Dropped Connections
The issue we are seeing is that the F5 Load balancer is trying to initiate a new connection to the backend server with a source port that has not been completely closed on the backend server yet (still in TIME_WAIT) from a previous connection. This causes us to see a TCP Port Number Reuse message in the captures and the backend servers are not responding to the new SYN messages from the F5. The F5 then resets the connection because it sends 3 SYN packets without a response. There is a snippet of the capture in the image attached.
We are trying to figure out what the options are to fix this behavior. 1)Can we look into enabling OneConnect source mask? If we do this how does this affect other VIPs? Is this a global configuration? 2)Perhaps we need to build a SNAT pool for this VIP to use instead of automap? 3)Do we need to change the Virtual server type to allow us to adjust the TCP timers? What is the best practice?