Forum Discussion

kazeem_yusuf1's avatar
kazeem_yusuf1
Icon for Nimbostratus rankNimbostratus
Sep 20, 2017

RECURRENT CURL TO A VIRTUAL SERVER FAILING

There is an issue on my network. i created a Virtual Server for backend servers running some Oracle Enterprise Linux server based applications.

 

When the url string is accessed on a browser (http://10.184.1.226/services/EIAproxy?wsdl), the page loads, on several tabs if accessed concurrently. Using SOAP,the same page loads accurately,

 

On some VM's, when a curl command is made to the url, repeatedly, the connection fails intermittently.

 

A tcp dump on F5 shows TCP Spurious retransmission errors on Wireshark for the many putty connections from those VM's.

 

What could be the problem on Putty,for these connections to succeed and fail?

 

Is there any change that can be done on F5, to accept all TCP connections from clients,even when initial SYN requests haven't yet been acknowledged?

 

application delivery
BIG-IP
LTM
security

1 Reply

Sort By
  • Chris_Grant's avatar
    Chris_Grant
    Icon for Employee rankEmployee
    Sep 21, 2017

    I'm not sure there is enough information to exactly resolve your question, but the BigIP will accept multiple connections from the same IP even if it has not finished the three way handshake on previous connections from the same IP. If you generate enough connections, you may trigger AFM, DoS protection, or SYN cookies, however. This would be a lot of connections, probably far more than you would create with a manual curl.

     

    Secondly, you wouldn't care about the PuTTY connections (port 22 or 23) in the capture, you'd be looking for the curl connections (port 80 or 443). The spurious retransmissions may or may not be relevant. If you are having dropped packets on your BigIP a support case is likely to be your fastest route to resolution.