Persistent vs Active

Question

Hi All,&nbsp;
 &nbsp;
What is the difference between persiste connectoins and active connectoin on a BIG IP LTM. When I do a show sys conn , is it showing me the active connections or persistent connections as well. The command sh ltm persistence persist-records shows the persistence records. So when I force a node offline, would it kill the persistent connections instantly? or does it wait for the default timeout s 180 seconds to expire.&nbsp;
 &nbsp;
Please advise&nbsp;
 &nbsp;
Regards&nbsp;

nitass · Answer

is it showing me the active connections or persistent connections as well.it is active connection. 
  
 So when I force a node offline, would it kill the persistent connections instantly? or does it wait for the default timeout s 180 seconds to expire.persistence record is not deleted when forcing node offline. 
  
 [root@ve10:Active] config  b virtual bar23 list
virtual bar23 {
   snat automap
   pool foo
   destination 172.28.19.252:23
   ip protocol 6
   persist source_addr
}
[root@ve10:Active] config  b pool foo list
pool foo {
   members {
      200.200.200.101:23 {}
      200.200.200.111:23 {}
   }
}

initial

[root@ve10:Active] config  b pool foo|grep -i pool\ member
+-&gt; POOL MEMBER foo/200.200.200.101:23   active,unchecked
+-&gt; POOL MEMBER foo/200.200.200.111:23   active,unchecked

[root@ve10:Active] config  b conn server 172.28.19.252
No Conns were found.

[root@ve10:Active] config  b persist
No Persistence Table Entries were found.

telnet to 172.28.19.252

[root@ve10:Active] config  b conn server 172.28.19.252
192.168.206.33:64751 &lt;-&gt; 172.28.19.252:23 &lt;-&gt; 200.200.200.101:23   6 1/0

[root@ve10:Active] config  b persist
PERSISTENT CONNECTIONS
    Type           Virtual                Node
    source addr    172.28.19.252:23   200.200.200.101:23

force node offline

[root@ve10:Active] config  b node 200.200.200.101 down

[root@ve10:Active] config  b pool foo|grep -i pool\ member
+-&gt; POOL MEMBER foo/200.200.200.101:23   inactive,addr down
+-&gt; POOL MEMBER foo/200.200.200.111:23   active,unchecked

check connection table and persistence record

[root@ve10:Active] config  b conn server 172.28.19.252
192.168.206.33:64751 &lt;-&gt; 172.28.19.252:23 &lt;-&gt; 200.200.200.101:23   6 1/0

[root@ve10:Active] config  b persist
PERSISTENT CONNECTIONS
    Type           Virtual                Node
    source addr    172.28.19.252:23   200.200.200.101:23

telnet to 172.28.19.252 (new session)

[root@ve10:Active] config  tcpdump -nni 0.0 port 23
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
12:46:48.131752 IP 192.168.206.33.64752 &gt; 172.28.19.252.23: S 2906823210:2906823210(0) win 8192 
12:46:48.131782 IP 172.28.19.252.23 &gt; 192.168.206.33.64752: S 437456650:437456650(0) ack 2906823211 win 3780 
12:46:48.133808 IP 192.168.206.33.64752 &gt; 172.28.19.252.23: . ack 1 win 260
12:46:48.133863 IP 200.200.200.10.64752 &gt; 200.200.200.111.23: S 3860596109:3860596109(0) win 4380 
12:46:48.134815 IP 200.200.200.111.23 &gt; 200.200.200.10.64752: S 297140567:297140567(0) ack 3860596110 win 5840 
12:46:48.134825 IP 200.200.200.10.64752 &gt; 200.200.200.111.23: . ack 1 win 4380

check connection table and persistence record

[root@ve10:Active] config  b conn server 172.28.19.252
192.168.206.33:64751 &lt;-&gt; 172.28.19.252:23 &lt;-&gt; 200.200.200.101:23   6 1/0
192.168.206.33:64752 &lt;-&gt; 172.28.19.252:23 &lt;-&gt; 200.200.200.111:23   6 1/0

[root@ve10:Active] config  b persist
PERSISTENT CONNECTIONS
    Type           Virtual                Node
    source addr    172.28.19.252:23   200.200.200.111:23

kishore_chennup · Answer

Hi nitass,&nbsp;
&nbsp;
Thanks for the quick reply. I have been advised by a F5 trainer that forcing the node offlline kills all the persistent connections. On the LTM the node states show as below(taken from the GUI)&nbsp;
&nbsp;
Enabled (All traffic allowed)&nbsp;
Disabled (Only persistent or active connections allowed)&nbsp;
Forced Offline (Only active connections allowed) &lt;&lt;&lt; not sure if this means that the persistent connections are taken down.&nbsp;
&nbsp;
So what does forcing a node offline achieve? Also looking at your last output it appears that the active connection is there but the persist record disappeared for node 200.200.101&nbsp;
&nbsp;
[root@ve10:Active] config  b conn server 172.28.19.252&nbsp;
192.168.206.33:64751 &lt;-&gt; 172.28.19.252:23 &lt;-&gt; 200.200.200.101:23 6 1/0&nbsp;
192.168.206.33:64752 &lt;-&gt; 172.28.19.252:23 &lt;-&gt; 200.200.200.111:23 6 1/0&nbsp;
&nbsp;
[root@ve10:Active] config  b persist&nbsp;
PERSISTENT CONNECTIONS&nbsp;
Type Virtual Node&nbsp;
source addr 172.28.19.252:23 200.200.200.111:23 &lt;&lt;&lt; no persist record here. Is it because the timeout value expired?&nbsp;

kishore_chennup · Answer

Its a bit weird because on a 11.2.1 box I forced the node offline and it killed the persist records. Does that mean its  a BUG?

nitass · Answer

no persist record here. Is it because the timeout value expired?it is not timeout. i understand the 200.200.200.101 persistence record is replaced by 200.200.200.111 one. 
&nbsp;  
&nbsp; Its a bit weird because on a 11.2.1 box I forced the node offline and it killed the persist records. Does that mean its a BUG?i think you had better open a support case to verify.

Forum Discussion

Persistent vs Active

4 Replies

Recent Discussions

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

Related Content

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

Decoding the IPv4 address from the persistence cookie

Setting up persistence in F5 XC

Azure Active Directory and BIG-IP APM Integration

F5 Active Standby Node Configuration