Hi,

We are deploying F5 load balancer for tcp monitoring and have come across the below issue.

F5 load balancer opens a socket connection, to the port on the host which is being load balanced (in this case, it’s port 3306 on each of the mariadb hosts. To open a tcp socket, it needs to complete a tcp handshake and close it gracefully. The tcp handshake process happens as follows:

Packet 1: F5 uses random source port and sends a SYN to MariaDB host on port 3306
Packet 2: Mariadb host sends a SYN ACK packet to F5
Packet 3: F5 sends a ACK packet to Mariadb host

The tcp handshake is complete at this stage. Usually, application data flows on this open socket (like SQL query or http GET requests, etc). But in the case of health check, F5 will simply close this connection gracefully, which means:

Packet 4: F5 sends a FIN ACK packet to Mariadb host on port 3306
Packet 5: Mariadb host sends a ACK to F5
Packet 6: Mariadb host sends FIN ACK to F5, to close from it’s side
Packet 7: F5 sends a ACK packet

However after few minutes MAriadb blocks the connections coming from the F5 load balancer IP. The following error is seen on F5 load balancer:

[root@LDGSFSCS103:/S2-green-P:Active:Changes Pending] config # telnet 10.72.100.119 3306
Trying 10.72.100.119...
Connected to 10.72.100.119.
Escape character is '^]'.
jHost '10.64.225.88' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'Connection closed by foreign host.

How can we resolve this issue, how can we exempt Load balancer IPs from being blocked by Mariadb?