time wait
1 TopicTCP close vs active close and timers
Hi, I already read few great post here as well as some articles but I am still not sure how things are working on BIG-IP. First of all I wonder if there is a way to monitor connection states via some command on BIG-IP (like FIN_WAIT, TIME_WAIT etc.). I know on the host subsystem netstat -ano can be used, but this command is not reporting any TMM managed connections. When tmsh show sys connection cs-client-addr all-properties is used there is as well no info about current connection state. I can probably use tmsh show ltm profile tcp for that - but that is only possible in test environment when I can just send single connection, not so easy in production 😞 So I can do watch -n 1 'tmsh show ltm profile tcp lamp-cs-tcp-lan-optimized | grep 'Connections' -A9' for that. Now I have issue which timers are used on what situation. Scenario 1 (all performed on v11.2.0HF7) Client connects to VS BIG-IP send FIN-ACK to client What kind of close is used for such scenario? Rather not standard close when connection initiator (client) sends FIN, so I guess active close like that: Now which timers will be used for such case by BIG-IP? My guess is: Fin Wait Close Wait Time Wait Let's say BIG-IP received ACK to FIN but not FIN from client. Which timer will be used? What state connections is - still FIN_WAIT_1? Or not because there is no FIN from client? From monitoring I can see that BIG-IP is entering FIN-WAIT/CLOSING state and stays in this state until Idle Timeout expires - pitty that there is no way to say if it's FIN-WAIT or CLOSING state. Why so? Because there is no FIN from client? If I will send FIN-ACK from client then connection enters TIME-WAIT state immediately after BIG-IP replies with ACK. So why Fin Wait timer is not triggered here? Scenario 2 Client connects to VS Client send FIN-ACK to BIG-IP I assume that we have now standard close like that: Timers used seems to be only: Close Wait Time Wait Fin Wait is not used as this is state on client side not on BIG-IP side - or I am wrong? Another question is what action is performed after each timer expires (assuming BIG-IP closes connection - I guess happens usually more often on server side than client side): Fin Wait - BIG-IP already send FIN, entered FIN_WAIT_1, no ACK from client. Will this timer be triggered, if so what will happen when expired: RST from BIG-IP (if Reset On Timeout enabled?) Nothing Timer will not trigger and Idle Timeout will be used - consider that from test it seems that nothing happens and Idle Timeout is used Close Wait - BIG-IP received FIN from client, entering CLOSING state, same question as above - what happen if there will be no ACK to BIG-IP FIN? Time Wait - BIG-IP send ACK to client FIN and received ACK to its own FIN - that part seems to be working, TIME-WAIT state is reported and disappear after Time Wait timeout (2s) Piotr1.1KViews0likes1Comment