source address persistence maximum session timeout

Question

Understand that the source address persistence session timeout will start once the session goes idle (no traffic).

1.What is the maximum timeout setting?

2.The default value is 180s, any possible impact if we increase the timeout value to 4 hours?

paulius · Accepted Answer

williamcs The following are the answers to your questions.
1. Based on F5 documentation the value can be within range 1 and 2,147,483,647.
2. The only real downside I see to increasing the timeout value higher than the default is if you have a high connection virtual server you could theoretically reach a very large persistence table which would cause performance degredation.

mohamed_salah_ · Answer

Hello,
Generally speaking on the source address persistence, LTM creates a new persistence record as netmask is /32 which makes a new record for each request. As the number of sources increases, the number of records created and saved locally in the persistence table increases which might be an issue. So such a large list of persistence records can become a resource issue for LTM.
To avoid this issue, you can create a custom source address persistence profile and change the mask to (for example: /24) to avoid creating many entries. but you will face another issue, and more users will be identified as coming from the same source.
So based on the above, if you increased the timeout, the entries will be saved for a longer time, and the table will become very large which might be resource intensive based on the number of requests.
I'm not seeing any articles mentioning performance issues when increasing the timeout, but it logically might have an issue because these entries are saved locally on F5, and the more sources access the service with (a long timeout) the more entries will be saved on F5 without clearing the old ones.
Thanks,
&nbsp;

amine_kadimi · Answer

1. you can set it to 'undefinite' and the persistence entry will not time out (I'm not aware of any use case of this)
2. No but.. There is no impact because 180s is often unsufficient and we often set it to 30mn to 12 hours or more, but theoretically if you have a huge number of users, the persistence table will get extremely large and this is bad for performance. In this case, you can use cookie persistence or if you have to use source persistence you can specify a shorter prefix length

williamcs · Answer

Hi Paulius ,Can you share the link of the document?

williamcs · Answer

Hi Amine_Kadimi ,Yes, I'm thinking to change to either SSL or cookie persistence. Which would be recommended if the vs is mainly for https web browser?

paulius · Answer

williamcs Sadly I am not able to find the documentation that I am referencing because it was some obscure page. I logged into one of my F5 devices and it seems as though the timeout can be a specified large range or you can change "specify" to "Indefinite" which means the persistence entry would last forever if you picked the "Indefinite" option. I would say setting this value would also have the same result as my answer for question number 2 above but to a much greater extreme. I do not see any instance other than for testing purposes where you should ever set your persistence timeout to "Indefinite" because of this.

Forum Discussion

source address persistence maximum session timeout

7 Replies

Recent Discussions

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

Related Content

Decoding the IPv4 address from the persistence cookie

BIGIP VE maximum connections capability

CSV to Address External Datagroup File

Setting up persistence in F5 XC

SNAT IP address logging