Forum Discussion

dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
Mar 18, 2015

SNAT, VS and multiple Idle Timeout setting

Hi,   I am a bit lost how Idle Timeout (IT) is managed when there are different object involved for given connection.   VS has Idle Timeout set via TCP profile (let's say it's Standard VS), SNA...
application delivery
design
LTM
TMOS
nitass's avatar
nitass
Icon for Employee rankEmployee
Mar 24, 2015

i might be wrong but i think only one idle timeout is being used (depending on which one is chosen).

 configuration - tcp idle timeout is 300s, snat ip idle timeout is indefinite

root@(ve11b)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    cmp-enabled no
    destination 172.28.24.10:80
    ip-protocol tcp
    mask 255.255.255.255
    pool foo
    profiles {
        tcp { }
    }
    source 0.0.0.0/0
    source-address-translation {
        pool norf
        type snat
    }
    vs-index 19
}
root@(ve11b)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm profile tcp tcp idle-timeout
ltm profile tcp tcp {
    idle-timeout 300
}
root@(ve11b)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm snatpool norf
ltm snatpool norf {
    members {
        200.200.200.55
        200.200.200.66
        200.200.200.77
    }
}
root@(ve11b)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm snat-translation all ip-idle-timeout
ltm snat-translation 200.200.200.55 {
    ip-idle-timeout indefinite
}
ltm snat-translation 200.200.200.66 {
    ip-idle-timeout indefinite
}
ltm snat-translation 200.200.200.77 {
    ip-idle-timeout indefinite
}

 client - create 2 connections (in sequence) from the same source port

[root@centos1 ~] nc -p 10000 172.28.24.10 80
GET /



This is 101 host.



[root@centos1 ~]
[root@centos1 ~]
[root@centos1 ~]
[root@centos1 ~] nc -p 10000 172.28.24.10 80
GET /



This is 101 host.



[root@centos1 ~]

 connection table - different snat ip is used.

[root@ve11b:Active:In Sync] config  date; tmsh show sys connection cs-server-port 80 all-properties
Tue Mar 24 21:22:15 SGT 2015
Sys::Connections
172.28.24.1:10000 - 172.28.24.10:80 - 200.200.200.55:10000 - 200.200.200.101:80
-------------------------------------------------------------------------------
  TMM           0
  Type          any
  Acceleration  none
  Protocol      tcp
  Idle Time     2
  Idle Timeout  300
  Unit ID       1
  Lasthop       /Common/external 00:50:56:b3:59:8d
  Virtual Path  172.28.24.10:80
  Conn Id 0

                      ClientSide            ServerSide
  Client Addr  172.28.24.1:10000  200.200.200.55:10000
  Server Addr    172.28.24.10:80    200.200.200.101:80
  Bits In                    896                   448
  Bits Out                   480                   896
  Packets In                   2                     1
  Packets Out                  1                     2

Total records returned: 1

[root@ve11b:Active:In Sync] config  date; tmsh show sys connection cs-server-port 80 all-properties
Tue Mar 24 21:22:24 SGT 2015
Sys::Connections
Total records returned: 0

[root@ve11b:Active:In Sync] config  date; tmsh show sys connection cs-server-port 80 all-properties
Tue Mar 24 21:22:29 SGT 2015
Sys::Connections
172.28.24.1:10000 - 172.28.24.10:80 - 200.200.200.66:10000 - 200.200.200.101:80
-------------------------------------------------------------------------------
  TMM           0
  Type          any
  Acceleration  none
  Protocol      tcp
  Idle Time     3
  Idle Timeout  300
  Unit ID       1
  Lasthop       /Common/external 00:50:56:b3:59:8d
  Virtual Path  172.28.24.10:80
  Conn Id 0

                      ClientSide            ServerSide
  Client Addr  172.28.24.1:10000  200.200.200.66:10000
  Server Addr    172.28.24.10:80    200.200.200.101:80
  Bits In                    896                   448
  Bits Out                   480                   896
  Packets In                   2                     1
  Packets Out                  1                     2

Total records returned: 1