Dropped Connections

Question

The issue we are seeing is that the F5 Load balancer is trying to initiate a new connection to the backend server with a source port that has not been completely closed on the backend server yet (still in TIME_WAIT) from a previous connection. This causes us to see a TCP Port Number Reuse message in the captures and the backend servers are not responding to the new SYN messages from the F5. The F5 then resets the connection because it sends 3 SYN packets without a response. There is a snippet of the capture in the image attached.&nbsp;
We are trying to figure out what the options are to fix this behavior. 
1)Can we look into enabling OneConnect source mask? If we do this how does this affect other VIPs? Is this a global configuration?
2)Perhaps we need to build a SNAT pool for this VIP to use instead of automap?
3)Do we need to change the Virtual server type to allow us to adjust the TCP timers? What is the best practice?&nbsp;

justin1 · Answer

We are having the exact same issue. Did you get a solution to this?

boneyard · Answer

while it might look similar the chance is pretty small you encounter the exact same issue three years later.

it is probably worth the effort to start a new question and explaining your situation well (TMOS version, virtual server config, ...) with the capture that is lost in the original question.

Forum Discussion

Dropped Connections

2 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

How do I drop traffic on ASM?

Dropping connections after a specific part of URI

Troubeshooting website connection

Securely connecting Kubernetes Microservices with F5 Distributed Cloud

F5 Connection Mirroring question