Need help deciphering this tcpdump / resets from F5
Network connectivity is in place between F5 and server, but I can't telnet to server on 80/443 and healthchecks are failing. If I remove healthcheck I can hit VIP from browser and webpage comes up ok, so I know web services are responding.
.206 is the server, .6 is the F5.
11 17:05:22.983153 802.1Q vlan20 P0 10.229.192.206.https > 10.229.148.6.38538: . ack 3045850159 win 5792 (DF)
...
17 17:06:05.032041 802.1Q vlan20 P0 10.229.148.6.38538 > 10.229.192.206.https: S 2979154442:2979154442(0) win 5840 (DF)
18 17:06:05.032041 802.1Q vlan20 P0 10.229.192.206.https > 10.229.148.6.38538: . ack 1 win 5792 (DF)
19 17:06:05.032041 802.1Q vlan20 P0 10.229.148.6.38538 > 10.229.192.206.https: R 3045850159:3045850159(0) win 0 (DF)
20 17:06:20.221667 802.1Q vlan20 P0 10.229.148.6.37495 > 10.229.192.206.http: S 2936484771:2936484771(0) win 5840 (DF)
21 17:06:20.221667 802.1Q vlan20 P0 10.229.192.206.http > 10.229.148.6.37495: . ack 176362648 win 5792 (DF)
22 17:06:20.221667 802.1Q vlan20 P0 10.229.148.6.37495 > 10.229.192.206.http: R 176362648:176362648(0) win 0 (DF)
The way I read this, and I could be way off, is at line 17 the LB does healthcheck to server, we see a Syn. Then line 18 is the servers ack to that syn. Line 19 is a reset from a previous ack on line 11 from the server.
Then line 20, LB syn to server, line 21 is server ack, then line 22 LB resets the server ack? Anyone have any ideas what is going on here? No funky profiles/irules/etc on this vip/pool, pretty generic setup.