Forum Discussion

sjko_254603's avatar
sjko_254603
Icon for Nimbostratus rankNimbostratus
Nov 07, 2016

Forwarding VS drop Fin Packet

Hi

 

When I close the communication, I want to know why the Forwarding VS drops the FIN packet.

 

Why is this happening?

 

2 Replies

  • F5 probably sends a FIN to the pool member or if you have OneConnect enabled, F5 may keep the server side connection open for re-use. Depends on where you are capturing the packet and which output you are utilizing to come to the conclusion.

     

  • I think You have Loose Initiation:close and reset on timeout:disabled option configured in Fast-L4-profile.

     

    The FastL4 profile determines how the system handles the connection table entries. Enabling the Loose Initiation option allows the system to initialize a connection when it receives any TCP packet, rather than requiring a SYN packet for connection initiation. It also provides a good alternative to the high overhead of connection mirroring. In the event of a failover, with the Loose Initiation option enabled, the standby BIG-IP system accepts connections mid-flow, and forwards, as expected. The Loose Close option allows the system to remove a connection when the system receives the first FIN packet from either the client or the server. This will help trim connection table entries as the connection entry can be removed as soon as the connection officially closes, and the system does not need to maintain the connection table entry.

     

    Note: The Loose Close feature is optional, and may impact system performance because it disables Packet Velocity ASIC (PVA) Acceleration for the virtual server. For information about PVA Acceleration, refer to SOL4832: Overview of PVA Acceleration. The Loose Close feature does not impact ePVA acceleration. For information about ePVA acceleration, refer to SOL12837: Overview of the ePVA feature.

     

    Setting the Idle Timeout allows the system to remove connections from the connection table when the connections are no longer active. F5 recommends that you use the default timeout of 300 seconds. If you disable Reset on Timeout, the system removes connection entries from the connection table once the idle timeout expires, but the system does not reset the connection. This setting prevents the BIG-IP LTM system from sending resets when closing an idle connection, it also reduces the need to use long idle timeouts for long-lived TCP connections, which may go idle for extended periods of time. For instance, if an application allows for long periods of inactivity (greater than the configured Idle Timeout) with no traffic being exchanged, then without this setting, the BIG-IP LTM system would close both sides of the connection when the timeout expired. The system would reject any subsequent packets that the client or server sent in the same TCP connection, since the connection is no longer valid on the BIG-IP LTM system. However, with Reset on Timeout disabled, the BIG-IP LTM quietly removes the connection entry and neither the client nor the server is aware that the communication channel has timed out. When the client or server begins communicating again, the Loose Initiation setting allows the BIG-IP LTM system to re-add the connection to the connection table, and the newly-arrived packets are forwarded, as expected.