For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Scott_Hopkins's avatar
Scott_Hopkins
Icon for Nimbostratus rankNimbostratus
Nov 16, 2009

Changing TCP Profile basde on source IP

I haven't found a conclusive answer to this from the wiki or from documentation, and I wanted to get some feedback.

Is it possible to change the TCP Profile on the client side of the Virtual Server, after the connection is established?

I'm expecting it would look something like this (the virtual server would be defined with 'tcp-wan-optimized' as the default configuration): 

 
 when CLIENT_ACCEPTED { 
     if { [matchclass [IP::client_addr] equals $::local_network_list] } {  
         use PROFILE::tcp 'tcp-lan-optimized' 
     }  
 }
application delivery
dev
devops
iRules

5 Replies

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Nov 17, 2009
    Hi Scott,

     

     

    You can retrieve which profile is in use with the PROFILE:: commands. But there isn't a way to select the TCP profile. Nor can you modify the settings from an iRule. You could open a request for enhancement case with F5 Support if this is something you'd like to see F5 consider adding.

     

     

    From past posts, it seems like the LAN optimized TCP profile might offer better performance than the WAN profile even for clients with higher latency connections:

     

     

    FastL4 vs Optimized TCP Profiles

     

    http://devcentral.f5.com/Default.aspx?tabid=53&forumid=31&tpage=1&view=topic&postid=31604

     

     

    Aaron
  • Paul_slater_950's avatar
    Paul_slater_950
    Icon for Nimbostratus rankNimbostratus
    Oct 26, 2010
    Hi ,

     

     

    Is that still the case with 10.0.2?

     

    I want to change the profile based upon source IP address using a matchclass.

     

    Specifically to a tcp-lan-optimized profile from a tcp-wan-optimized profile.

     

    The majority of connections will be from the internet but others are from the Lan and we have found a 30% decrease in speed if we use the wan against lan on the virtual's when its https traffic.

     

    I am using the latest irules editor and not all the tcp parameters are in the dropdown.

     

     

    I can not add another virtual and for scaleability purposes this is the least attractive option.

     

     

    Thanks

     

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Oct 27, 2010
    Hi Paul,

     

     

    I don't think there has been any change to allow the selection of a TCP profile from an iRule. You can enable/disable Nagle from a rule as of 10.1.0:

     

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/TCP__nagle.html

     

     

    Have you compared the client experience from the WAN using the LAN profile? That seems to give good results for most users even if they're not local.

     

     

    Aaron
  • Paul_slater_950's avatar
    Paul_slater_950
    Icon for Nimbostratus rankNimbostratus
    Nov 01, 2010
    Hi,

     

     

    Thanks for that. We are planning to do an evaluation of the lan optimisation against wan soon. I was just interested as the difference is marked internally and yet the parameters that are different on the F5 are only 3

     

    nagle

     

    slow start

     

    Proxy buffer

     

     

    I will let you know after the testing.