Applies To:

Show Versions Show Versions

Manual Chapter: Managing Protocol Profiles
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

16 
For each Protocol profile type, the BIG-IP® Link Controller system provides a pre-configured profile with default settings. In most cases, you can use these default profiles as is. If you want to change these settings, you can configure protocol profile settings when you create a profile, or after profile creation by modifying the profiles settings.
The remainder of this chapter lists the traffic-management settings contained in the Fast L4, TCP, and UDP profiles. For information on configuring other types of profiles, see the following:
The purpose of a Fast L4 profile is to help you manage Layer 4 traffic more efficiently. When you assign a Fast L4 profile to a virtual server, the Packet Velocity ASIC® (PVA) hardware acceleration within the BIG-IP system can process some or all of the Layer 4 traffic passing through the system. By offloading Layer 4 processing to the PVA hardware acceleration, the BIG-IP system can increase performance and throughput for basic routing functions (Layer 4) and application switching (Layer 7).
You can use a Fast L4 profile with these types of virtual servers-- Performance (Layer 4), Forwarding (Layer 2), and Forwarding (IP). Therefore, you can use a Fast L4 profile when you do not need the following traffic management features:
iRulesTM for non-Layer 4 events
You can use the default fastl4 profile as is, or create a custom Fast L4 profile. For your typical needs, most of the default values for the Fast L4 profile settings suffice. The specific settings that you might want to change are Reset on Timeout and Idle Timeout.
Note: Any changes you make to an existing Fast L4 profile take effect on a connection only after the Idle Timeout value has expired or the connection is closed.
Table 16.1 lists and describes the settings of a Fast L4 profile.
This setting specifies the profile that you want to use as the parent profile. Your new profile inherits all non-custom settings and values from the parent profile specified.
If this setting is enabled and a TCP connection exceeds the timeout value for idle connections, the BIG-IP system sends a reset in addition to deleting the connection.
This setting specifies the number of seconds that a connection is idle before the connection is eligible for deletion.
Specify: Specifies the acceptable duration for a TCP handshake, that is, the maximum idle time between a client SYN and a client ACK. If the TCP handshake takes longer than the timeout, the system automatically closes the connection.
Disabled: Specifies that the system does not apply a timeout to a TCP handshake.
Indefinite: Specifies that the acceptable duration for a TCP handshake is indefinite.
Disabled: Specifies that you want the maximum segment size to remain at 1460.
Specify. Permits you to override the maximum segment size (1460) by specifying a number. Note that specifying a 0 value is equivalent to retaining the default value (Disabled).
This setting specifies the Type of Service level that the BIG-IP system assigns to UDP packets when sending them to clients.
This setting specifies the Type of Service level that the BIG-IP system assigns to UDP packets when sending them to servers
This setting specifies the Quality of Service level that the BIG-IP system assigns to UDP packets when sending them to clients.
This setting specifies the Quality of Service level that the BIG-IP system assigns to UDP packets when sending them to servers.
Specifies the action that the BIG-IP system should take on TCP timestamps. Possible values are: Preserve, Strip, and Rewrite.
Specifies the action that the BIG-IP system should take on TCP windows. Possible values are: Preserve, Strip, and Rewrite.
Enables the BIG-IP system to generate its own sequence numbers for SYN packets, according to RFC 1948. When enabled, this setting allows timestamp recycling.
Enables the BIG-IP system to block a TCP SackOK option from passing to the server on an initiating SYN.
Specifies that the BIG-IP system should use TCP timestamp options to measure the round-trip time to the client.
Specifies that the BIG-IP system should use TCP timestamp options to measure the round-trip time to the server.
Specifies, when checked (enabled), that the system initializes a connection when it receives any TCP packet, rather that requiring a SYN packet for connection initiation. The default is disabled. We recommend that if you enable the Loose Initiation setting, you also enable the Loose Close setting.
Important: Enabling loose initiation can permit stray packets to pass through the system. This can pose a security risk and reduce system performance.
Specifies, when checked (enabled), that the system closes a loosely-initiated connection when the system receives the first FIN packet from either the client or the server.
Specifies the length of time in seconds that a connection can remain idle before deletion, once the system receives a CLOSE packet for that connection. The TCP Close Timeout value must be less than the Idle Timeout value. Also, the TCP Close Timeout value is valid only if you enable the Loose Initiation or the Loose Close settings.
A TCP profile is a configuration tool that helps you to manage TCP network traffic. Many of the configuration settings of a TCP profile are standard SYSCTL types of settings, while others are unique to the BIG-IP system. You can implement this profile as is, or you can change the value of the settings to suit your needs.
You can use the default tcp profile as is, or create a custom TCP profile. Table 16.2 lists and describes the settings of a TCP profile.
Specifies the profile that you want to use as the parent profile. Your new profile inherits all non-custom settings and values from the parent profile specified.
If this setting is enabled and a TCP connection exceeds the timeout value for idle connections, sends a reset in addition to deleting the connection.
Enabled (Checked)
Enabled (Checked)
Enabled (Checked)
Advertises an option (such as timestamps) to the server only if it was negotiated with the client.
Specifies the number of seconds that a connection is idle before the connection is eligible for deletion.
Specifies the number of milliseconds that a connection is in a TIME-WAIT state before entering the CLOSED state.
Specifies the number of seconds that a connection is in the FIN-WAIT or CLOSING state before quitting. A value of 0 represents a term of forever (or until the metrics of the FIN state).
Specifies the number of seconds that a connection remains in a LAST-ACK state before quitting. A value of 0 represents a term of forever (or until the metrics of the FIN state).
Specifies the maximum number of retransmissions of SYN segments that the BIG-IP system allows.
Maximum Segment Retransmissions
Specifies the maximum number of retransmissions of data segments that the BIG-IP system allows.
Specifies the Type of Service level that the BIG-IP system assigns to TCP packets when sending them to clients.
Specifies the Quality of Service level that the BIG-IP system assigns to TCP packets when sending them to clients.
Specifies, when checked (enabled), that the system processes data using selective ACKs whenever possible, to improve system performance.
Enabled (Checked)
Specifies, when checked (enabled), that the system uses the TCP flags CWR and ECE to notify its peer of congestion and congestion counter-measures.
Specifies, when checked (enabled), that the system uses the timestamp and window scaling extensions for TCP (as specified in RFC 1323) to enhance high-speed network performance.
Enabled (Checked)
Specifies, when checked (enabled), that the system uses limited transmit recovery revisions for fast retransmits (as specified in RFC 3042) to reduce the recovery time for connections on a lossy network.
Enabled (Checked)
Specifies, when checked (enabled), that the system uses larger initial window sizes (as specified in RFC 3390) to help reduce round trip times.
Enabled (Checked)
Specifies, when checked (enabled), that the system defers allocation of the connection chain context until the system has received the payload from the client. Enabling this setting is useful in dealing with 3-way handshake denial-of-service attacks.
Specifies, when checked (enabled), that the system attempts to calculate the optimal bandwidth to use to the client, based on throughput and round-trip time, without exceeding the available bandwidth.
Enabled (Checked)
Specifies, when checked (enabled), that the system applies Nagle's algorithm to reduce the number of short segments on the network. The default setting is disabled. Note that enabling this setting for interactive protocols such as telnet may cause degradation on high-latency networks.
Enabled (Checked)
Specifies, when enabled, significantly improved performance to Windows® and MacOS peers who are writing out on a very small send buffer.
Specifies, when enabled, to use RFC2385 TCP-MD5 signatures to protect TCP traffic against intermediate tampering.
Specifies, when enabled, a plaintext passphrase which may be between 1 and 80 characters in length, and is used in a shared-secret scheme to implement the spoof-prevention parts of RFC2385.
For most of the TCP profile settings, the default values usually meet your needs. However, if the link that clients are using to access the virtual server is slow, or if server response time exceeds the request time of clients, you can increase the content spooling settings of the profile:
Increasing the byte values of the these settings increases the amount of data that the BIG-IP system can buffer while waiting for a specific connection to accept that data.
Note: If you are using a TCP profile in a test environment, you can improve performance by disabling the Slow Start, Bandwidth Delay, and Nagles Algorithm settings.
The UDP profile is a configuration tool for managing UDP network traffic. Table 16.3 lists and describes the settings of a UDP profile.
This setting specifies the profile that you want to use as the parent profile. Your new profile inherits all non-custom settings and values from the parent profile specified.
This setting specifies the number of seconds that a connection is idle before the connection flow is eligible for deletion.
This setting specifies the Type of Service level that the BIG-IP system assigns to UDP packets when sending them to clients.
This setting specifies the Quality of Service level that the BIG-IP system assigns to UDP packets when sending them to clients.
This setting specifies, when checked (enabled), that the system load balances UDP traffic packet-by-packet.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)