Forum Discussion
CirrostratusConnection table entry removed after idle timer reaches tcp keep alive value
Problem: i am doing a telnet to a VIP configured on an LTM and the Connection table entry removed after idle timer reaches tcp keep alive value configured which is 60 seconds and also the i see the idle time counter resetting to zero which is expected My question is why is the connection table entry removed??
Below is LTM Config
ltm virtual testvip { destination 6.6.6.6:9041 ip-protocol tcp mask 255.255.255.255 persist source_addr { Default yes} pool testpool profiles tcp_test snat automap
}
ltm profile tcp tcp_test {app-service none defaults-from tcp-lan-optimized keep-alive-interval 60 }
19 Replies
Aneshcan you check the config from your end, i think it is a bug, bcoz when i filter by sequence number the FIN is being sent by the pool member in response to the ACK(tcp-keep-alive) sent by the floating self ip of the LTM
- nitass
Employee
can you check the config from your end, i think it is a bug, bcoz when i filter by sequence number the FIN is being sent by the pool member in response to the ACK(tcp-keep-alive) sent by the floating self ip of the LTM
if you believe it is a bug, you may open a support case and ask them to verify.
- Anesh
dont have support contract
- Anesh
Can you send tcp-keep-alive on a https port
- nitass
Can you send tcp-keep-alive on a https port
no, i cannot hold clientside connection long enough to get keep-alive packet.
- Anesh
ltm profile tcp tcp_test { app-service none defaults-from tcp-lan-optimized keep-alive-interval 60 }So when i apply the above custom tcp profile with pool members listening on a HTTPS port it will not work?... is that right?
- nitass
So when i apply the above custom tcp profile with pool members listening on a HTTPS port it will not work?.
why does it not work?
- Anesh
the Pool member responds with a FIN/ACK when the ACK is sent by the f5
- Anesh
No. Time Source Destination Protocol Info 280 2014-05-27 15:37:20 6.6.6.6 1.1.1.1 TCP [TCP Keep-Alive] 9041 > 57703 [ACK] Seq=2629992488 Ack=144158763 Win=65535 Len=0 No. Time Source Destination Protocol Info 281 2014-05-27 15:37:20 3.3.3.3 2.2.2.2 TCP [TCP Keep-Alive] 57703 > 9041 [ACK] Seq=380327577 Ack=1111550497 Win=65535 Len=0 No. Time Source Destination Protocol Info 282 2014-05-27 15:37:20 2.2.2.2 3.3.3.3 TCP [TCP Window Update] 9041 > 57703 [ACK] Seq=1111550497 Ack=380327578 Win=46 Len=0 No. Time Source Destination Protocol Info 283 2014-05-27 15:37:20 1.1.1.1 6.6.6.6 TCP [TCP Keep-Alive ACK] 57703 > 9041 [ACK] Seq=144158763 Ack=2629992489 Win=68 Len=0 No. Time Source Destination Protocol Info 284 2014-05-27 15:37:22 2.2.2.2 3.3.3.3 TCP 9041 > 57703 [FIN, ACK] Seq=1111550497 Ack=380327578 Win=46 Len=0 No. Time Source Destination Protocol Info 285 2014-05-27 15:37:22 3.3.3.3 2.2.2.2 TCP 57703 > 9041 [ACK] Seq=380327578 Ack=1111550498 Win=4380 Len=0 No. Time Source Destination Protocol Info 286 2014-05-27 15:37:22 6.6.6.6 1.1.1.1 TCP 9041 > 57703 [FIN, ACK] Seq=2629992489 Ack=144158763 Win=3780 Len=0 No. Time Source Destination Protocol Info 287 2014-05-27 15:37:22 1.1.1.1 6.6.6.6 TCP 57703 > 9041 [ACK] Seq=144158763 Ack=2629992490 Win=68 Len=0 No. Time Source Destination Protocol Info 288 2014-05-27 15:37:22 1.1.1.1 6.6.6.6 TCP 57703 > 9041 [FIN, ACK] Seq=144158763 Ack=2629992490 Win=68 Len=0 No. Time Source Destination Protocol Info 289 2014-05-27 15:37:22 6.6.6.6 1.1.1.1 TCP 9041 > 57703 [ACK] Seq=2629992490 Ack=144158764 Win=3780 Len=0 6.6.6.6---VIP 2.2.2.2---Pool member 3.3.3.3---snat 1.1.1.1---client
