Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

Custom TCP Idle Time_out

I have a requirement to configure a custom TCP_IDLE timeout.

  1. All the users can only access the network resources after connecting to the SSL VPN on the F5 APM.
  2. One of the Data-Base query is failing right after the 2 hours.
  3. its just the DB getting time out, the VPN stays UP though.
  4. Packet captures shows its the F5 sending the Reset.
  5. Support suggested to increase the Tcp idle time out.

If i want to have different TCP IDLE_TIMEOUT value for only the traffic destined to the 1521 , can i apply the irule on the VIP (where the SSL VPN is terminated).

when CLIENT_ACCEPTED { set dg_port [TCP::server_port] if {$db_port equal 1521} { TCP::idletime 10800 } }

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi,

to change TCP inactivity timeout on inner connection, you must first create a virtual server and change the timeout value. the easiest solution without irule is to create one virtual server:

  • destination : 0.0.0.0/0
  • destination port : 1521
  • type : formwarding IP
  • enable on VLAN : Connectivity profile
  • protocol : TCP
  • protocol profile : fastL4_sqlnet

and one protocol profile fastL4_sqlnet from parent fastL4 with idle timeout set to 10800

1
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

According to this, the command is TCP::idle_timeout 10800

0
Comments on this Answer
Comment made 1 month ago by Reddy 57

Thanks Rico!!

I tried to spike the IDLE Timeout to 10800, but no luck. Can i try the TCP Keep alive?

0
Comment made 1 month ago by Rico 854

Im not sure that the TCP Keep Alive option is changeable in an iRule, that would need to be something you edit in your TCP profile. Since iRules can only run after the TCP connection is established, there are somethings that cannot change.

0