Forum Discussion

2funky_105078's avatar
Apr 10, 2014

Inline load balancing and "Loose Initiation" & "Loose Close"

Hi People,

 

We have a inline load balancing design for Lync (and other applications) where we configure the Lync_edge servers inline (behind the LTM).

 

Therefore this demands a fastl4 profile with Reset on Timeout enabled, ok.

 

But i was suggested to enable also "Loose Initiation" & "Loose Close" but not really sure if we need it.

 

topology is as follow: Internet ---- Checkpoint FW --- extLAN --- LTM (11.4.1) --- intVLAN (with Lync_edge servers) ---- Cisco router---- Internal subets

 

I read this statement in the forum and i got more confused...becasue in the extVLAN there is also a Cisco Router 6500 which leads to a bunch of other internal subnets..

 

If a different router exists on any directly connected network, you may need to create a custom fastL4 profile with "Loose Initiation" & "Loose Close" enabled to prevent LTM from interfering with forwarded conversations traversing an asymmetrical path.

 

  • What about TCP fragments, does LTM re-assembre them?

     

    there is reassemble-fragments setting under fastl4 profile.

     

  • OK now its clear, if I want the LTM to behave like a router, i enable that. What about TCP fragments, does LTM re-assembre them?

     

  • But i was suggested to enable also "Loose Initiation" & "Loose Close" but not really sure if we need it.

     

    This configuration accepts traffic and forwards it using the information contained in the system routing table, regardless of whether it is associated with an established connection.

     

    sol7595: Overview of IP forwarding virtual servers

     

    http://support.f5.com/kb/en-us/solutions/public/7000/500/sol7595.html

     

    if it is not the case, you do not need to enable loose initiation and loose close configuration.

     

  • Hi,

     

    Thanks for the answer. Yes the use case is "Forwarding IP" Type VIP's with destination 0.0.0.0/0". Do I absolutely need it in that case? how to know it? Taking a trace? Taking a sniffer trace on a 10 gig pipe is not really easy... :)

     

    Thanks

     

  • It all depends on your routing. If for example a SYN-ACK comes to the F5 but it never saw a previous SYN, the F5 will drop the packet. The custom fastL4 profile with those specific settings are mainly seen on "Forwarding IP" Type VIP's with destination 0.0.0.0/0. You really shouldn't need to have these settings at all if you are doing any time of AutoMap or SNAT, as this will force server traffic to route back through the F5.