Forum Discussion

ST_Wong's avatar
ST_Wong
Icon for Cirrus rankCirrus
Nov 15, 2012

Pls help: can't apply custom tcp profile

Hi all,

 

 

We're using LTM 6400 running BIG-IP 9.3.0 Build 194.1. We tried to specify idle timeout and keep alive interval for particular virtual servers. Then we create our own tcp profile and associate with the virtual server through Protocol Profile (client and server). However, the timeout limit remains to be 300 second (default idle timeout for tcp profile?):

 

 

VIRTUAL 192.168.28.30:any <-> NODE 10.1.15.28:1521

 

CLIENTSIDE 192.168.28.30:50450 <-> 10.1.15.28:1521

 

(pkts,bits) in = (18, 50264), out = (13, 45960)

 

SERVERSIDE 10.1.11.30:50450 <-> 10.1.15.28:1521

 

(pkts,bits) in = (13, 45960), out = (18, 50264)

 

PROTOCOL tcp UNIT 1 IDLE 45 (300) LASTHOP 4093 00:50:56:8b:2c:75

 

 

 

Alternatively, also tried to use simple irule but also no effect at all:

 

 

when SERVER_CONNECTED {

 

IP::idle_timeout 3600

 

}

 

 

 

 

I'm afraid I missed some important steps. Would anyone please help?

 

 

Thanks a lot.

 

 

/st wong

 

 

 

 

config
design

8 Replies

  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Nov 15, 2012
    What command are you using to check? I suspect the IDLE value you are seeing is not for tcp. As you can set it both client and serverside I'd expect to see it shown twice.
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Nov 15, 2012
    I think this is a bug in the 'b conn' display. It's fixed in v11. This shouldn't affect LTM's connection handling.

     

     

    sol12374: The bigpipe utility and the tmsh shell display only the idle time of the client-side connection flow

     

    https://support.f5.com/kb/en-us/solutions/public/12000/300/sol12374.html

     

     

    Aaron
  • ST_Wong's avatar
    ST_Wong
    Icon for Cirrus rankCirrus
    Nov 15, 2012
    Hi all,

     

     

    I use 'b conn client ... destination ... show all to check. I think it's for TCP as it's shown in the last line of output:

     

     

    PROTOCOL tcp UNIT 1 IDLE 45 (300) LASTHOP 4093 00:50:56:8b:2c:75

     

     

    Seems it's not display error as the connection will be closed when the idle time reaches 300.

     

    We applied the custom tcp profile (idle timeout = 3600) to both client and server protocol profile but seems no effect at all. Fyi.

     

     

    Thanks for your reply.

     

     

    /ST Wong
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Nov 16, 2012
    Interesting, this is the second post that reports this issue this week, the other is with a FastL4 profile. Have you confirmed that connections actually timeout after 300s or not?
  • ST_Wong's avatar
    ST_Wong
    Icon for Cirrus rankCirrus
    Nov 18, 2012
    Yes, we monitored the connection through b conn on LTM and tcpdump on the hosts involved. The connection was closed after idle for 300s... :( Thanks.

     

     

    /ST
  • ST_Wong's avatar
    ST_Wong
    Icon for Cirrus rankCirrus
    Nov 19, 2012
    Yes, working with our F5 LTM support :) Thanks a lot.

     

     

    /st
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Nov 20, 2012
    You're welcome. If you can, please let us know how it turns out so others can benefit.