How to solve "TCP retransmit timeout" & "TCP RST from remote system" issue on BIG-IP LTM?

Question

Hi Experts,We have an application which sends 80K+ https requests in 2 ~ 3 minutes. Client application extracts data from an API hosted behind BIG-IP . Big-IP is hosted in AWS EC2. Job was working fine for last couple of months but started failing for last three weeks. Usually, job runs for 40 minutes and extract all the data from API. No change was made on client application and on API. I captured packet in Big-IP and found that Big-IP is closing the connection with client, reasons are F5 TCP retransmit timeout and TCP RST from remote system. I applied one-connect profile with default parameter on the virtual server, now connection is not refused by Big-IP but job takes 20+ hours to extract the data from API. Applicaiton team increased backend AWS ECS instances (pool members) but no improvement. Please advise how to increase the connection on server side using one-connect profile. I haven't used it before.&nbsp;&nbsp;Following is the topology:&nbsp;Client APP ----&gt; PaloAlto Firewall ----&gt;(Internet)----&gt; Big-IP(AWS EC2)----(Internet)---&gt; AWS API gateway---&gt; AWS NLB -----&gt; AWS ECS.&nbsp;

whisperer · Answer

Take a look at the following: https://my.f5.com/manage/s/article/K7208. You may be after the idle timeout modification here.

zamroni777 · Answer

you can try disable "Acknowledge on Push" in virtual server's client (side) tcp profile,
so bigip doesnt wait for server response for ACKnowledging client's tcp push.

if client is not near to the aws api gw, i suggest you also check the network latency because sometime aws network routing is not optimal.
i had experience of bad aws intercontinental latency that routing the transaction via gcp/azure resulted much higher bandwidth.

sakib · Answer

Thanks for the reply. I am testing the idle timeout parameter in non-prod environment. By the way issue is also happening in non-prod environment.

sakib · Answer

AWS region is same for Ec2 / BIg-IP , AWS API gateway , NLB and ECS. I will disable the "Acknowledge on Push" on client side TCP profile. Thank you for your reply.&nbsp;

Forum Discussion

How to solve "TCP retransmit timeout" & "TCP RST from remote system" issue on BIG-IP LTM?

4 Replies

Recent Discussions

HTTP Host Header replacement using AS3

what is impact enable analytic profile on local ltm

Sugar Defender:Order from sugar.defender.com

Fitspresso: The Perfect Morning Coffee to Jumpstart Your Weight Loss

Tetra Bliss CBD Gummies Reviews and Where to buy

Related Content

Faster Small Downloads: TCP Early Retransmit and Tail Loss Probe

Unable to extract key information from \"/config/filestore/files_d/partition_d/ to /var/system/tmp/t

"General database error retrieving information" when accessing System> Users> User list in GUI

LTM SNAT TCP timeout = "indefinite"

Why "Reset On Timeout" is Disabled in tcp-mobile-optimized?