Forum Discussion

eric_156978's avatar
eric_156978
Icon for Cirrus rankCirrus
Jul 30, 2017

APM inactivty timeout on large file upload

Hi,

 

I have an APM with the "Inactivity Timeout" set to 900 seconds/15 minutes. All works well and the user is forced to re-authenticate if they don't take an action after that time.

 

The problem I'm running into is that users will upload large files that can potentially take longer than the timeout allows. When this happens, the download fails, rather ungracefully in most cases, and they have to log back in and keep trying over and over.

 

I don't quite understand from a low level what the APM considers a "request", but I feel like if traffic is flowing into the environment from a TCP level, it maybe should honor that and continually tick the timeout counter?

 

I'm also not sure if there are certain uploading methods (ajax vs direct) that may get treated as a request/chunk instead of all or nothing.

 

Has anyone found a good solution or know about this? I know I could spawn a page outside of the download that continually refreshed, but I'd rather avoid that if possible.

 

Thanks!

 

APM
application delivery
BIG-IP
devops

1 Reply

Sort By
  • Jad_Tabbara__J1's avatar
    Jad_Tabbara__J1
    Icon for Cirrostratus rankCirrostratus
    Jul 31, 2017

    Hello Eric,

     

    Based on this article (https://support.f5.com/csp/article/K12300) :

     

    "The Inactivity Timeout setting controls how long (in seconds) a client can keep a live session without sending traffic. The timeout counter is updated based on the Session Update Threshold and Session Update Window settings. These are located in the Network Access configuration Advanced settings regarding client byte rates. If byte rate activity falls below the configured ranges for the Session Update Threshold and the Session Update Window, the Inactivity Timeout will not be reset. If the Inactivity Timeout value is reached the BIG-IP APM system will terminate the session. The default value is set to 900 seconds."

     

    If you select the Network Access used by your APM policy by going to :

     

    Access Policy ›› Network Access : Network Access List ›› Network_Access_Name

     

    You will find in "Advanced mode" under "Network Settings" two settings that by default are set to 0.

     

    • Session Update Threshold (bytes/second)

    "Defines the average byte rate that either ingress or egress tunnel traffic must exceed, in order for the tunnel to update a session. If the average byte rate falls below the specified threshold, the system applies the inactivity timeout, which is defined in the Access Profile, to the session."

     

    • Session Update Window (second)

    "Defines the value that the system uses to calculate the EMA (Exponential Moving Average) byte rate of ingress and egress tunnel traffic."

     

    Based on all these definitions, I can understand that if in average you send or receive more than 0 bytes/second the "Inactivity Timeout" will be reset to 0 and the 900 seconds are only reached once you don't send or receive anything on your Network Access.

     

    So first I recommand you to check these values, If they are not set to 0 maybe you can reduce or step them to 0. If they are already set to 0, you should make a trafic capture from client side (using wireshark or fiddler) to check if during this 900 seconds trafic is going to the VIP destination.

     

    If problem persist I think you need to open a case because it is not working as expected.

     

    Hope it helps

     

    Regards