Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral


Questions and Answers

Loading... Loading...

Hello guys,

I have a requirement to have a long TCP idle timeout for 15,000 or so TCP ports across 20 or 30 destination subnets.

Ideally I'd create just those 20 or 30 Virtual Servers to match the subnets and just have ALL traffic to them have the long idle timers, but I'd like the granularity to be able to target the exact ports. If a Virtual Server could match a range of ports I'd be fine, but we can only match on a single port.

The way I see it, I'm going to need to create 15,000 ports X 30 Addresses = 450,000 virtual servers. Not exactly practical!

I've tried using the "virtual" command to match the specific connections and forwarding them onto another VIP with a longer idle timeout, but the timeout on the first virtual server takes precedence.

I just cannot think of a solution to this problem.

 

Anyone have any ideas?

 

Thanks,

Yoggit


3 Answer(s):

An iRule could be used to check for the port and then set the idle timeout using IP::idle_timeout if it's in the range you're concerned with. How you check the port is within the range however is possibly beyond me I'm afraid. Is it a contiguous range of ports?

i just did a quick tests and I think you've nailed it!

ip::idle_timeout can be set within an iRule, and I can work from there.

 

Thanks :)

 

-Yoggit

Great. You're welcome.

Your answer:

You must be logged in to reply. You can login here.