Forum Discussion
HenryO_166334
Nimbostratus
NimbostratusKeepalive v TCP Idle timeout
Hi
In relation to F5 Load balancing, could someone explain to me the difference between the Keepalive and TCP Idle timeout?
Client > F5 > Server in Server pool
Does one relate to client > F5 whilst the other to F5 > Server?
Or can they be set to apply for either client or server?
Kevin_Davies_40Nacreous
Keeping connections alive is the default for HTTP v1.1 which is currently the worldwide standard. Is is a header provided by the web browser whenever HTTP version 1.1 requests are used. See HTTP Persistent Connections
Connection: Keepalive
The TCP Idle timeout is the longest the F5 will keep a TCP client connection open when talking with the either side depending on the TCP profile you apply. See Solution ID 7606 for more information on the BIGIP TCP behaviour and its settings.
Peter_ZCirrus
Kevin, I don`t think tcp keepalive, configured in the tcp profile is the same as HTTP keepalive you are mentioning. TCP profile settings will affect any L7 protocol..- Kevin_Davies_40That is correct they are quite separate. The OP wanted to know the difference.
nitassEmployee
just in case you are asking about tcp keep-alive and tcp idle timeout.
Does one relate to client > F5 whilst the other to F5 > Server?
Or can they be set to apply for either client or server?you can apply different tcp profile to each side of stack.
e.g.
//config root@(B6900-R69-S40)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm virtual bar ltm virtual bar { destination 100.100.100.41:23 ip-protocol tcp mask 255.255.255.255 pool foo profiles { tcp-5s { context serverside } tcp-10s { context clientside } } source 0.0.0.0/0 source-address-translation { type automap } vs-index 4 } root@(B6900-R69-S40)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm pool foo ltm pool foo { members { 200.200.200.101:23 { address 200.200.200.101 } } } root@(B6900-R69-S40)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm profile tcp tcp-10s ltm profile tcp tcp-10s { app-service none keep-alive-interval 10 } root@(B6900-R69-S40)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm profile tcp tcp-5s ltm profile tcp tcp-5s { app-service none keep-alive-interval 5 } // clientside (client ip is 100.100.100.3) [root@B6900-R69-S40:Active:Standalone] config tcpdump -nni 0.0 host 100.100.100.41 and port 23 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 0.0, link-type EN10MB (Ethernet), capture size 96 bytes 16:17:06.920322 IP 100.100.100.41.23 > 100.100.100.3.40419: . ack 146546235 win 65535 16:17:06.923296 IP 100.100.100.3.40419 > 100.100.100.41.23: . ack 1 win 5840 16:17:16.923562 IP 100.100.100.41.23 > 100.100.100.3.40419: . ack 1 win 65535 16:17:16.923912 IP 100.100.100.3.40419 > 100.100.100.41.23: . ack 1 win 5840 16:17:26.923624 IP 100.100.100.41.23 > 100.100.100.3.40419: . ack 1 win 65535 16:17:26.924216 IP 100.100.100.3.40419 > 100.100.100.41.23: . ack 1 win 5840 // serverside (snat automap ip is 200.200.200.40) [root@B6900-R69-S40:Active:Standalone] config tcpdump -nni 0.0 -s0 host 200.200.200.101 and port 23 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes 16:17:01.920128 IP 200.200.200.40.40419 > 200.200.200.101.23: . ack 1911632262 win 65535 out slot1/tmm2 lis=/Common/bar 16:17:01.920542 IP 200.200.200.101.23 > 200.200.200.40.40419: . ack 1 win 5792 in slot1/tmm2 lis=/Common/bar 16:17:06.920311 IP 200.200.200.40.40419 > 200.200.200.101.23: . ack 1 win 65535 out slot1/tmm2 lis=/Common/bar 16:17:06.921807 IP 200.200.200.101.23 > 200.200.200.40.40419: . ack 1 win 5792 in slot1/tmm2 lis=/Common/bar 16:17:11.921239 IP 200.200.200.40.40419 > 200.200.200.101.23: . ack 1 win 65535 out slot1/tmm2 lis=/Common/bar 16:17:11.922911 IP 200.200.200.101.23 > 200.200.200.40.40419: . ack 1 win 5792 in slot1/tmm2 lis=/Common/bar 16:17:16.922554 IP 200.200.200.40.40419 > 200.200.200.101.23: . ack 1 win 65535 out slot1/tmm2 lis=/Common/bar 16:17:16.922970 IP 200.200.200.101.23 > 200.200.200.40.40419: . ack 1 win 5792 in slot1/tmm2 lis=/Common/bar 16:17:21.922125 IP 200.200.200.40.40419 > 200.200.200.101.23: . ack 1 win 65535 out slot1/tmm2 lis=/Common/bar 16:17:21.923134 IP 200.200.200.101.23 > 200.200.200.40.40419: . ack 1 win 5792 in slot1/tmm2 lis=/Common/bar 16:17:26.923613 IP 200.200.200.40.40419 > 200.200.200.101.23: . ack 1 win 65535 out slot1/tmm2 lis=/Common/bar 16:17:26.923952 IP 200.200.200.101.23 > 200.200.200.40.40419: . ack 1 win 5792 in slot1/tmm2 lis=/Common/bar- nitass
as Kevin mentioned, tcp connection will be reset when idle timeout exceeds.
e.g.
// config root@(B6900-R69-S40)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm virtual bar ltm virtual bar { destination 100.100.100.41:23 ip-protocol tcp mask 255.255.255.255 pool foo profiles { tcp { context serverside } tcp-timeout-10s { context clientside } } source 0.0.0.0/0 source-address-translation { type automap } vs-index 4 } root@(B6900-R69-S40)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm pool foo ltm pool foo { members { 200.200.200.101:23 { address 200.200.200.101 } } } root@(B6900-R69-S40)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm profile tcp tcp-timeout-10s ltm profile tcp tcp-timeout-10s { app-service none idle-timeout 10 keep-alive-interval 1800 } // clientside (client ip is 100.100.100.3) [root@B6900-R69-S40:Active:Standalone] config tcpdump -nni 0.0:nnn host 100.100.100.41 and port 23 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 0.0:nnn, link-type EN10MB (Ethernet), capture size 96 bytes ...snipped... 16:23:17.334177 IP 100.100.100.41.23 > 100.100.100.3.40421: P 225:245(20) ack 99 win 4478 16:23:17.334524 IP 100.100.100.3.40421 > 100.100.100.41.23: . ack 245 win 5840 16:23:28.888849 IP 100.100.100.41.23 > 100.100.100.3.40421: R 245:245(0) ack 99 win 4478 // serverside (snat automap ip is 200.200.200.40) [root@B6900-R69-S40:Active:Standalone] config tcpdump -nni 0.0:nnn -s0 host 200.200.200.101 and port 23 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 0.0:nnn, link-type EN10MB (Ethernet), capture size 65535 bytes ...snipped... 16:23:17.334169 IP 200.200.200.101.23 > 200.200.200.40.40421: P 225:245(20) ack 99 win 5792 in slot1/tmm0 lis=/Common/bar flowtype=128 flowid=5700010E3700 peerid=5700010E2C00 conflags=8124 inslot=4 inport=0 haunit=0 priority=3 peerremote=00000000:00000000:0000FFFF:64646403 peerlocal=00000000:00000000:0000FFFF:64646429 remoteport=40421 localport=23 proto=6 vlan=1149 16:23:17.334180 IP 200.200.200.40.40421 > 200.200.200.101.23: . ack 245 win 4624 out slot1/tmm0 lis=/Common/bar flowtype=128 flowid=5700010E3700 peerid=5700010E2C00 conflags=8124 inslot=4 inport=0 haunit=1 priority=3 peerremote=00000000:00000000:0000FFFF:64646403 peerlocal=00000000:00000000:0000FFFF:64646429 remoteport=40421 localport=23 proto=6 vlan=1149 16:23:28.888819 IP 200.200.200.40.40421 > 200.200.200.101.23: R 99:99(0) ack 245 win 4624 out slot1/tmm0 lis=/Common/bar flowtype=128 flowid=5700010E3700 peerid=5700010E2C00 conflags=80812C inslot=4 inport=0 haunit=1 priority=3 rst_cause="[0x1ac6d2a:848] {peer} Flow expired (sweeper) (idle timeout" peerremote=00000000:00000000:0000FFFF:64646403 peerlocal=00000000:00000000:0000FFFF:64646429 remoteport=40421 localport=23 proto=6 vlan=1149