Forum Discussion

Rob_78584's avatar
Rob_78584
Icon for Nimbostratus rankNimbostratus
Sep 07, 2007

Full TCP Proxy

I'm trying to setup the BigIP to provide a full TCP proxy for a legacy application which needs to hold open TCP connections, even if the back-end servers failover. The mainframe is running a proprietary protocol that just needs an open pipe to send data down and it needs to hold 20 open connections to either/both servers.

 

 

Scenario is:

 

Mainframe --------- BigIP -------- Server 1

 

\

 

------- Server 2

 

 

The mainframe establishes multiple TCP sessions to each server (10 each for total of 20) and needs to hold them open even if one of the backend servers fails.

 

 

Ideally, the BigIP should behave as a full TCP proxy so that it holds the client-(mainframe)-side TCP connections open even if the server side connections fail. The BigIP should then re-establish new server-side TCP connections with the other server to maintain the total 20 connections.

 

 

In the current configuration, any loss of Server TCP session, will close the client side session also, but this breaks the app. Hoping an iRule can help resolve this.

 

 

Looking at ways to achieve this, but any help would be very much appreciated.
  • Thanks Colin.

     

     

    I've tried OneConnect, but it doesn't achieve the result I'm after. OneConnect sort of does on the server side what I need on the client side.

     

     

    In this case, when a server fails, I need to hold open the client-side connection while the BigIP reconnects to a new server (ideally on a one-to-one basis).

     

     

    Currently, even with OneConnect enabled, when the server fails, the TCP session is dropped end-to-end (ie RST to client) which in this case breaks the app.
  • Deb_Allen_18's avatar
    Deb_Allen_18
    Historic F5 Account
    OneConnect actually disassociates the client side from the server side once the serverside connection goes idle, so if you have the "Action on Service Down" setting configured to "Re-select" instead of "Reject", a new server should be chosen.

     

     

    If the server is sending a RST on failure, though, that may very well be propagated to the client, closing that connection as well.

     

     

    HTH

     

    /deb