Forwarding Virtual Servers, SNAT Pools, and Port Collisions
So, I have a Forwarding(IP) Virtual Server setup with it's own SNAT pool and Source Port set to change. The SNAT pool currently has four IPs assigned to it. The Virtual Server has a custom FastL4 Profile assigned with a 30 second TCP Close Timeout and Loose Close enabled. This forwarding server is used to hit a single external IP with which we do a rather large number of transactions, in the area of 500 connections per second at peak usage.
We are running into an issue with session collisions on a small number of these connections where the remote host has not released the four-tuple for reuse when we attempt to reuse it. This causes the connection attempts to timeout. This is occuring any time we attempt to reuse a given four-tuple in less than 16 seconds; any attempts that wait at least 16 second succeed. With the 4 IPs and 500 connections per second we should be able to go for 524.28 seconds (65535 port/IP * 4 IPs / 500 ports/second) before needing to reuse ports.
Based on my understanding of the TCP Close Timeout this should force any connections to wait 16 seconds before attempting to reuse a given four-tuple after the connection is successfully closed, however this does not appear to be happening. Looking at packet captures I see the same four-tuples being reused in at little as 1.6 seconds.
Does anyone know of a way of forcing an LTM to wait for a given time period before allowing that four-tuple to be reused for connections flowing through a Fordwarding(IP) Virtual Server?
I've put in a ticket with F5 support, but haven't been able to get anywhere following that route, anyone on DevCentral have any tips?