Unacknowledged fin/ack - should I use loose close?

Question

All,&nbsp;
I have a weird scenario where I'm using an LTM at 11.5.2 HF1 to proxy HTTP over a non-standard port.  If the client talks directly to the server, all is well - even under a load test.  When proxied by the LTM, the load test sees java reset errors.&nbsp;
I did the obligatory packet capture and found that on the server side, after the process is complete, the connection is shut down and looks normal.  But on the client side, the fin/ack is not ack'd by the client.  So the LTM VIP tries it 4 more times and then sends RSTs on both sides.  I don't have a capture on the client to verify if the fin/ack got there or not.  I'll need to get with the group that owns the client and get that.&nbsp;
Feeling the need to do something quicker, I change the tcp VIP to a fast layer 4 w/ loose close enabled.  This seems to work, but I'm not sure if it's a good idea.  What kind of fallout might I expect it I propose this FL4 profile as a solution?  Sometimes a quick fix isn't really a good idea, what do you think?&nbsp;
Thanks,
Mike&nbsp;

boneyard · Answer

sounds you use it where it was meant for. the session will stay around for longer, but will adhere to the configured idle time i believe.&nbsp;
there have been some recent SOLs about loose close issue, this one for example, but sure to check if your version is affected:
http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15231.html&nbsp;

Forum Discussion

Unacknowledged fin/ack - should I use loose close?

1 Reply

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

Why FIN, ACK instead of just FIN

FIN ACK not being forwarded

Re: The TCP Proxy Buffer

TCP Internals: 3-way Handshake and Sequence Numbers Explained

Re: DDoS: Detection and Response