CSA
Jun 08, 2010Nimbostratus
TCP Window Full messages sent from BigIPs
Hi,
I've a BigIP LTM 1500 cluster runing 9.4.1 (I have the same problem with another cluster running 10.2.0 on 6800 HW). I have a firewall cluster in front of my BigIPs.
Here is the situation:
- a client (1.1.1.1) connects to a public IP address (2.2.2.2) defined on the firewall. Traffic is NATed to a private BigIP VIP 10.10.10.10. I have a pool defined for the virtual server listening to this address with two servers behind (web servers).
The traffic coming to the BigIP is the following one.
PACKET 1
========
Source: 1.1.1.1 (public IP address)
Source port: 5555 (for example)
Destination : 10.10.10.10 (private IP address)
Destination port : 80 (http)
- everything works fine, meaning I don’t have any complaints from users regarding the application itself
- *sometimes* (for some "PACKET 1"), I have this kind of logs (dropped) on the firewall:
PACKET 2
========
Source: 10.10.10.10 (same private IP address as above)
Source port: 80 (destination port is now source port)
Destination : 1.1.1.1 (public IP address issuing the request)
Destination port : 5555 (source port is now destination port.
In the network dump I did, I saw always 4 identical packets like "PACKET 2" every exactly 64 seconds. All of them are marked as "TCP Window Full" in my sniffer. The first is sent a couple of minutes after the initial http request "PACKET 1", usually between 1 and 3 minutes.
I have the wan optimized tcp profile on the client side of my virtual server, and the lan optimized tcp profile on the server side.
Anyone know what could cause those packets to be sent ?
Could it be related to some tcp settings on the BigIPs (like Proxy buffer, MSS, or windows options) ?
Thanks!