Forum Discussion

alex_yegorov_18's avatar
alex_yegorov_18
Icon for Nimbostratus rankNimbostratus
Jan 14, 2015

Source Address Affinity persistence timeout option

Hi F5 community, question is that : timeout (say, default 180s) starts ticking since connection was first time routed to specific server - is it reset back to default (180s) or preset value each time when connection from the same IP comes in in about 60 seconds, so that it has 180s to expire again? Or after 180s since initial time when connection was established persistence is expired anyway? What can you say based on your experience?

 

  • Hi,

     

    I wonder what exactly is refreshing timer:

     

    • Any packet over existing TCP connection - I assume that L7 session, transactions or whatever is not involved as it's pure L3 persistence - only src IP (even not IP:port pair)
    • Only new SYN packet - so establishing NEW TCP connection.

    That is quite big difference considering LB skew. Let's assume such scenario:

     

    • First SYN packet received from given IP, 3WHS completed, LB used to choose member, persistence record created
    • First data packet arriving over established TCP connection - persistence timer reset to initial value
    • After a while following packets arriving - for each packet timer reset
    • Any new TCP connection will be as well directed to the same member

    Because each packet over existing TCP connection is resetting persistence timer same IP can be directed to the same member for a long time - even if it's not longer necessary.

     

    Now second scenario:

     

    • First SYN packet received from given IP, 3WHS completed, LB used to choose member, persistence record created
    • Packets are flowing over created TCP connection without resetting timer
    • Packet with SYN arrives from same IP, persistence record did not timed out so TCP connection is directed to the same member, timer is reset

    In such case LB can be much more even because persistence record can expire much faster.

     

    So which one is true scenario?

     

    Piotr

     

  • Timeout will reset to 180 sec when We send a new request. (Tested in my lab)

     

  • The timer will refresh/reset as long as traffic is coming in. I'll have to check as it may not refresh immediately. We had a recent issue where we monitored this for traffic in a 'match across services' configuration and I found that the record refreshed about every 30 seconds as long as traffic was active.

     

    So as long as the device is receiving traffic for a configured virtual that matches the record, the record will stay 'fresh'. I'll have to follow up or hopefully someone else can chime in and clarify if persistence records are periodically refreshed or continually refreshed. I know at least in one case ('match across services') the records were refreshed every ~30 seconds.

     

    -Ed