Last Modified: Jun 10, 2021
Opened: Jan 16, 2021
Tcpdump may show the packets in an out-of-order fashion if it is run from a partition that spans multiple blades. The order refers to the timeline of these packets appearing on the network links outside the system, e.g., a TCP SYN may come from the client to the system, and the system may have responded with a SYN-ACK to the outside client. The capture may show the SYN-ACK packet first and then the SYN. Other than inferring from knowledge of the protocol what these packets represent, there is no real way to mitigate in the multiple-port aggregation scenario. Note: A tcpdump run from inside a BIG-IP tenant shows the correct order.
Tcpdump captures show the order of the packets differently from when they really happened, leading to possible misinterpretation of events.
-- This may be encountered where there is an LACP-aggregated link that spans two ports on two different blades. -- It has also been seen less frequently as out-of-order between ingress (outside-to-host) and egress (host-to-outside) packets.