teknet7_237497
Nimbostratus
NimbostratusTCP Profile - extremely pushy F5 (RST after 300 us)
Hello Team,
I do have VIP with the Pool of two servers and standard profile protocol: TCP.
What i have noticed that after TCP SYN packet is routed by F5 to real server F5 is extremely pushy and expects the answer (SYN ACK) in around 300 us. If not getting that answer in that time it is sending TCP RST to both real server and client. This is what is do see on the real server:
20:23:57.147148 IP 172.16.33.1.50197 > 172.16.34.101.80: Flags [S], seq 3228024889
20:23:57.147409 IP 172.16.33.1.50197 > 172.16.34.101.80: Flags [R], seq 3228024890
20:23:57.147416 IP 172.16.34.101.80 > 172.16.33.1.50197: Flags [S.], seq 2676604517
As you can see in my scenario real server is always a bit late (it's not that fast).
This is the standard TCP profile i am using:
profile tcp tcp {
reset on timeout enable
time wait recycle enable
delayed acks enable
selective acks enable
proxy max segment disable
proxy options disable
deferred accept disable
ecn disable
limited transmit enable
nagle disable
timestamps enable
slow start enable
ack on push disable
idle timeout 300
time wait 2000
fin wait 5
close wait 5
send buffer 32768
recv window 32768
keep alive interval 1800
max retrans syn 3
max retrans 8
congestion control highspeed
zero window timeout 20000
}
I have tried to tune it changing multiple options but without success.
Which option should i choose to prevent F5 sending that RST packet so quickly ?
Thanks, Michal
