Keepalive v TCP Idle timeout

Employee

Aug 10, 2014

as Kevin mentioned, tcp connection will be reset when idle timeout exceeds.

e.g.

// config

root@(B6900-R69-S40)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 100.100.100.41:23
    ip-protocol tcp
    mask 255.255.255.255
    pool foo
    profiles {
        tcp {
            context serverside
        }
        tcp-timeout-10s {
            context clientside
        }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 4
}
root@(B6900-R69-S40)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
    members {
        200.200.200.101:23 {
            address 200.200.200.101
        }
    }
}
root@(B6900-R69-S40)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm profile tcp tcp-timeout-10s
ltm profile tcp tcp-timeout-10s {
    app-service none
    idle-timeout 10
    keep-alive-interval 1800
}

// clientside (client ip is 100.100.100.3)

[root@B6900-R69-S40:Active:Standalone] config  tcpdump -nni 0.0:nnn host 100.100.100.41 and port 23
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0:nnn, link-type EN10MB (Ethernet), capture size 96 bytes
...snipped...
16:23:17.334177 IP 100.100.100.41.23 > 100.100.100.3.40421: P 225:245(20) ack 99 win 4478 
16:23:17.334524 IP 100.100.100.3.40421 > 100.100.100.41.23: . ack 245 win 5840 

16:23:28.888849 IP 100.100.100.41.23 > 100.100.100.3.40421: R 245:245(0) ack 99 win 4478

// serverside (snat automap ip is 200.200.200.40)

[root@B6900-R69-S40:Active:Standalone] config  tcpdump -nni 0.0:nnn -s0 host 200.200.200.101 and port 23
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0:nnn, link-type EN10MB (Ethernet), capture size 65535 bytes
...snipped...
16:23:17.334169 IP 200.200.200.101.23 > 200.200.200.40.40421: P 225:245(20) ack 99 win 5792  in slot1/tmm0 lis=/Common/bar flowtype=128 flowid=5700010E3700 peerid=5700010E2C00 conflags=8124 inslot=4 inport=0 haunit=0 priority=3 peerremote=00000000:00000000:0000FFFF:64646403 peerlocal=00000000:00000000:0000FFFF:64646429 remoteport=40421 localport=23 proto=6 vlan=1149
16:23:17.334180 IP 200.200.200.40.40421 > 200.200.200.101.23: . ack 245 win 4624  out slot1/tmm0 lis=/Common/bar flowtype=128 flowid=5700010E3700 peerid=5700010E2C00 conflags=8124 inslot=4 inport=0 haunit=1 priority=3 peerremote=00000000:00000000:0000FFFF:64646403 peerlocal=00000000:00000000:0000FFFF:64646429 remoteport=40421 localport=23 proto=6 vlan=1149

16:23:28.888819 IP 200.200.200.40.40421 > 200.200.200.101.23: R 99:99(0) ack 245 win 4624 out slot1/tmm0 lis=/Common/bar flowtype=128 flowid=5700010E3700 peerid=5700010E2C00 conflags=80812C inslot=4 inport=0 haunit=1 priority=3 rst_cause="[0x1ac6d2a:848] {peer} Flow expired (sweeper) (idle timeout" peerremote=00000000:00000000:0000FFFF:64646403 peerlocal=00000000:00000000:0000FFFF:64646429 remoteport=40421 localport=23 proto=6 vlan=1149

Forum Discussion

Keepalive v TCP Idle timeout

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

APM session inactivity timeoute VS. TCP idle timout

idle timeout for admin session on BigIP

TCP Session Keepalive and Idle timeout

Investigating the LTM TCP Profile: Max Syn Retransmissions & Idle Timeout

big3d timeouts

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS