AltostratusTCP reset connection with MSSQL
Hello all,
Disclaimer: I'm not an F5 expert and just started working and learning it so apologies in advanced if I say something that doesn't make sense or wrong. The issue:
We are doing SSL offloading with F5 and we are experiencing an issue. The TCP connection gets reset between F5 and SQL server by the F5. Below is what is see between F5(172.16.0.1) and SQL server (82.99.227.18):
No. Time Source Destination Protocol Length Info
15 8.100124 172.16.0.1 82.99.227.18 TCP 60 2903 → 1433 [SYN] Seq=0 Win=512 Len=0
Frame 15: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: a2:8a:27:00:00:4c (a2:8a:27:00:00:4c), Dst: Microsof_86:13:39 (00:15:5d:86:13:39)
Internet Protocol Version 4, Src: 172.16.0.1, Dst: 82.99.227.18
Transmission Control Protocol, Src Port: 2903 (2903), Dst Port: 1433 (1433), Seq: 0, Len: 0
No. Time Source Destination Protocol Length Info
16 8.100248 82.99.227.18 172.16.0.1 TCP 58 1433 → 2903 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460
Frame 16: 58 bytes on wire (464 bits), 58 bytes captured (464 bits) on interface 0
Ethernet II, Src: Microsof_86:13:39 (00:15:5d:86:13:39), Dst: a2:8a:27:00:00:4c (a2:8a:27:00:00:4c)
Internet Protocol Version 4, Src: 82.99.227.18, Dst: 172.16.0.1
Transmission Control Protocol, Src Port: 1433 (1433), Dst Port: 2903 (2903), Seq: 0, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
17 8.100655 172.16.0.1 82.99.227.18 TCP 60 2903 → 1433 [RST] Seq=1 Win=0 Len=0
Is this normal? We are doing SSL offloading between SQL client and F5 and right now we are not able to establish a connection between the server and client and I'm tshooting the problem. Right now I want to make sure that the connection between the F5 and server is functional and then go to the F5 and client leg. in this scenario F5 is only doing the SSL offloading.
Thanks
OK. I think I've found my answer. This should be the monitoring mechanism by the F5:
Monitoring section on https://support.f5.com/kb/en-us/solutions/public/9000/800/sol9812.html
The tcp_half_open monitor performs a simple check on the pool member service by sending a TCP SYN packet to the service port. When the monitor receives the SYN-ACK packet from the pool member, the monitor considers the service to be up, and sends a TCP RST packet to the service instead of completing the three-way handshake. The TCP RST packet is typically sent on the server side of the connection, and the source IP address of the reset is the relevant self IP address of the VLAN.
