Support Center > Search Results > SecureKnowledge Details
After VRRP cluster failover all TCP connections are expired and deleted causing "First packet isn't SYN" drops Technical Level
Symptoms
  • With SecureXL enabled, after VRRP cluster failover all TCP connections are expired and deleted causing "First packet isn't SYN" drops
  • TCP connections are dropped after the configured 'TCP session timeout' - even if the connections are still active.
Cause

After the VRRP cluster failover, the new cluster master node is handling the connection for the configured timer.

The 'Post_sync' only checks for status 'ACTIVE' or 'STANDBY' when deciding to delete connections from SecureXL.

VRRP mode has both members flagged as 'ACTIVE' resulting in both master and slave members containing the same connection in SecureXL after a failover - when the slave connection expires it deletes the connection in the master member through sync.


Solution
Note: To view this solution you need to Sign In .