Client stuck in TCP SYN sometimes

Question

Hello all,
After upgraded LTM from 3600 (TMOS version 10.2) to 2000 (TMOS version 11.5.4). I found that sometime Client may stuck in TCP SYN status. Below is my scenario.&nbsp;
I created 1 Virtual Server 2.2.2.2:80, enabled Performance L4, SNAT and Source Port "Changed".2 Clients try to telnet 2.2.2.2 port 80 at the same time1 of the client may got stuck in TCP SYN status. Server did not response SYN ACK or RST
But this case did not happen in TMOS version 10.2 before. To workaround this issue, I changed Performance L4 to standard and the problem resolve. Any idea on this case? please advise. Thanks.&nbsp;

dragonflymr · Answer

Hi,
Best way to find out is:
Do tcpdump on BIG-IP - something like tcpdump -nni -s0 0.0:p host [VS IP] - not sure if this will work, you can try tcpdump -nni -s0 0.0:p 'host [client 1 IP] or host [client 2 IP]'Issue watch -n 1 tmsh show sys connection cs-server-addr [VS IP]
Then you should see more or less what happens on BIG-IP when two clients are connecting to VS. Sure best option is do that in test environment where you are not processing thousands of connections.
But seems to be kind of bug, because you should get RST after Idle Timeout set TCP profile - except if you have Reset on Timeout disabled in TCP profile.
Piotr

Forum Discussion

Client stuck in TCP SYN sometimes

1 Reply

Recent Discussions

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Related Content

qkview process stuck

You want Modern Auth … for an app or client that’s stuck in the 2010s

F5 XC | Stuck at VIRTUAL_HOST_PENDING_A_RECORD

System stuck when using command to save UCS file

Enhance your Application Security using Client-side signals