tcp half open

Question

The f5 3400 box , we have has  BIG-IP 10.0.1 build 283.It seems like  when "tcp half open" monitor is set for a pool,F5 is not sending reset packets when it receives "syn-ack" from the pool member.
&nbsp;Any idea?misconfiguration or system bug ?&nbsp;

hooleylist · Answer

Hi ysungur, 
&nbsp;  
&nbsp; According to SOL9812, LTM should send a RST after getting the SYN ACK.  If you're not seeing this, you could open a case with F5 Support and ask them if the expected behavior has changed in v10.x or if this is a bug. 
&nbsp;  
&nbsp;  
&nbsp; https://support.f5.com/kb/en-us/solutions/public/9000/800/sol9812.html 
&nbsp;  
&nbsp; Certain BIG-IP monitors use a TCP RST packet to close the monitor connection quickly. For example, the tcp_half_open monitor performs a simple check on the pool member service by sending a TCP SYN packet to the service port. When the monitor receives the SYN-ACK packet from the pool member, the monitor considers the service to be up, and sends a TCP RST packet to the service instead of completing the three-way handshake. The TCP RST packet is typically sent on the server side of the connection, and the source IP address of the reset is the relevant self IP address of the VLAN. 
&nbsp;  
&nbsp;  
&nbsp; Aaron

Forum Discussion

tcp half open

1 Reply

Recent Discussions

vulnerabilities-CVE-2020-16150 & CVE-2013-0169

google autenticator broken barcode

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

Related Content

TCP 3-WAY Handshake vs TCP Half-Open

AppWorld 2024 Call For Speakers open

Faster TCP: F5 Now Supports TCP Fast Open

Is 2015 Half Empty or Half Full?

Testing the security controls for a notional FDX Open Banking deployment