cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Why is Loose Close needed with nPath

OcasionalLB
Nimbostratus
Nimbostratus

Hello,

 

I had a case today where I was load balancing traffic to a web server with nPath (Direct server return). I encountered problems with certain API endpoints where, due to the code, there was no activity on the connection for 10-20s while server was gathering content. Connection was always terminated after some time.

 

After reading https://support.f5.com/csp/article/K11116, I enabled Loose Close and everything started to work. F5 describes the loose close parameter: the Loose Close option allows the system to remove a connection when the system receives the first FIN packet from either the client or the server. This helps trim connection table entries because the system can remove the connection entry as soon as the connection officially closes, and the system does not need to maintain the connection table entry.

 

So, I again disabled the loose close and did a tcpdump on server and client and didn't find a FIN package from neither. Why did F5 remove the connection from the connection table when loose close is disabled? Why weren't my endpoints working?

 

Thanks, Matej

2 REPLIES 2

PeteWhite
F5 Employee
F5 Employee

Loose init is more normally the issue with nPath although they generally go together - loose close allows any fin packet to remove the flow. As to why it was the issue, I suggest you do some more investigation to see what was going wrong previously - it was probably related to the source port preservation rather than the loose close

F5 manual says to enable Loose close when configuring nPath.

 

In my case, if I disable Loose close, it stops working. Looking at the tcpdump from the client and the server, I can see servers sending content back to the client, client is ACK-ing it, but the ACK is never passed from F5 to the server. This is why I suspect the F5 removes the connection from connection table, but I'm not sure why. As soon as I enable Loose close, it starts working.

 

Idle timeout was set to 300s and TCP close timeout to 5s.