Forum Discussion

HenryO_166334's avatar
HenryO_166334
Icon for Nimbostratus rankNimbostratus
Aug 09, 2014

Keepalive v TCP Idle timeout

Hi   In relation to F5 Load balancing, could someone explain to me the difference between the Keepalive and TCP Idle timeout?   Client > F5 > Server in Server pool   Does one relate to clien...
management
nitass's avatar
nitass
Icon for Employee rankEmployee
Aug 10, 2014

as Kevin mentioned, tcp connection will be reset when idle timeout exceeds.

e.g.

// config

root@(B6900-R69-S40)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 100.100.100.41:23
    ip-protocol tcp
    mask 255.255.255.255
    pool foo
    profiles {
        tcp {
            context serverside
        }
        tcp-timeout-10s {
            context clientside
        }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 4
}
root@(B6900-R69-S40)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
    members {
        200.200.200.101:23 {
            address 200.200.200.101
        }
    }
}
root@(B6900-R69-S40)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm profile tcp tcp-timeout-10s
ltm profile tcp tcp-timeout-10s {
    app-service none
    idle-timeout 10
    keep-alive-interval 1800
}

// clientside (client ip is 100.100.100.3)

[root@B6900-R69-S40:Active:Standalone] config  tcpdump -nni 0.0:nnn host 100.100.100.41 and port 23
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0:nnn, link-type EN10MB (Ethernet), capture size 96 bytes
...snipped...
16:23:17.334177 IP 100.100.100.41.23 > 100.100.100.3.40421: P 225:245(20) ack 99 win 4478 
16:23:17.334524 IP 100.100.100.3.40421 > 100.100.100.41.23: . ack 245 win 5840 

16:23:28.888849 IP 100.100.100.41.23 > 100.100.100.3.40421: R 245:245(0) ack 99 win 4478

// serverside (snat automap ip is 200.200.200.40)

[root@B6900-R69-S40:Active:Standalone] config  tcpdump -nni 0.0:nnn -s0 host 200.200.200.101 and port 23
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0:nnn, link-type EN10MB (Ethernet), capture size 65535 bytes
...snipped...
16:23:17.334169 IP 200.200.200.101.23 > 200.200.200.40.40421: P 225:245(20) ack 99 win 5792  in slot1/tmm0 lis=/Common/bar flowtype=128 flowid=5700010E3700 peerid=5700010E2C00 conflags=8124 inslot=4 inport=0 haunit=0 priority=3 peerremote=00000000:00000000:0000FFFF:64646403 peerlocal=00000000:00000000:0000FFFF:64646429 remoteport=40421 localport=23 proto=6 vlan=1149
16:23:17.334180 IP 200.200.200.40.40421 > 200.200.200.101.23: . ack 245 win 4624  out slot1/tmm0 lis=/Common/bar flowtype=128 flowid=5700010E3700 peerid=5700010E2C00 conflags=8124 inslot=4 inport=0 haunit=1 priority=3 peerremote=00000000:00000000:0000FFFF:64646403 peerlocal=00000000:00000000:0000FFFF:64646429 remoteport=40421 localport=23 proto=6 vlan=1149

16:23:28.888819 IP 200.200.200.40.40421 > 200.200.200.101.23: R 99:99(0) ack 245 win 4624 out slot1/tmm0 lis=/Common/bar flowtype=128 flowid=5700010E3700 peerid=5700010E2C00 conflags=80812C inslot=4 inport=0 haunit=1 priority=3 rst_cause="[0x1ac6d2a:848] {peer} Flow expired (sweeper) (idle timeout" peerremote=00000000:00000000:0000FFFF:64646403 peerlocal=00000000:00000000:0000FFFF:64646429 remoteport=40421 localport=23 proto=6 vlan=1149