For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Joel_Moses's avatar
Joel_Moses
Icon for Nimbostratus rankNimbostratus
Oct 07, 2009

Any way to read current tcp idle measurement?

I have a need to read the state of the idle timer for a particular TCP connection from an iRule. It's easy to use PROFILE::tcp idle_timeout to get the value of the idle timer itself, but I'm not able to locate a function that allows me to read the current state of the idle timer for the current connection. I really don't want to set up a parallel timer (thanks, F5, for adding "after" in 10.x) if I don't have to do it.

 

 

I know the information is tracked:

 

 

 
 [root@golgotha:Active] config  b conn show all  
  
 VIRTUAL 10.10.20.101:https <-> NODE 65.2.15.193:https TYPE any 1/1  
 CLIENTSIDE 10.10.20.247:1912 <-> 10.10.20.101:https  
 (pkts,bits) in = (8, 2058) out = (7, 1511)  
 SERVERSIDE 10.10.20.5:1912 <-> 65.2.15.193:https  
 (pkts,bits) in = (7, 1507) out = (8, 2058)  
 PROTOCOL tcp UNIT 1 IDLE 58 (300) LASTHOP isp_att 00:15:c5:43:c6:d6

 

 

I'm looking for an iRule function that allows me to know, for example, that I'm 58 seconds into a 300-second idle timeout at the protocol level. I've check the devcentral docs and can't find what I'm looking for.

 

 

I'm attempting to get the F5 to force an interstitial screen and keepalive to an application that loves to keep a TCP connection idle for over 5-10 minutes with no user feedback and no easy way to modify the code to do one. Think backwards-ass legacy application. 😆
application delivery
dev
devops
iRules

2 Replies

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Oct 07, 2009
    I don't know of a way to get the idle time for the current TCP connection. I guess if you could it would always be 0 (or close to it) as most iRule events are triggered when some kind of data is received. And if you could get the idle time, you wouldn't necessarily have an event to trigger on at x number of idle seconds.

     

     

    I haven't tried it yet, but it seems like the 'after' command is exactly what you'd want to use to send the client some kind of wait message while the app takes a long time formulating a response.

     

     

    If anyone else has ideas, please reply. Else, if you try something and have questions or figure out a solution, can you post back?

     

     

    Thanks,

     

    Aaron
  • Joel_Moses's avatar
    Joel_Moses
    Icon for Nimbostratus rankNimbostratus
    Oct 07, 2009
    See, "after" would allow me to set a parallel clock on the session, but doesn't give me any idea where in the idle count I am at the connection table counter. I don't want to fire anything until I get into some sort of configurable danger-zone, and keeping a timer loop in addition to an execution loop is bound to be cpu-expensive.

     

     

    Not even sure if this is possible yet; whatever I do, I need to track serverside response on an HTTP transaction and drive the clientside response independently until I get serverside data back. This may not even work with the way the events tend to fire.

     

     

    I'll keep working on it and see what I can do. Any other ideas out there would be helpful.