Forum Discussion

Tom_112729's avatar
Tom_112729
Icon for Nimbostratus rankNimbostratus
Jul 24, 2014

F5 doesn't forward RST packets

Hello We have client and server located behind LTM, both client and server have default gtw set to F5 box. Client connects directy to server (without VS). After 10 minutes of inactivity server sends RST packet to client via F5 using F5 forwarding_vs (settings on this vs: disabled "reset on timeout", enabled: Loose Initiation, Loose Close) but F5 doesn't forward this packet to client. The question is why ?

 

Regards, Tom

 

application delivery
LTM
management

3 Replies

Sort By
  • Kevin_Davies_40's avatar
    Kevin_Davies_40
    Icon for Nacreous rankNacreous
    Jul 24, 2014

    This is normal behaviour as the F5 is a full proxy and will not forward resets. It controls connections on both sides of the BIGIP so it will send one if needed. In regards to your settings, if you disable reset on timeout it will just quietly delete the connection table entry.

     

    Please read this SOL7595 - Overview of IP forwarding virtual servers

     

    Especially the paragraph following the "Note: The Loose Close feature is optional..."

     

    • Tom_112729's avatar
      Tom_112729
      Icon for Nimbostratus rankNimbostratus
      Jul 24, 2014
      I read this document earlier and I understand that F5 acts as a full proxy when client connects to application_VS (configured on F5). In my case client connects directly to server IP (not to VS_configured_on_F5). We implemented vs_forwarding according to paragraph "Emulating stateless IP routing with BIG-IP LTM forwarding virtual servers" which in my opinion should forward any packet (including RST packet) - am i right ? Is there any official document which shows what type of packets aren't forwarded using routing_vs on F5 ?
    • Kevin_Davies_40's avatar
      Kevin_Davies_40
      Icon for Nacreous rankNacreous
      Jul 25, 2014
      It still controls the connections on either side. In that regard it is still a connection proxy.