Forum Discussion
1 Reply
- Hannes_RappNimbostratus
The timeout values as set in TCP profile matter. You may consider SNAT idle timeout values as pseudo-configuration that can be ignored at all times. A bit overstated, but you really can use whatever (i.e. default) SNAT timeout value you like, regardless of the TCP/UDP timeout you want.
-
Considering a scenario when SNAT timeout is exceeded and TCP timeout is not exceeded, the TCP session for the client can resume without interruption. F5 will just insert a new SNAT record to its table. Apart from a micro-delay, there's no impact to customer. Just don't set the SNAT idle timeout value too low (i.e. 1 or 2 seconds) as this will increase your CPU usage due to repetitive insertions and removals of SNAT records.
-
Assuming default settings, if a TCP profile timeout is exceeded, F5 will respond with TCP/RST in an attempt to hear back from client or server.
FYI: The indefinite SNAT timeout configuration is silently capped to 300 seconds. So in reality all SNAT records have a finite timeout value after which they will be removed.
-