TCP profile and Idle Timout

I agree with your assessment that the one arm configuration might not be the best solution, but at this time it is what I have to work with. I needed something that provided a zero downtime implementation, and I have multiple services on what you would consider the internal subnet, that need to call into the Virtual Servers. How would the F5 handle traffic for requests to a VIP on the external interface, just to turn it around and load balance it back in. There are other factors that led me to decide with a one arm deployment as well. I might re-address the architecture at a later date, now I am just frustrated with getting this LTM to send out RSTs when my connections exceed the idle timeout settings. I like your suggestion, and will start exploring what that is going to take to get done.

 

 

Reading through the docs, I understand that the 10.2.1 version I am running has an indefinite timeout for automap SNAT connections. I tried to workaround that by setting up a custom SNAT pool and manually setting all timeout values (TCP & IP) to 60 seconds. I have the same setting in my TCP profile. My connections timers are still climbing past 60, and reaching the 360 mark where I force the connection closed on the server side. I also tried an iRule to set the timeout value, and the results were no different. I guess my question would be, is the F5 supposed to be sending RSTs in the configuration? I have followed their documentations, and it reads like it should be, but I haven't seen the expected results.

 

 

Thanks.