Forum Discussion

sosabsd_111766's avatar
sosabsd_111766
Icon for Nimbostratus rankNimbostratus
May 18, 2010

[RST, ACK] from F5

 

 

client jBOSS VIRTUAL Server IP F5

 

No. Time Source Destination Protocol Info

 

1 0.000000 XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY TCP 60093 > 9181 [SYN] Seq=0 Win=49640 Len=0 MSS=1460 WS=0

 

2 0.000006 YYY.YYY.YYY.YYY XXX.XXX.XXX.XXX TCP 9181 > 60093 [SYN, ACK] Seq=0 Ack=1 Win=4380 Len=0 MSS=1460 WS=0

 

3 0.000294 XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY TCP 60093 > 9181 [ACK] Seq=1 Ack=1 Win=49640 Len=0

 

4 0.000734 XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY TCP 60093 > 9181 [PSH, ACK] Seq=1 Ack=1 Win=49640 Len=1263

 

5 0.100609 YYY.YYY.YYY.YYY XXX.XXX.XXX.XXX TCP 9181 > 60093 [ACK] Seq=1 Ack=1264 Win=5643 Len=0

 

6 2.236408 YYY.YYY.YYY.YYY XXX.XXX.XXX.XXX TCP 9181 > 60093 [PSH, ACK] Seq=1 Ack=1264 Win=5643 Len=645

 

7 2.236637 XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY TCP 60093 > 9181 [ACK] Seq=1264 Ack=646 Win=49640 Len=0

 

8 2.236842 YYY.YYY.YYY.YYY XXX.XXX.XXX.XXX TCP 9181 > 60093 [FIN, ACK] Seq=646 Ack=1264 Win=5643 Len=0

 

9 2.237078 XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY TCP 60093 > 9181 [ACK] Seq=1264 Ack=647 Win=49640 Len=0

 

10 11.139761 YYY.YYY.YYY.YYY XXX.XXX.XXX.XXX TCP 9181 > 60093 [RST, ACK] Seq=647 Ack=1264 Win=5643 Len=0

 

 

 

on the client (XXX) we are getting connection rest in application logs, i need to know why there is RST ACK (packet10) , and who is the faulty Node YYY( F5) or XXX( client).

 

 

BR

 

sosa

 

config
design

4 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    May 18, 2010
    It would help to see both the client to VIP and LTM to pool member communication. It looks like the VIP (or more likely the pool member) FINs the connection and the client ACKs the FIN, but does not send its own FIN as part of the four way close. As a result, LTM (or the pool member) RSTs the connection after the FIN WAIT timeout expires.

     

     

    It should be pretty quick to get an answer from F5 Support if you capture a binary formatted tcpdump of the issue. You can use syntax similar to this for the capture:

     

     

    tcpdump -i 0.0 -s0 -w/var/tmp/trace.dmp host CLIENT_IP or host POOL_IP

     

     

    Aaron
  • sosabsd_111766's avatar
    sosabsd_111766
    Icon for Nimbostratus rankNimbostratus
    May 18, 2010
    i try to get all the flow of traffic or request start from Client (X) to LB VS (Y) then Y to Y-pool and from Y-Pool to Another VS (Z) and from VS-Z Snat to VS-Z pool

     

     

    Client to VS YYY

     

    No. Time Source Destination Protocol Info

     

    1 0.000000 XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY TCP 60093 > 9181 [SYN] Seq=0 Win=49640 Len=0 MSS=1460 WS=0

     

    2 0.000006 YYY.YYY.YYY.YYY XXX.XXX.XXX.XXX TCP 9181 > 60093 [SYN, ACK] Seq=0 Ack=1 Win=4380 Len=0 MSS=1460 WS=0

     

    3 0.000294 XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY TCP 60093 > 9181 [ACK] Seq=1 Ack=1 Win=49640 Len=0

     

    4 0.000734 XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY TCP 60093 > 9181 [PSH, ACK] Seq=1 Ack=1 Win=49640 Len=1263

     

    5 0.100609 YYY.YYY.YYY.YYY XXX.XXX.XXX.XXX TCP 9181 > 60093 [ACK] Seq=1 Ack=1264 Win=5643 Len=0

     

    6 2.236408 YYY.YYY.YYY.YYY XXX.XXX.XXX.XXX TCP 9181 > 60093 [PSH, ACK] Seq=1 Ack=1264 Win=5643 Len=645

     

    7 2.236637 XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY TCP 60093 > 9181 [ACK] Seq=1264 Ack=646 Win=49640 Len=0

     

    8 2.236842 YYY.YYY.YYY.YYY XXX.XXX.XXX.XXX TCP 9181 > 60093 [FIN, ACK] Seq=646 Ack=1264 Win=5643 Len=0

     

    9 2.237078 XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY TCP 60093 > 9181 [ACK] Seq=1264 Ack=647 Win=49640 Len=0

     

    10 11.139761 YYY.YYY.YYY.YYY XXX.XXX.XXX.XXX TCP 9181 > 60093 [RST, ACK] Seq=647 Ack=1264 Win=5643 Len=0

     

     

     

    Y-SNAT to Y-Pool

     

    No. Time Source Destination Protocol Info

     

    1 0.000000 YSNAT.YSNAT.YSNAT.YSNAT YPool.YPool.YPool.YPool TCP 60093 > 8180 [SYN] Seq=0 Win=4380 Len=0 MSS=1460 WS=0

     

    2 0.000383 YPool.YPool.YPool.YPool YSNAT.YSNAT.YSNAT.YSNAT TCP 8180 > 60093 [SYN, ACK] Seq=0 Ack=1 Win=49640 Len=0 MSS=1460 WS=0

     

    3 0.000385 YSNAT.YSNAT.YSNAT.YSNAT YPool.YPool.YPool.YPool TCP 60093 > 8180 [ACK] Seq=1 Ack=1 Win=4380 Len=0

     

    4 0.000389 YSNAT.YSNAT.YSNAT.YSNAT YPool.YPool.YPool.YPool TCP 60093 > 8180 [PSH, ACK] Seq=1 Ack=1 Win=4380 Len=1263

     

    5 0.000676 YPool.YPool.YPool.YPool YSNAT.YSNAT.YSNAT.YSNAT TCP 8180 > 60093 [ACK] Seq=1 Ack=1264 Win=48377 Len=0

     

    6 2.235646 YPool.YPool.YPool.YPool YSNAT.YSNAT.YSNAT.YSNAT TCP 8180 > 60093 [PSH, ACK] Seq=1 Ack=1264 Win=49640 Len=243

     

    7 2.235654 YPool.YPool.YPool.YPool YSNAT.YSNAT.YSNAT.YSNAT TCP 8180 > 60093 [PSH, ACK] Seq=244 Ack=1264 Win=49640 Len=402

     

    8 2.235660 YSNAT.YSNAT.YSNAT.YSNAT YPool.YPool.YPool.YPool TCP 60093 > 8180 [ACK] Seq=1264 Ack=646 Win=5025 Len=0

     

    9 2.236086 YPool.YPool.YPool.YPool YSNAT.YSNAT.YSNAT.YSNAT TCP 8180 > 60093 [FIN, ACK] Seq=646 Ack=1264 Win=49640 Len=0

     

    10 2.236090 YSNAT.YSNAT.YSNAT.YSNAT YPool.YPool.YPool.YPool TCP 60093 > 8180 [ACK] Seq=1264 Ack=647 Win=5025 Len=0

     

    11 11.139005 YSNAT.YSNAT.YSNAT.YSNAT YPool.YPool.YPool.YPool TCP 60093 > 8180 [RST, ACK] Seq=1264 Ack=647 Win=5025 Len=0

     

     

    Y-Pool-node to VS ZZ

     

    o. Time Source Destination Protocol Info

     

    1 0.000000 YPool.YPool.YPool.YPool ZZZ.ZZZ.ZZZ.ZZZ TCP 63693 > 6700 [SYN] Seq=0 Win=49640 Len=0 MSS=1460 WS=0

     

    2 0.000008 ZZZ.ZZZ.ZZZ.ZZZ YPool.YPool.YPool.YPool TCP 6700 > 63693 [SYN, ACK] Seq=0 Ack=1 Win=4380 Len=0 MSS=1460

     

    3 0.000295 YPool.YPool.YPool.YPool ZZZ.ZZZ.ZZZ.ZZZ TCP 63693 > 6700 [ACK] Seq=1 Ack=1 Win=49640 Len=0

     

    4 0.000734 YPool.YPool.YPool.YPool ZZZ.ZZZ.ZZZ.ZZZ TCP 63693 > 6700 [PSH, ACK] Seq=1 Ack=1 Win=49640 Len=1235

     

    5 0.000933 ZZZ.ZZZ.ZZZ.ZZZ YPool.YPool.YPool.YPool TCP 6700 > 63693 [ACK] Seq=1 Ack=1236 Win=49640 Len=0

     

    6 0.249882 ZZZ.ZZZ.ZZZ.ZZZ YPool.YPool.YPool.YPool TCP 6700 > 63693 [FIN, PSH, ACK] Seq=1 Ack=1236 Win=49640 Len=773

     

    7 0.250142 YPool.YPool.YPool.YPool ZZZ.ZZZ.ZZZ.ZZZ TCP 63693 > 6700 [ACK] Seq=1236 Ack=775 Win=49640 Len=0

     

    8 0.251460 YPool.YPool.YPool.YPool ZZZ.ZZZ.ZZZ.ZZZ TCP 63693 > 6700 [FIN, ACK] Seq=1236 Ack=775 Win=49640 Len=0

     

    9 0.251464 ZZZ.ZZZ.ZZZ.ZZZ YPool.YPool.YPool.YPool TCP 6700 > 63693 [ACK] Seq=775 Ack=1237 Win=4380 Len=0

     

     

     

    Z-SNAT to Z-Pool

     

    No. Time Source Destination Protocol Info

     

     

    1 0.000000 ZSNAT.ZSNAT.ZSNAT.ZSNAT ZPool.ZPool.ZPool.ZPool TCP 54035 > elcn [SYN] Seq=0 Win=4380 Len=0 MSS=1460

     

    2 0.000371 ZPool.ZPool.ZPool.ZPool ZSNAT.ZSNAT.ZSNAT.ZSNAT TCP elcn > 54035 [SYN, ACK] Seq=0 Ack=1 Win=49640 Len=0 MSS=1460

     

    3 0.000374 ZSNAT.ZSNAT.ZSNAT.ZSNAT ZPool.ZPool.ZPool.ZPool TCP 54035 > elcn [ACK] Seq=1 Ack=1 Win=4380 Len=0

     

    4 0.093449 ZSNAT.ZSNAT.ZSNAT.ZSNAT ZPool.ZPool.ZPool.ZPool TCP 54035 > elcn [PSH, ACK] Seq=1 Ack=1 Win=49640 Len=1259

     

    5 0.093699 ZPool.ZPool.ZPool.ZPool ZSNAT.ZSNAT.ZSNAT.ZSNAT TCP elcn > 54035 [ACK] Seq=1 Ack=1260 Win=49640 Len=0

     

    6 0.332498 ZPool.ZPool.ZPool.ZPool ZSNAT.ZSNAT.ZSNAT.ZSNAT TCP elcn > 54035 [PSH, ACK] Seq=1 Ack=1260 Win=49640 Len=773

     

    7 0.432224 ZSNAT.ZSNAT.ZSNAT.ZSNAT ZPool.ZPool.ZPool.ZPool TCP 54035 > elcn [ACK] Seq=1260 Ack=774 Win=4380 Len=0

     

    8 0.943221 ZSNAT.ZSNAT.ZSNAT.ZSNAT ZPool.ZPool.ZPool.ZPool TCP 54035 > elcn [PSH, ACK] Seq=1260 Ack=774 Win=49640 Len=1259

     

    9 0.943406 ZPool.ZPool.ZPool.ZPool ZSNAT.ZSNAT.ZSNAT.ZSNAT TCP elcn > 54035 [ACK] Seq=774 Ack=2519 Win=49640 Len=0

     

    10 1.192348 ZPool.ZPool.ZPool.ZPool ZSNAT.ZSNAT.ZSNAT.ZSNAT TCP elcn > 54035 [PSH, ACK] Seq=774 Ack=2519 Win=49640 Len=773

     

    11 1.292224 ZSNAT.ZSNAT.ZSNAT.ZSNAT ZPool.ZPool.ZPool.ZPool TCP 54035 > elcn [ACK] Seq=2519 Ack=1547 Win=4380 Len=0

     

    12 32.236523 ZPool.ZPool.ZPool.ZPool ZSNAT.ZSNAT.ZSNAT.ZSNAT TCP elcn > 54035 [FIN, ACK] Seq=1547 Ack=2519 Win=49640 Len=0

     

    13 32.236525 ZSNAT.ZSNAT.ZSNAT.ZSNAT ZPool.ZPool.ZPool.ZPool TCP 54035 > elcn [FIN, ACK] Seq=2519 Ack=1548 Win=4380 Len=0

     

    14 32.236813 ZPool.ZPool.ZPool.ZPool ZSNAT.ZSNAT.ZSNAT.ZSNAT TCP elcn > 54035 [ACK] Seq=1548 Ack=2520 Win=49640 Len=0

     

     

     

    need you help in this matter , that who is the faulty one

     

  • rm_77927's avatar
    rm_77927
    Icon for Nimbostratus rankNimbostratus
    May 19, 2010
    I'd blame the client here. The BIG-IP has long-since closed its connection to the server, and has initiated a 4-way close to the client. The client has not responded by closing back to the BIG-IP, so the connection will at this point be in FIN-WAIT-2 on the BIG-IP and CLOSE-WAIT on the client. BIG-IP waits almost 9 seconds before sending a RST to tear down the connection, which will release connection resources on both the BIG-IP as well as the client.

     

     

    My question would be why the client is not closing the connection upon receiving a close from the BIG-IP.

     

     

    Disclaimer: just an opinion, not an F5 employee, not 100% computer literate, not a lawyer, etc. etc.
  • tell_316027's avatar
    tell_316027
    Icon for Altostratus rankAltostratus
    Dec 16, 2017

    when f5 sends a FIN for closing socket , it jumps Fin_wait_1、Fin_wait_2 and Time_wait, directly enters into Closed.