IP::idle_timeout Issue

Question

I have a "IP::idle_timeout" setting of 1800 seconds that I apply to traffic when the Host header starts with the word "server".  The problem is that some of the traffic gets the 1800 seconds timeout and some of it doesn't(defaults to 300 seconds).  I've applied logging in the irule to see the before and after idle setting which shows it should be set to 1800 seconds but when I look at the connection table it only has the default idle setting of 300 seconds.  Anyone see an error in my logic below?&nbsp;
viprion 2400 running BIG-IP 11.2.0 Build 2451.0 Hotfix HF1&nbsp;
 &nbsp;
ltm virtual /legacy/virtual_443 {&nbsp;
    destination /legacy/10.1.1.1:443&nbsp;
    ip-protocol tcp&nbsp;
    mask 255.255.255.255&nbsp;
    partition legacy&nbsp;
    persist {&nbsp;
        /legacy/persist_virtual_profile {&nbsp;
            default yes&nbsp;
        }&nbsp;
    }&nbsp;
    pool /legacy/virtual_7777&nbsp;
    profiles {&nbsp;
        http_redirect_rewrite_profile { }&nbsp;
        tcp-lan-optimized {&nbsp;
            context serverside&nbsp;
        }&nbsp;
        tcp-wan-optimized {&nbsp;
            context clientside&nbsp;
        }&nbsp;
        wildcard_virtual_cert {&nbsp;
            context clientside&nbsp;
        }&nbsp;
    }&nbsp;
    rules {&nbsp;
        /legacy/redirect_some_virtual_to_http_rule_3&nbsp;
        header_insert_https_indicator&nbsp;
        default_snat_rule&nbsp;
    }&nbsp;
    vlans-disabled&nbsp;
}&nbsp;
ltm rule /legacy/redirect_some_virtual_to_http_rule_3 {&nbsp;
    partition legacy&nbsp;
    when HTTP_REQUEST {&nbsp;
       set http_host [string tolower [HTTP::header "Host"]]&nbsp;
       set http_uri [HTTP::uri]&nbsp;
 &nbsp;
       if { $http_host starts_with "server" } {&nbsp;
            IP::idle_timeout 1800&nbsp;
            persist none&nbsp;
            HTTP::header insert Secure-mode SSL&nbsp;
            use pool virtual_8888&nbsp;
       }&nbsp;
       elseif { $http_uri starts_with "/config" or&nbsp;
                $http_uri starts_with "/login" or&nbsp;
                $http_uri starts_with "/ui" or&nbsp;
                $http_uri starts_with "/utils" } {&nbsp;
            HTTP::header insert Secure-mode SSL&nbsp;
            use pool virtual_7777&nbsp;
       }&nbsp;
       else {&nbsp;
            HTTP::redirect "http://$http_host$http_uri"                           &nbsp;
      }                                                                        &nbsp;
   }&nbsp;
}&nbsp;
 &nbsp;

hooleylist · Answer

Can you post the default_snat_rule definition?  I wonder if that SNAT iRule is forcing a 300 second idle timeout when SNAT is selected.&nbsp;
Aaron&nbsp;

dlhace · Answer

I ran into this same problem.  I wanted to reset the idle_timeout only for certain things.&nbsp;
I found the resolution in the documentation for IP::idle_timeout.
https://devcentral.f5.com/wiki/iRules.IP__idle_timeout.ashx&nbsp;
It appears that if you set idle timeout at the VIP level it set it for both client and server.  But when I tried to set it in the irule I was only setting the client.  The server needs to also be set so both sides are maintained.&nbsp;

Forum Discussion

IP::idle_timeout Issue

2 Replies

Recent Discussions

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Related Content

Regex issue

F5 GTM resolution issue

Irule Example Issue

Issue on management route

F5 virtual edition license issue.