Tuesday 3 September 2019

What is Connection Reaping in F5 LTM

--> LTM maintains server-side and client-side entries in the connection table.

--> Every connection to Virtual Server/NAT/SNAT the F5 LTM is going to allocate some memory/resources for the connection.

--> If the number of connection entries gets more then it consumes total system resources of F5.

--> TCP connections have connection open/close sequence so they can be removed automatically or manually from the connection table.

--> UDP connection does not have connection open/close sequence ( Three-Way Handshake) such as TCP does.

--> F5 LTM depends upon idle timeouts for UDP Connections.

--> Connection reaping is the method of removing the connection entries in the connection table which were inactive for a long time.

--> Connection reaping allows the F5 LTM to use the system resources in an effective manner.

--> Connection reaping allows the F5 LTM to use the system resources only on active connections rather than inactive connections.

--> Idle time out value effects how F5 LTM is going to implement connection reaping.

--> SNAT automap replaces the source IP of a server-side connection with its self IP/ FLoating Self IP address.

--> Following are the idle timeouts that can be changeable on F5 LTM.

UDP Profile ---> 60 Seconds ( Default)

TCP Profile ---> 300 Seconds ( Default)

Fast L4 Profile --> 300 Seconds ( Default)

Fast HTTP Profile --> 300 Seconds ( Default)

SCTP Profile ---> 300 Seconds ( Default)

--> The connection reaping feature allows the BIG-IP system to aggressively close the connections when the system memory utilization reaches the low-water mark, and stop establishing new connections when the system memory utilization reaches the high-water mark percentage.

--> The sweeper is the component within the Traffic Management Microkernel (TMM) core that watches for expired connection flows and responds to resource exhaustion by closing connection flows.

Low Water Mark: BIG IP LTM is going to remove the inactive connections.

High Water Mark: BIG IP LTM does not allow new connections to the system till the value reaches to lower water mark.

--> Adaptive reaping events are logged in the /var/log/ltm file.

--> The system comes with a default eviction policy named default-eviction-policy.

--> The default eviction policy uses values of 85% for low-water and 95% for high-water, and has the Bias Idle and Bias Oldest algorithms selected. You should not modify the values of a default policy.

--> If you want non-default values, you should create a custom eviction policy ( System --> Configuration --> Local Traffic --> Eviction Policy List). 

Reference:

https://support.f5.com/csp/article/K15740

No comments:

Post a Comment

iRule

  iRule: -- o iRule is a powerful and flexible feature within the BIG-IP local traffic management (LTM). o IRule is a powerful & flexibl...