The LTM TCP profile has over thirty settings that can be manipulated to enhance the experience between client and server.  Because the TCP profile is applied to the virtual server, the flexibility exists to customize the stack (in both client & server directions) for every application delivered by the LTM.  In this series, we will dive into several of the configurable options and discuss the pros and cons of their inclusion in delivering applications.
  1. Nagle's Algorithm
  2. Max Syn Retransmissions & Idle Timeout
  3. Windows & Buffers
  4. Timers
  5. QoS
  6. Slow Start
  7. Congestion Control Algorithms
  8. Acknowledgements
  9. Extended Congestion Notification & Limited Transmit Recovery
  10. The Finish Line
Quick aside for those unfamiliar with TCP: the transmission control protocol(layer 4) rides on top of the internet protocol(layer 3) and is responsible for establishing connections between clients and servers so data can be exchanged reliably between them. 

Normal TCP communication consists of a client and a server, a 3-way handshake, reliable data exchange, and a four-way close.  With the LTM as an intermediary in the client/server architecture, the session setup/teardown is duplicated, with the LTM playing the role of server to the client and client to the server.  These sessions are completely independent, even though the LTM can duplicate the tcp source port over to the server side connection in most cases, and depending on your underlying network architecture, can also duplicate the source IP.

Delayed Acknowledgements

 The delayed acknowledgement was briefly mentioned back in the first tip in this series when we were discussing Nagle's algorithm.  Delayed acknowledgements are (most implementations, including the LTM) sent every other segment (note that this is not required, it can be stretched in some implementations) typically no longer than 100ms and never longer than 500ms. Disabling the delayed acknowledgement sends more packets on the wire as the ack is sent immediately upon receipt of a segment instead of being temporarily queued to piggyback on a data segment.  This drives up bandwidth utilization (even if the increase per session is marginal, consider the number of connections the LTM is handling) and requires additional processing resources to handle the additional packet transfers.  F5 does not recommend disabling this option. 

Selective Acknowledgements

 Traditional TCP receivers acknowledge data cumulatively.  In loss conditions, the TCP sender can only learn about  a lost segment each round trip time, and retransmits of successfully received segments cuts throughput significantly.  With Selective Acknowlegments (SACK, defined in RFC 2018) enabled, the receiver can send an acknowledgement informing the sender of the segments it has received.  This enables the sender to retransmit only the missing segments.

There are two TCP options for selective acknowledgements.  Because SACK is not required, it must be negotiated at session startup between peers.  First is the SACK-Permitted option, which has a two byte length and is negotiated in the establishment phase of the connection.  It should not be set in a non-SYN segment.  Second is the TCP SACK option, which has a variable length, but cannot exceed the 40 bytes available to TCP options, so the maximum blocks of data that can be selectively acknowledged at a time is four.  Note that if your profile has the RFC 1323 High Performance extensions enabled (it is by default) the maximum blocks is limited to three.  A block represents received bytes of data that are contiguous and isolated (data immediately prior and immediately after is missing).  Each block is defined by two 32-bit unsigned integers in network byte order: the first integer stores the left edge (first sequence number) of the block and the second integer stores the right edge (sequence number immediately following the last sequence number of the block).  This option is enabled in the default profile and F5 does not recommend disabling it.  For a nice visual walkthrough on selective acknowledgements, check out this article at Novell.


The D-SACK option (RFC 2883) enables SACK on duplicate acknowledgements.  Remember that a duplicate acknowledgement is sent when a receiver receives a segment out of order.  This option, first available in LTM version 9.4, is disabled by default and is not recommended unless the remote peers are known to also support D-SACK.

ACK on Push

 This option signals the LTM to immediately acknowledge a segment received with the TCP PUSH flag set, which will override the delayed acknowledgement mechanism, which acts like only having delayed ACKs during bulk transfers.  The result is equivalent bulk transfer efficiency as if delayed acknowledgements were on but the same transaction rates as if delayed acknowledgements were off.  This option is disabled in the default profile, but is enabled in the pre-configured tcp-lan-optimized profile.


Get the Flash Player to see this player.