Forum Discussion
Nimbostratusregarding tcp profile timeout (configured) vs snat pool timeout (indefinite)
Hi F5 experts, we are running 11.6.0.I would like to clear my understanding regarding tcp profile timeout vs snat pool timeout. if i have a tcp profile idle time out value of 300sec and a indefinite snat pool timeout ( i guess its indefinite if we dont configure anything), which value will be considered to reap the connection.
1 Reply
Hannes_RappThe timeout values as set in TCP profile matter. You may consider SNAT idle timeout values as pseudo-configuration that can be ignored at all times. A bit overstated, but you really can use whatever (i.e. default) SNAT timeout value you like, regardless of the TCP/UDP timeout you want.
-
Considering a scenario when SNAT timeout is exceeded and TCP timeout is not exceeded, the TCP session for the client can resume without interruption. F5 will just insert a new SNAT record to its table. Apart from a micro-delay, there's no impact to customer. Just don't set the SNAT idle timeout value too low (i.e. 1 or 2 seconds) as this will increase your CPU usage due to repetitive insertions and removals of SNAT records.
-
Assuming default settings, if a TCP profile timeout is exceeded, F5 will respond with TCP/RST in an attempt to hear back from client or server.
FYI: The indefinite SNAT timeout configuration is silently capped to 300 seconds. So in reality all SNAT records have a finite timeout value after which they will be removed.
-
