Virtual Server /SNAT and Timeout

Actually automap should use one of the LTM's self-ip's, not the vip address, but that doesn't really matter here. What you have done should work. I would try changing the SNAT pool to use a separate IP address and see what happens, if that makes a difference I would consider that a bug.

 

 

9.3.1 is the current maintenance release for the code branch you are using, I would definitely recommend upgrading off 9.2.3 in any case. I'll have a look at the release notes and see if there's anything related to this in there...

 

 

Denny

From the 9.3 release notes:

 

 

Timeout values for SNAT pool members (CR53064)

 

When adding a member to a SNAT pool, the system no longer removes the timeout values that are currently set for the other members of the SNAT pool. Now, the system leaves the timeout values as you set them for the pool members.

 

 

This could apply as well, depending on the PVA settings:

 

 

PVA and timeout values (CR69775, CR70547)

 

In previous releases, the FastL4 profile did not restrict a maximum timeout value; however, the Packet Velocity® ASIC (PVA) daemon could not handle timeout values over certain amounts. (The exact timeout value depends on the PVA version.) When the PVA timeout value was exceeded, idle connections could close prematurely. With this release, if the maximum timeout is exceeded, the system demotes the PVA to Assisted mode, which allows the system to control the timeout value.

 

 

And if you are using OneConnect this might apply:

 

 

Persistent HTTP connections and TMM (CR71998)

 

Now, the system correctly handles persistent HTTP connections on a OneConnect™ virtual server using secure network address translation (SNAT).

 

 

Anyway, definitely worth getting onto the 9.3 maintenance branch.

 

 

Denny

thank you for your reply. I did change the IP address and it didn't change anything. What's interesting is the following:

 

When i disable one of the nodes [web server] then all the requests from the BigIP are redirected to the only web server up and running.

 

 

In that case, the session is not timing out after 5 minutes but after 30 minutes as configured.

 

 

Any clues?

 

Regards

If you have the same issue or came accross the similar proble please help.

 

 

Regards

 

Sounds like it might be this now:

 

Timeout values for SNAT pool members (CR53064)

 

When adding a member to a SNAT pool, the system no longer removes the timeout values that are currently set for the other members of the SNAT pool. Now, the system leaves the timeout values as you set them for the pool members.

 

 

What happens if you swap out pool members so the other one is disabled? 5 min or 30 min timeout?

 

 

/deb

On my SNAT_POOL, I have only one member [one of the LTM self IP] so i manot sure what you indicated is relevant. But i get a 30 minutes timeout if i shut down one the web server on the default pool used by the VIP [i am using source_Addr for the Default Persistence Profile ]

On my SNAT_POOL, I have only one member [one of the LTM self IP] so i manot sure what you indicated is relevant. But i get a 30 minutes timeout if i shut down one the web server on the default pool used by the VIP [i am using source_Addr for the Default Persistence Profile ]

When i disable one of the nodes [web server] then all the requests from the BigIP are redirected to the only web server up and running.

 

 

I meant what happens when you disable the other webserver?

 

 

/d