Investigating the LTM TCP Profile: The Finish Line

Introduction

The LTM TCP profile has over thirty settings that can be manipulated to enhance the experience between client and server.  Because the TCP profile is applied to the virtual server, the flexibility exists to customize the stack (in both client & server directions) for every application delivered by the LTM.  In this series, we will dive into several of the configurable options and discuss the pros and cons of their inclusion in delivering applications.
  1. Nagle's Algorithm
  2. Max Syn Retransmissions & Idle Timeout
  3. Windows & Buffers
  4. Timers
  5. QoS
  6. Slow Start
  7. Congestion Control Algorithms
  8. Acknowledgements
  9. Extended Congestion Notification & Limited Transmit Recovery
  10. The Finish Line
Quick aside for those unfamiliar with TCP: the transmission control protocol (layer 4) rides on top of the internet protocol (layer 3) and is responsible for establishing connections between clients and servers so data can be exchanged reliably between them. 

Normal TCP communication consists of a client and a server, a 3-way handshake, reliable data exchange, and a four-way close.  With the LTM as an intermediary in the client/server architecture, the session setup/teardown is duplicated, with the LTM playing the role of server to the client and client to the server.  These sessions are completely independent, even though the LTM can duplicate the tcp source port over to the server-side connection in most cases, and depending on your underlying network architecture, can also duplicate the source IP.

Deferred Accept

Disabled by default, this option defers the allocation of resources to the connection until payload is received from the client.  It is useful in dealing with three-way handshake DoS attacks, and delays the allocation of server-side resources until necessary, but delaying the accept could impact the latency of the server responses, especially if OneConnect is disabled.

Bandwidth Delay

This setting, enabled by default, specifies that the tcp stack tries to calculate the optimal bandwidth based on round-trip time and historical throughput.  This product would then help determine the optimal congestion window without first exceeding the available bandwidth.

Proxy MSS & Options

These settings signal the LTM to only use the MSS and options negotiated with the client on the server-side of the connection.  Disabled by default, enabling them doesn't allow the LTM to properly isolate poor TCP performance on one side of the connection nor does it enable the LTM to offload the client or server.  The scenarios for these options are rare and should be utilized sparingly.  Examples: troubleshooting performance problems isolated to the server, or if there is a special case for negotiating TCP options end to end.

Appropriate Byte Counting

Defined in RFC 3465, this option calculates the increase ot the congestion window on the number of previously unacknowledged bytes that each ACK covers.  This option is enabled by default, and it is recommended for it to remain enabled.  Advantages: more appropriately increases the congestion window, mitigates the impact of delayed and lost acknowledgements, and prevents attacks from misbehaving receivers.  Disadvantages include an increase in burstiness and a small increase in the overall loss rate (directly related to the increased aggressiveness)

Congestion Metrics Cache

This option is enabled by default and signals the LTM to use route metrics to the peer for initializing the congestion window.  This improves the initial slow-start ramp for previously encountered peers as the congestion information is already known and cached.  If the majority of the client base is sourced from rapidly changing and unstable routing infrastructures, disabling this option ensures that the LTM will not use bad information leading to wrong behavior upon the initial connection.

Conclusion

This concludes our trip through the TCP profile, I hope you've enjoyed the ride.  I'd like to thank the developers, UnRuleY in particular, for their help along the way.

Update: This series is a decade+ old. Still relevant, but Martin Duke wrote a series of articles on the TCP profile as well with updates and considerations you should read up on as well.

Updated Nov 30, 2023
Version 3.0
  • Nothing in this article discusses the Keep Alive Interval relationship to the TCP profile
  • Really nice article. With so many settings, it's difficult to track down what each does. Rate pacing is a newer feature not covered here but good read on it @ https://devcentral.f5.com/s/articles/tcp-pace-yourself