In certain situations, TMM might issue a TCP RST back to the client, causing the client to send a retry back to the client. This process repeats until the client times out. A similar issue occurs when a client sends a large number of TCP SYN packets to a server. After the server receives a large number of SYN packets, TMM might issue a TCP RST back to the client. This process repeats until the client times out. The following iRules can cause these scenarios: iRule Command Purpose HTTP::collect /server-status Collects server status information from the server. The information is written to the iRule’s client session. end if {!http_command} If the client sent a command other than GET or HEAD, then issue a TCP RST. end if {!http_command} If the client sent a command other if GET or HEAD, then issue a TCP RST. end if {!http_request} If the client sent a request other than GET or HEAD, then issue a TCP RST. end if {!http_request} If the client sent a request other than GET or HEAD, then issue a TCP RST. end if {!http_request} If the client sent a request other than GET or HEAD, then issue a TCP RST. end if {!http_request} If the client sent a request other than GET or HEAD, then issue a TCP RST. end if
Mitigation
Mitigation of TCP RST issue:
iRule Command Purpose HTTP::collect /server-status Collects server status information from the server. The information is written to the iRule’s client session. end if {!http_command} If the client sent a command other than GET or HEAD, then issue a TCP RST. end if {!http_command} If the client sent a command other if GET or HEAD, then issue a TCP RST. end if {!http_request} If the client sent a request other than GET or HEAD, then issue a TCP RST. end if {!http_request} If the client sent a request other than GET or HEAD, then issue a TCP RST. end if {!http_request} If the client sent a request other than GET or HEAD, then issue a TCP RST. end if {!http_request} If the client sent a request other than GET or HEAD, then issue a TCP RST. end if {!http_request} If the client sent a request other than GET or HEAD, then issue a TCP RST. end if
Mitigation for large number of SYN packets:
Workaround
If the client sent a request other than GET or HEAD, then issue a TCP RST. end if {!http_request} If the client sent a request other than GET or HEAD, then issue a TCP RST. end if {!http_request} If the client sent a request other than GET or HEAD, then issue a TCP RST. end if {!http_request} If the client sent a request other than GET or HEAD, then issue a TCP RST. end if
Timeline
Published on: 10/19/2022 22:15:00 UTC
Last modified on: 10/24/2022 15:46:00 UTC