Forum Discussion

Nat24's avatar
Nat24
Icon for Nimbostratus rankNimbostratus
Sep 06, 2023

Removing idle connection

Hi Experts, We are in this kind of situation wherein BIG-IP is keeping connections for more than an hour. We found out the reason why BIG-IP is behaving this way is because the server is continuousl...
application delivery
devops
security
Paulius's avatar
Paulius
Icon for MVP rankMVP
Sep 07, 2023

Nath I haven't had the opportunity to do it but you might be able to monitor the connection and when the F5 sees the keepalive flag come across it can set a timer and then kill the connection after a certain time. I do not believe this is the best use of the F5 because it's unnecessary overhead and is better handled by the server or you can just turn off keepalive if the majority of these connections are just sitting.

Nat24's avatar
Nat24
Icon for Nimbostratus rankNimbostratus
Sep 09, 2023

Thanks Paulius, I think we will just blindly close the session after 30 mins using an iRule. Since we observed that legit traffic with payload only lasts 4-5 seconds per transaction.

Hopefully this iRule help/works on our PROD.

 

when CLIENT_ACCEPTED {

set rtimer 0
after 900000 {
if { not $rtimer} {
log local0. "[virtual] - client ip=[IP::client_addr]:[TCP::client_port]"
drop
}
}

}

 

  • Paulius's avatar
    Paulius
    Icon for MVP rankMVP
    Sep 10, 2023

    Nat24 The downside to arbitrarily closing tcp connections based on time open is they could be legitimate connections that you're closing. If you know most users get what they need in 4-5 seconds per transaction I would just turn off keepalive and then you won't have to deal with reaping connections at all.