Forum Discussion
karmacoma_49245
Jul 11, 2008Nimbostratus
Hi nmenant!
here is a little drawing of what it is happening at TCP level. This is the sequence when it is successful:
Ldap ClientVIPF5Server1Server2
=============================
LDap Search
----------------->
TCP(SYN)
----------->
TCP(ACK)
<--------------- TCP(FIN/ACK)
--------------------------->
TCP(SYN/ACK)
<-----------
TCP(ACK)
------------>
Ldap Search
------------>
TCP(FIN(ACK)
<---------------------------
TCP(ACK)
----------------------------->
TCP(ACK)
<----------------------------
:::::::::::::::::::::::::::
::::::::::::::::::::::::::::
On the other hand this is the sequence when it fails:
Ldap ClientVIPF5Server1Server2
=============================
LDap Search
----------------->
TCP(SYN)
----------------------------->
TCP(ACK)
<--------------- TCP(FIN/ACK)
--------->
LDap Search
-----------------> ******
TCP(ACK)
<---------------
TCP(RST/ACK)
<---------------
TCP(SYN/ACK)
<---------------------------
TCP(RST)
-------------------------->
TCP(FIN/ACK)
<------------
TCP(ACK)
------------->
as you can see there is an incoming search for the second server ongoning when a search for the first one comes in. The F5 hasn't finished the reconnection and sends resets to both sides (client and server).
This is what we want to avoid (in particular the RST to the client). We have already tried to modify the tcp profile settings but no success. We are thinking about two iRules, one for server one and another one for server two.
We are not sure about how to handle this but we will try. The other possibility would be to try buffering but looks more complicated and we don't even know how to start.
Any other alternatives or ideas on how to implement this?
Thanks a lot in any case!