Alan_Booth_1042
Nimbostratus
NimbostratusFIN ACK not being forwarded
We have recently switched to the F5 and we are having a problem closing TCP connections between the F5 and a WebSphere Process Server cluster. The FIN ACK coming from the client is not being forwarded through the F5 to the WebSphere servers. The F5 times out and sends a RST to close the connection. The TCP connection closes for the F5 but the connection on the WebSphere server remains in the ESTABLISHED state. Here are three network captures at each tier:
Frame Source Destination Size Send Time Recv Time Decode Decode Summary
Client to DataPower IN
17628 DataPowerIN Client 306 30.69588 30.69588 SOAP SOAP http://server/appname/dataSerialV2/ ingestDocumentResponse
17629 DataPowerIN Client 97 30.6959 30.6959 SOAP SOAP Continuation [Non HTTP Start]
17630 Client DataPowerIN 60 30.69592 30.69592 TCP D=87 S=55103 ACK=1322645838 SEQ=3806041805 LEN=0 WIN<<2=221464
17632 DataPowerIN Client 995 30.69625 30.69626 SOAP SOAP Continuation [Non HTTP Start]
17704 DataPowerIN Client 995 30.71752 30.71753 HTTP Continuation or non-HTTP traffic (Retransmission of frame 17632)
17705 Client DataPowerIN 60 30.71754 30.71754 TCP D=87 S=55103 ACK=1322646779 SEQ=3806041805 LEN=0 WIN<<2=220524
18645 Client DataPowerIN 60 31.30641 31.30641 TCP D=87 S=55103 FIN ACK=1322646779 SEQ=3806041805 LEN=0 WIN<<2=220524
18646 DataPowerIN Client 60 31.30669 31.30669 TCP D=55103 S=87 FIN ACK=3806041806 SEQ=1322646779 LEN=0 WIN<<8=67072
18647 Client DataPowerIN 60 31.30672 31.30672 TCP D=87 S=55103 ACK=1322646780 SEQ=3806041806 LEN=0 WIN<<2=220524
DataPower Out to BigIP In
514 BigIP In DataPower Out 1161 14.83599 14.836 HTTP 200 OK
515 DataPower Out BigIP In 60 14.836 14.836 TCP D=9080 S=52553 ACK=2972142021 SEQ=1324035880 LEN=0 WIN=7749
516 DataPower Out BigIP In 60 14.836 14.836 TCP D=9080 S=52553 FIN ACK=2972142021 SEQ=1324035880 LEN=0 WIN=7749
518 BigIP In DataPower Out 60 14.837 14.837 TCP D=52553 S=9080 ACK=1324035881 SEQ=2972142021 LEN=0 WIN=4380
BigIP Out to WPS
6474 WPS BigIP Out 1161 30.71909 30.7191 HTTP 200 OK
6480 BigIP Out WPS 60 30.81963 30.81963 TCP D=9080 S=38649 ACK=2219798122 SEQ=4001859830 LEN=0 WIN=4380
7191 BigIP Out WPS 60 41.23098 41.23098 TCP D=9080 S=38649 RST SEQ=4001859830 LEN=0 WIN=4380
You can see the four way handshake from the Client to the IBM DataPower and the FIN ACK being sent from the DataPower to the F5. However the FIN ACK stops there and the F5 waits around 10-seconds then sends the RST. This is a Web Service call so just an HTTP SOAP request.
I do not administer the F5 but I am trying to help debug the problem. As far as I know the VIP is set up for HTTP. Does there need to be an iRule to ensure that the FIN ACK is sent or that the four way handshake be executed to properly close the TCP connection?
