For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

DevBabu_124276's avatar
DevBabu_124276
Icon for Nimbostratus rankNimbostratus
Jul 16, 2015

LTM tcp client profile does not set idle timeout to the configured value

Some, of the users waiting for report, reported that they are receiving timeout and do not get the report. I checked the connection table and found that some of the connections show idle timeout as default 300s. The timeout setting was 1800s on the tcp profile.

I then created a new profile with 3600s and and applied it to virtual server. But still I see some connections with idle timeout set to 300s.

Is this a bug in 11.4.1 HF7.

 1.1.1.1:55230 - 2.2.2.2:443 - 3.3.3.3:55230 - 4.4.4.4:9021

TMM           5
  Type          any
  Acceleration  none
  Protocol      tcp
  Idle Time     140
  Idle Timeout  300 <====================
  Unit ID       1
  Lasthop       /Common/Vlan2 f8:66:f2:0a:6d:c2
  Virtual Path  2.2.2.2:443

   5.5.5.5:50676 - 2.2.2.2:443 - 3.3.3.3:50676 - 4.4.4.4:9021

TMM           4
  Type          any
  Acceleration  none
  Protocol      tcp
  Idle Time     10
  Idle Timeout  3600 <============== THis is good as configured to 3600s
  Unit ID       1
  Lasthop       /Common/Vlan2 f8:66:f2:0a:e4:42
  Virtual Path  2.2.2.2:443

show sys connection cs-server-addr 2.2.2.2 all-properties | grep 300

There are multiple connections with idle timeout set to 300

Idle Timeout  300
  Idle Timeout  300
  Idle Timeout  300
  Idle Timeout  300
  Idle Timeout  300
  Idle Timeout  300
  Idle Timeout  300
  Idle Timeout  300
  Idle Timeout  300
  Idle Timeout  300
  Idle Timeout  300
  Idle Timeout  300
  Idle Timeout  300
  Idle Timeout  300
  Idle Timeout  300
  Idle Timeout  300
  Idle Timeout  300
  Idle Timeout  300
  Idle Timeout  300
  Idle Timeout  300
  Idle Timeout  300
  Idle Timeout  300
  Idle Timeout  300

Thanks

1 Reply

  • VernonWells's avatar
    VernonWells
    Icon for Employee rankEmployee
    Jul 19, 2015

    If you change the tcp profile, it will affect only new connections made after the change. Any existing connections will continue to use whatever tcp profile (and thus, idle timeout) was associated with the Virtual Server when the connection was initiated.

     

    If you are certain that the connections in question were established after the change of tcp profile, and that you are using the same profile on both the client- and server-sides, then I recommend opening a case with F5 Support.