Forum Discussion

gersbah's avatar
gersbah
Icon for Cirrostratus rankCirrostratus
Apr 28, 2021

What does "Proxy Options" do in a tcp profile?

I recently had a case where disabling the "Proxy Options" flag in the server side tcp profile solved a massive performance issue (page load times went from 10-20 seconds with this setting to milliseconds without it).

But I have no clue what it does exactly.

 

The only documentation I was able to find (and it's quite possible that there is more, but Proxy Options is a rather broad search term) is this one:

 

"Specifies, when checked (enabled), that the system advertises an option (such as time stamps) to the server only when the option is negotiated with the client. By default, this setting is enabled."

 

I read this 20 times now, but can't quite wrap my head around it.

To paraphrase, when the option is enabled, the server side options are limited to what has been negotiated with the client.

But does that affect only the option or also the value of said option?

And what is the reverse of that?

When the option is disabled, the server side options can (will?) be different to the ones negotiated with the client. So are they based on some kind of default then (and are those also from the tcp profile? So does that mean the "Proxy Options" flag overrides other settings in the tcp profile?)?

And which options specifically are affected by this? Time stamps are mentioned, but options could also be MSS, window scaling, selective ACKs and a number of more obscure options.

 

I could try to reverse engineer this with tcpdump, or open a support case, but I thought I'd try my luck here first.

 

Cheers!

  • the newer K articles about the TCP profile provide a more definitive explanation, they say it is only time stamps and it seems to start getting disabled by default from version 13.1. so F5 saw that it causes issue is my interpretation of such changes.

     

    14.x: https://support.f5.com/csp/article/K29377715

    13.x: https://support.f5.com/csp/article/K10711911

     

    for sure the question will stay if it perhaps did different things on 12.x and earlier, can't say for 100% sure. support case is the most certain way.

  • Thanks for your reply! Funny enough, I got my version of the description from the "help" menu on a bigip running 14.1 - so I guess this is not regularly updated.

    And if it's only timestamps, that leaves even more questionmarks for me, how this setting could have such a big impact.

     

    I guess if I find the time I will have a look at some tcpdumps for comparison. It's certainly intriguing.

    • boneyard's avatar
      boneyard
      Icon for MVP rankMVP

      yeah, can't think of a reason straight away, if you ever figure it out please share.

  • About the impact, the site below claims:

     

    The timestamps option in TCP enables the endpoints to keep a current measurement of the roundtrip time (RTT) of the network between them. This value helps each TCP stack to set and adjust its retransmission timer. There are other benefits, but RTT measurement is the major one.

     

    https://www.networkdatapedia.com/post/2018/10/08/how-tcp-works-the-timestamp-option#:~:text=What%20is%20a%20TCP%20Timestamp,measurement%20is%20the%20major%20one.

    • gersbah's avatar
      gersbah
      Icon for Cirrostratus rankCirrostratus

      Yes, I also have a sneaking suspicion now that the option did not really fix the problem with this particular web server. There's some packet loss on the way back from the web server to the bigip and timestamps allow the server to retransmit those packets more quickly. I'll try to get a capture from the server side to confirm.

       

      What I can already confirm, is that "Proxy Options" indeed only affects timestamps. At least in my case that was the only difference I observed. With "Proxy Options" disabled, timestamps turned on, but other options like MSS or SACK permitted remained the same and I didn't see any other options added.