Forum Discussion
Hamish
Apr 30, 2010Cirrocumulus
Mmm..... What the BigIP is doing is sending a RST packet because it's recieved a tcp packet for a connection that doesn't exist, and the recieved packet DOES NOT have the SYN flag set... In this respect the F5 is behaving exactly like any other IP host... If an IP stack recieves a packet without the SYN flag set for a connection that doesn't eist in the connection table, the host sends back a RST to tell the sending host that the connection doesn't exist and they need to reset their state.
The best way to diagnose this would IMO be a two parter... First perform a tcpdump looking for RST packets... Sonce the F5 is rate limiting to 250/sec, there should be plenty to see... Have a look at the destination IP... Then perform a tcpdump filtering just on that IP address... You'll then have all the info on what the host is sending (Valid and invalid packets) and what's being sent back.
It's always possible that this is simply due to a genuine fault... One reason I can think of is possibly you just had a failover, and these packets are destined for a VS that doesn't have mirroring enabled.
H