html HTTP/1.1 " "35","15.023098","30.106.28.1","30.106.21.249","TCP","70","http > 50293 [ACK] Seq=1 Ack=81 Win=263456 Len=0 TSval=535246142 TSecr=1019159907" "36","15.024074","30.106.28.1","30.106.21.249","HTTP","398","HTTP/1.1 200 OK (text/html)" "37","15.024091","30.106.28.1","30.106.21.249","TCP","70","http > 50293 [FIN, PSH, ACK] Seq=329 Ack=81 Win=263456 Len=0 TSval=535246142 TSecr=1019159907" "38","15.025204","30.106.21.249","30.106.28.1","TCP","70","50293 > http [FIN, ACK] Seq=81 Ack=330 Win=15744 Len=0 TSval=1019159909 TSecr=535246142" "39","15.025214","30.106.28.1","30.106.21.249","TCP","70","http > 50293 [ACK] Seq=330 Ack=82 Win=263448 Len=0 TSval=535246142 TSecr=1019159909" "40","15.025216","30.106.21.249","30.106.28.1","TCP","70","[TCP Keep-Alive] 50293 > http [ACK] Seq=81 Ack=329 Win=15744 Len=0 TSval=1019159909 TSecr=535246142" "41","15.025220","30.106.28.1","30.106.21.249","TCP","70","[TCP Keep-Alive ACK] http > 50293 [ACK] Seq=330 Ack=82 Win=263448 Len=0 TSval=535246142 TSecr=1019159909" "42","15.025719","30.106.21.249","30.106.28.1","TCP","100","50293 > http [RST, ACK] Seq=82 Ack=330 Win=0 Len=42" Thank you for your help.787Views0likes2CommentsF5 sends TCP RST after handshake
We just add new application to F5, but we got a random problem with connection. The TCP RST has been send to client by F5 after the handshake. We are on V 14.1.2.6. Have done few captures of the connection request, but no luck to get a valid reason for the reset. Connection from windows: got TCP RST after the handshake Connection from linux: always fine397Views0likes0CommentsPrevent HTTP monitor from sending TCP RST when receive string arrives
I learned something today! I never knew that HTTP monitors may send a TCP RST as soon as they see the receive string they're watching for. See: https://support.f5.com/kb/en-us/solutions/public/9000/800/sol9812.html Unfortunately, a couple of our real servers do copious logging when that happens, and the application team would like to prevent that behavior. Is there any way to cause the HTTP monitor to always read to completion the response? I don't want to keep-alive/pipeline (even if that's possible with a monitor - sounds counterintuitive) because I want each call's success/failure to be a reflection of what a new client connection would encounter. thx!244Views0likes1Comment