Forum Discussion

Ray_Hsieh's avatar
Ray_Hsieh
Icon for Nimbostratus rankNimbostratus
Oct 09, 2013

iRule updates TCP idle_timeout but sesstion reset by tcp profile

We have rule as following:

when HTTP_REQUEST {
  if { [HTTP::uri] starts_with "/iap-cds" } {
log local0. "original timeout: [IP::idle_timeout]"
  IP::idle_timeout 7200
log local0. "updated timeout: [IP::idle_timeout]"
  set update_serverside_idle_timeout 1
  pool CDS-DMZ
}
else  {
  set update_serverside_idle_timeout 0
  pool Proxy_dmz
}
}
when SERVER_CONNECTED {
log local0. "original timeout: [IP::idle_timeout]"
  if {[info exists update_serverside_idle_timeout] && $update_serverside_idle_timeout}{
  IP::idle_timeout 7201
log local0. "updated timeout: [IP::idle_timeout]"
    }
}

which indicates that it logs the original timeout and updated timeout when HTTP_REQUEST and SERVER_CONNECTED. When client POST the URI, it hit the virtual server and iRule and we did get these logs on /var/log/ltm. But about 5 minutes later, F5 sent [RST, ACK] to both client and server side to reset the session. The behavior is unexpected our plan and we think that should be triggered by tcp-lan-optimized profile which set idle timeout 300 sec. We are wondering that the iRule shall not be updated by tcp profile. Is that right? Or do we have to modify the tcp profile to specify 7200 second for this virtual server in order to achieve our goal?

The version we used is 11.1.0 HF 10. I did not get any similar issues on the DevCentral. Appreciate for any helps.