client timeout

Question

I have an issue the 3 way handshake and MTU/MSS. When client initiates connection, the LB, pushes this request to the Webserver (configured to use Performance L4). The Webserver responds with a HTTP 202, and the LB continues negotiation with client (using the default 1460). An agreed MSS of 1340 is used, leading to packets being dropped by client encryptor (client had been advised to use MSS setting of 1270 to accommodate encryptors). This has been occuring for a couple of weeks, at random times during the night, leading to 'issues' for up to 25mins. Only this client is getting the HTTP 202.

I know this is vague, but is this a fault with the loadbalancer?

rodrigo_albuque · Answer

Hi JoeReid? What do you mean by "agreed MSS"? Client advertises its MSS to BIG-IP and BIG-IP is supposed to honour it. Each side can have a different MSS. Do you have a packet trace?

joereid · Answer

I do have a packet trace, but due to corporate policy, am unable to share this. My understanding that the lower MSS is used, whether that be the server or the client, which is what we see from packet traces. What we are experiencing is the client MSS is 'honored', as you say, by the load balancer, but this is too high to be accepted through the client side encryptors. This all manifests after a HTML 202 from the server.

Forum Discussion

client timeout

2 Replies

Recent Discussions

preserve client IP on layer 4 VIP

Failed to convert character dclid=%EDclid!

ASM - Parent policy vs OWASPcompliance

Rewrite uri translation not working

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

Related Content

api token timeout change

source address persistence maximum session timeout

iRule based RADIUS Client Stack

iRules LX Sideband Connection - Handling timeouts

APM session inactivity timeoute VS. TCP idle timout