For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kishore_chennup's avatar
kishore_chennup
Icon for Nimbostratus rankNimbostratus
Jan 07, 2013

Persistent vs Active

Hi All,

 

 

What is the difference between persiste connectoins and active connectoin on a BIG IP LTM. When I do a show sys conn , is it showing me the active connections or persistent connections as well. The command sh ltm persistence persist-records shows the persistence records. So when I force a node offline, would it kill the persistent connections instantly? or does it wait for the default timeout s 180 seconds to expire.

 

 

Please advise

 

 

Regards

 

config
design

4 Replies

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jan 07, 2013
    is it showing me the active connections or persistent connections as well.it is active connection.

    So when I force a node offline, would it kill the persistent connections instantly? or does it wait for the default timeout s 180 seconds to expire.persistence record is not deleted when forcing node offline. 

    [root@ve10:Active] config  b virtual bar23 list
virtual bar23 {
   snat automap
   pool foo
   destination 172.28.19.252:23
   ip protocol 6
   persist source_addr
}
[root@ve10:Active] config  b pool foo list
pool foo {
   members {
      200.200.200.101:23 {}
      200.200.200.111:23 {}
   }
}

 initial

[root@ve10:Active] config  b pool foo|grep -i pool\ member
+-> POOL MEMBER foo/200.200.200.101:23   active,unchecked
+-> POOL MEMBER foo/200.200.200.111:23   active,unchecked

[root@ve10:Active] config  b conn server 172.28.19.252
No Conns were found.

[root@ve10:Active] config  b persist
No Persistence Table Entries were found.

 telnet to 172.28.19.252

[root@ve10:Active] config  b conn server 172.28.19.252
192.168.206.33:64751 <-> 172.28.19.252:23 <-> 200.200.200.101:23   6 1/0

[root@ve10:Active] config  b persist
PERSISTENT CONNECTIONS
    Type           Virtual                Node
    source addr    172.28.19.252:23   200.200.200.101:23

 force node offline

[root@ve10:Active] config  b node 200.200.200.101 down

[root@ve10:Active] config  b pool foo|grep -i pool\ member
+-> POOL MEMBER foo/200.200.200.101:23   inactive,addr down
+-> POOL MEMBER foo/200.200.200.111:23   active,unchecked

 check connection table and persistence record

[root@ve10:Active] config  b conn server 172.28.19.252
192.168.206.33:64751 <-> 172.28.19.252:23 <-> 200.200.200.101:23   6 1/0

[root@ve10:Active] config  b persist
PERSISTENT CONNECTIONS
    Type           Virtual                Node
    source addr    172.28.19.252:23   200.200.200.101:23

 telnet to 172.28.19.252 (new session)

[root@ve10:Active] config  tcpdump -nni 0.0 port 23
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
12:46:48.131752 IP 192.168.206.33.64752 > 172.28.19.252.23: S 2906823210:2906823210(0) win 8192 
12:46:48.131782 IP 172.28.19.252.23 > 192.168.206.33.64752: S 437456650:437456650(0) ack 2906823211 win 3780 
12:46:48.133808 IP 192.168.206.33.64752 > 172.28.19.252.23: . ack 1 win 260
12:46:48.133863 IP 200.200.200.10.64752 > 200.200.200.111.23: S 3860596109:3860596109(0) win 4380 
12:46:48.134815 IP 200.200.200.111.23 > 200.200.200.10.64752: S 297140567:297140567(0) ack 3860596110 win 5840 
12:46:48.134825 IP 200.200.200.10.64752 > 200.200.200.111.23: . ack 1 win 4380

 check connection table and persistence record

[root@ve10:Active] config  b conn server 172.28.19.252
192.168.206.33:64751 <-> 172.28.19.252:23 <-> 200.200.200.101:23   6 1/0
192.168.206.33:64752 <-> 172.28.19.252:23 <-> 200.200.200.111:23   6 1/0

[root@ve10:Active] config  b persist
PERSISTENT CONNECTIONS
    Type           Virtual                Node
    source addr    172.28.19.252:23   200.200.200.111:23
  • kishore_chennup's avatar
    kishore_chennup
    Icon for Nimbostratus rankNimbostratus
    Jan 07, 2013

    Hi nitass,

     

     

    Thanks for the quick reply. I have been advised by a F5 trainer that forcing the node offlline kills all the persistent connections. On the LTM the node states show as below(taken from the GUI)

     

     

    Enabled (All traffic allowed)

     

    Disabled (Only persistent or active connections allowed)

     

    Forced Offline (Only active connections allowed) <<< not sure if this means that the persistent connections are taken down.

     

     

    So what does forcing a node offline achieve? Also looking at your last output it appears that the active connection is there but the persist record disappeared for node 200.200.101

     

     

    [root@ve10:Active] config b conn server 172.28.19.252

     

    192.168.206.33:64751 <-> 172.28.19.252:23 <-> 200.200.200.101:23 6 1/0

     

    192.168.206.33:64752 <-> 172.28.19.252:23 <-> 200.200.200.111:23 6 1/0

     

     

    [root@ve10:Active] config b persist

     

    PERSISTENT CONNECTIONS

     

    Type Virtual Node

     

    source addr 172.28.19.252:23 200.200.200.111:23 <<< no persist record here. Is it because the timeout value expired?

     

  • kishore_chennup's avatar
    kishore_chennup
    Icon for Nimbostratus rankNimbostratus
    Jan 07, 2013
    Its a bit weird because on a 11.2.1 box I forced the node offline and it killed the persist records. Does that mean its a BUG?
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jan 09, 2013
    no persist record here. Is it because the timeout value expired?it is not timeout. i understand the 200.200.200.101 persistence record is replaced by 200.200.200.111 one.

     

     

    Its a bit weird because on a 11.2.1 box I forced the node offline and it killed the persist records. Does that mean its a BUG?i think you had better open a support case to verify.