F5 Basic Tasks

I’ll try to add to this post some of the F5 tuning settings you can configure for specific tasks.

One thing to keep in mind, a “session” is when you have multiple transactions between the same client and server’s established TCP connection. There will be multiple TCP connections through the same session in which case session persistence is required to maintain a session.

The first thing I want to talk about are the setting under the pools “Action on Service Down“. You have four options here: Reject, Drop, Reselect, & None.

The F5 will cut any active connection by sending an RST to both the server and client immediately AFTER a pool member transitions to a DOWN state. It will remove the connection from the LTM connection table. So, it basically closes both sides of the connection DOWN. Since it forces the client sides connection to close, it’s the quickest option to close sessions down.

The F5 will silently drop any new client packets sent on established connection. The connection remains up until:

1. The LTM idle timer related to the connection times out
2. either side closes the connection

The F5 will choose another pool member if there’s one available and reestablish a connection. You want to use this when the client can continue with a new server. Just remember the request at the time of the switchover will be lost.

None (Default)
The F5 will keep sending data on established connections as long the client is sending, and the server is responding. Use this when you don’t want the F5 to intervene on either side of the connection.

Another setting I’d like to point out is a setting people use when they want to “remove” a node from a cluster to do maintenance or some other task. I quote remove because you’re not physically removing it from the cluster, but it will stop receiving traffic and not participate in the cluster.

These two options are in the Nodes tab and those are “Disable” and “Force Offline“. One note is that you want to do this at the node level because that node could be tied to different Pools. You’ll notice you can also do this at the Pool level. If you do it at the Pool level, you’ll have to do for each Pool. This is not efficient so it’s better to do it at the Node level.

So, what does each do?

Connections that are already established and everything in the persistence table will continue to process. New connections will be accepted only if the connection belongs to an existing persistence session.

Forced Offline:
F5 continues to manage connections already established only.
Only connection that already established will stayed connected until they time out. NO new connections are allowed.

In both cases, the F5 will remove the connections but the second will remove them quicker.

More Stories
Cisco ASA VPN Tunnel Encaps Decaps