Applies To:

Show Versions Show Versions

Manual Chapter: Managing Protocol Profiles
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Some of the BIG-IP® Local Traffic ManagerTM profiles that you can configure are known as protocol profiles. The protocol profiles types are:
For each protocol profile type, the BIG-IP system provides a pre-configured profile with default settings. In most cases, you can use these default profiles as is. If you want to change these settings, you can configure protocol profile settings when you create a profile, or after profile creation by modifying the profiles settings.
The remainder of this chapter lists the traffic-management settings contained in the Fast L4, Fast HTTP, HTTP Class, TCP, UDP, and SCTP profiles. For information on configuring other types of profiles, see the following chapters:
For information on the OneConnectTM, NTLM, Statistics, and Stream profiles, see Chapter 12, Using Additional Profiles.
The purpose of a Fast L4 profile is to help you manage Layer 4 traffic more efficiently. When you assign a Fast L4 profile to a virtual server, the Packet Velocity® ASIC (PVA) hardware acceleration within the BIG-IP system can process some or all of the Layer 4 traffic passing through the system. By offloading Layer 4 processing to the PVA hardware acceleration, the BIG-IP system can increase performance and throughput for basic routing functions (Layer 4) and application switching (Layer 7).
You can use a Fast L4 profile with these types of virtual servers: Performance (Layer 4), Forwarding (Layer 2), and Forwarding (IP).
You can use the default fastl4 profile as is, or create a custom Fast L4 profile. For your typical needs, most of the default values for the Fast L4 profile settings suffice. The specific settings that you might want to change are Reset on Timeout and Idle Timeout.
Note: Any changes you make to an existing Fast L4 profile take effect on a connection only after the Idle Timeout value has expired or the connection is closed.
Table 8.1 lists and describes the settings of a Fast L4 profile.
This setting specifies the profile that you want to use as the parent profile. Your new profile inherits all non-custom settings and values from the parent profile specified.
If this setting is enabled and a TCP connection exceeds the timeout value for idle connections, the BIG-IP system sends a reset in addition to deleting the connection.
This setting specifies the number of seconds that a connection is idle before the connection is eligible for deletion. For background information on setting idle timeout values, see Chapter 1, Introducing Local Traffic Manager.
Specify: Specifies the acceptable duration for a TCP handshake, that is, the maximum idle time between a client SYN and a client ACK. If the TCP handshake takes longer than the timeout, the system automatically closes the connection.
Disabled: Specifies that the system does not apply a timeout to a TCP handshake.
Indefinite: Specifies that the acceptable duration for a TCP handshake is indefinite.
Disabled: Specifies that you want the maximum segment size to remain at 1460.
Specify. Permits you to override the maximum segment size (1460) by specifying a number. Note that specifying a 0 value is equivalent to retaining the default value (Disabled).
This setting specifies the maximum acceleration mode that you prefer the system to use. Note that depending on the virtual server configuration, the system might or might not accelerate traffic in this mode. (For more information, see Configuring PVA hardware acceleration.) Possible values are Full, Assisted, or None. Additional information on this setting follows this table.
This setting specifies the Type of Service level that the BIG-IP system assigns to IP packets when sending them to clients.
This setting specifies the Type of Service level that the BIG-IP system assigns to IP packets when sending them to servers
This setting specifies the Quality of Service level that the BIG-IP system assigns to IP packets when sending them to clients.
This setting specifies the Quality of Service level that the BIG-IP system assigns to IP packets when sending them to servers.
Specifies the action that the BIG-IP system should take on TCP timestamps. Possible values are: Preserve, Strip, and Rewrite.
Specifies the action that the BIG-IP system should take on TCP windows. Possible values are: Preserve and Strip.
Enables the BIG-IP system to generate its own sequence numbers for SYN packets, according to RFC 1948.
Enables the BIG-IP system to block a TCP SackOK option from passing to the server on an initiating SYN.
Specifies that the BIG-IP system should use TCP timestamp options to measure the round-trip time to the client.
Specifies that the BIG-IP system should use TCP timestamp options to measure the round-trip time to the server.
Specifies, when checked (enabled), that the system initializes a connection when it receives any TCP packet, rather that requiring a SYN packet for connection initiation. The default is disabled. We recommend that if you enable the Loose Initiation setting, you also enable the Loose Close setting.
Important: Enabling loose initiation can permit stray packets to pass through the system. This can pose a security risk and reduce system performance.
Specifies, when checked (enabled), that the system closes a loosely-initiated connection when the system receives the first FIN packet from either the client or the server.
Specifies the length of time in seconds that a connection can remain idle before deletion, once the system receives a CLOSE packet for that connection. The TCP Close Timeout value must be less than the Idle Timeout value. Also, for the TCP Close Timeout value to be valid, you must have the Loose Close setting enabled.
Enables or disables hardware SYN cookie protection when PVA10 is present on the system. This feature is available on certain hardware platforms only.
Enables or disables software SYN cookie protection when PVA10 is not present on the system.
Once you implement a Fast L4 profile, the BIG-IP system automatically selects the most efficient PVA hardware acceleration mode for Layer 4 traffic. Possible modes are Full, Assisted, and None.
The Fast L4 profile settings
The mode that the BIG-IP selects is influenced by the way that you configure the settings of the Fast L4 profile.
The virtual server configuration
The mode that the BIG-IP system selects is influenced by the specific features that you assigned to the virtual server (such as pools, SNAT pools, and iRules®).
A monitor assigned to associated nodes
For full PVA acceleration, you must assign monitors to the relevant nodes.
The value of the PVA Acceleration setting
The PVA Acceleration setting in the Fast L4 profile defines the maximum amount of hardware acceleration that you want to allow, for Layer 4 traffic passing through the virtual server. Therefore, if you set the value to:
Full: The system can set hardware acceleration to any of the three modes (Full, Assisted, or None), depending on the virtual server configuration. This is the default value.
Assisted: The system can set hardware acceleration to either Assisted or None mode, depending on the virtual server configuration.
None: The system does not perform hardware acceleration.
One reason that you might want to set the maximum hardware acceleration setting to less than Full is for viewing connections with the bigpipe conn show command. This command only shows Layer 4 connections when the hardware acceleration mode is set to Assisted or None. If the mode is set to Full, the bigpipe conn show command shows no Layer 4 connections.
Depending on the current mode to which hardware acceleration is automatically set, the BIG-IP system accelerates Layer 4 traffic as described in Table 8.2.
Important: If you have a VLAN group configured on the BIG-IP system and its Transparency Mode setting is set to Translucent or Transparent, the BIG-IP system automatically sets the PVA Acceleration value to None.
The hardware acceleration processes all Layer 4 traffic. Layer 4 traffic is not managed through the use of BIG-IP software features. In this case, the BIG-IP system treats client-side and server-side packets as part of the same connection.
An example of using hardware acceleration in Full mode is when you want to load balance Layer 4 traffic to two servers, using the Round Robin load balancing method, with no session persistence or iRules.
The BIG-IP system load balances all SYN packets, while the hardware acceleration assists with the remaining packets, including the tearing down of connections.
The Fast HTTP profile is a configuration tool designed to speed up certain types of HTTP connections. This profile combines selected features from the TCP, HTTP, and OneConnect profiles into a single profile that is optimized for the best possible network performance. When you associate this profile with a virtual server, the virtual server processes traffic packet-by-packet, and at a significantly higher speed.
You do not need features such as remote server authentication, SSL traffic management, and TCP optimizations, nor HTTP features such as data compression, pipelining, and RAM Cache.
The destination servers support connection persistence, that is, HTTP/1.1, or HTTP/1.0 with Keep-Alive headers. Note that IIS servers support connection persistence by default.
You need basic iRule support only (such as limited Layer 4 support and limited HTTP header operations). For example, you can use the iRule events CLIENT_ACCEPTED, SERVER_CONNECTED, and HTTP_REQUEST.
A significant benefit of using a Fast HTTP profile is the way in which the profile supports connection persistence. Using a Fast HTTP profile ensures that for client requests, the BIG-IP system can transform or add an HTTP Connection header to keep connections open. Using the profile also ensures that the BIG-IP system pools any open server-side connections. This support for connection persistence can greatly reduce the load on destination servers by removing much of the overhead caused by the opening and closing of connections. For more information on HTTP header transformation, see Chapter 6, Managing Application-Layer Traffic. For more information on the pooling of server-side connections, see Chapter 12, Using Additional Profiles.
You can use the default fasthttp profile as is, or create a custom Fast HTTP profile. Table 8.3 lists and describes the settings of the Fast HTTP profile.
Specifies the profile that you want to use as the parent profile. Your new profile inherits all non-custom settings and values from the parent profile specified.
Specifies, when checked (enabled), that the system sends a TCP RESET packet when a connection times out, and deletes the connection.
This setting specifies the number of seconds that a connection is idle before the connection flow is eligible for deletion because it has no traffic. Possible values are: Specify, Immediate, and Indefinite. For background information on setting idle timeout values, see Chapter 1, Introducing Local Traffic Manager.
Specifies a maximum segment size (MSS) override for server-side connections. The default setting is 0, which corresponds to an MSS of 1460. To override this size, you can specify any integer between 536 and 1460.
Specifies the number of seconds after which the system closes a client connection, when the system either receives a client FIN packet or sends a FIN packet to the client. This setting overrides the Idle Timeout setting. Possible values are: Specify, Immediate, and Indefinite. For more information, see the online help.
Specifies the number of seconds after which the system closes a client connection, when the system either receives a server FIN packet or sends a FIN packet to the server. This setting overrides the Idle Timeout setting. Possible values are: Specify, Immediate, and Indefinite. For more information, see the online help.
Specifies how the system handles closing connections. Possible values are: Disabled, Enabled, and Fast. For more information, see the online help.
Specifies, when checked (enabled), that the server sends responses to clients in the HTTP/1.0 format. This effectively disables client chunking and pipelining.
Specifies the maximum number of connections a load balancing pool can accept. A setting of 0 specifies that there is no maximum; that is, a pool can accept an unlimited number of connections.
Specifies the minimum number of connections that a load balancing pool can accept. A setting of 0 specifies that there is no minimum.
Specifies the increment in which the system makes additional connections available, when all available connections are in use.
Specifies the number of seconds after which a server-side connection in a pool is eligible for deletion, when the connection has no traffic. This setting overrides the Idle Timeout setting. Possible values are: Specify, Disabled, and Indefinite. For more information, see the online help.
Specifies whether the BIG-IP system should maintain a steady-state maximum number of back-end connections. If you disable this setting, the system does not keep a steady-state maximum of connections to the back end, unless the number of connections to the pool drops below the value specified in the Minimum Pool Size setting.
Specifies, when checked (enabled), that the system parses the HTTP data in the connection stream. Note that if you are using a Fast HTTP profile for non-HTTP traffic, you should disable this setting to shield against dynamic denial-of-service (DDOS) attacks.
Specifies the maximum amount of HTTP header data that the system buffers before making a load balancing decision.
Specifies the maximum number of requests that the system allows for a single client-side connection. When the specified limit is reached, the final response contains a Connection: close header is followed by the closing of the connection. The default setting of 0 means that the system allows an infinite number of requests per client-side connection.
Specifies whether the system inserts the XForwarded For: header in an HTTP request with the client IP address, to use with connection pooling. Possible settings are Enabled and Disabled. For more information, see the online help.
Specifies a string that the system inserts as a header in an HTTP request. If the header exists already, the system does not replace it.
When writing iRules, you can specify a number of events and commands that the Fast HTTP profile supports. For more information about these iRule events and commands, see the DevCentral web site http://devcentral.f5.com, as well as Chapter 17, Writing iRules.
An HTTP Class profile is a configuration tool that you can use to classify HTTP traffic. When you classify traffic, you forward traffic to a destination based on an examination of traffic headers or content. Use of an HTTP Class profile is an efficient way for the BIG-IP system to classify traffic based on criteria that you specify. Although you can perform these same traffic-classification functions using the iRules feature, using an HTTP Class profile simplifies this process.
The destination you specify can be either a load balancing pool or a URL. To classify HTTP traffic, you configure an HTTP Class profile to specify strings that match a list type. The list types that you can use for string matching are:
Note that list types are case-sensitive for pattern strings. For example, the system treats the pattern string www.f5.com differently from the pattern string www.F5.com. You can override this case-sensitivity by using the Linux regexp command.
Once the BIG-IP system matches the string to the corresponding list type, the system can send the traffic to a pool that you specify. Alternatively, you can create an HTTP Class profile that forwards a client request from the targeted HTTP virtual server to an HTTPS virtual server instead of to a pool.
You can use the default httpclass profile as is, or create a custom HTTP Class profile. Table 8.4, lists and describes the settings of an HTTP Class profile.
Specifies the profile that you want to use as the parent profile. Your new profile inherits all non-custom settings and values from the parent profile specified.
Specifies that you want a virtual server to forward traffic to the Application Security Manager application. In this case, the HTTP Class profile is the equivalent of an Application Security Manager application security class. This setting appears only when Application Security Manager is licensed on the BIG-IP system.
Specifies that you want a virtual server to forward traffic to the WebAcceleratorTM application. This setting appears only when WebAccelerator is licensed on the BIG-IP system.
Specifies whether the host names used as criteria for routing HTTP requests constitute all hosts or individual hosts that you specify. A value of Match All directs the system to forward HTTP requests from all hosts. A value of Match Only directs the system to forward HTTP requests based on only those hosts you specify.
Specifies individual host names to be used as criteria for routing HTTP requests. Using the Entry Type list, you must also identify each host name as either a pattern string or a regular expression. This setting appears only when the value of Hosts is Match Only.
Note: When you use pattern strings, this list type is case-sensitive. For more information, see Configuring an HTTP Class profile.
Specifies whether the URIs used as criteria for routing HTTP requests constitute all URIs or individual URIs that you specify. A value of Match All directs the system to forward HTTP requests from all URIs. A value of Match Only directs the system to forward HTTP requests based on only those URIs you specify.
Specifies individual URI paths to be used as criteria for routing HTTP requests. Using the Entry Type list, you must also identify each URI as either a pattern string or a regular expression. This setting appears only when the value of URI Paths is Match Only.
Note: When you use pattern strings, this list type is case-sensitive. For more information, see Configuring an HTTP Class profile.
Specifies whether the headers and their values, used as criteria for routing HTTP requests constitute all headers or individual headers that you specify. A value of Match All directs the system to forward HTTP requests based on all headers. A value of Match Only directs the system to forward HTTP requests based on only those headers you specify.
Specifies individual headers and their values that the BIG-IP system uses as criteria for routing HTTP requests. Using the Entry Type list, you must also identify each header as either a pattern string or a regular expression. This setting appears only when the value of Headers is Match Only.
Note: When you use pattern strings, this list type is case-sensitive. For more information, see Configuring an HTTP Class profile.
Specifies whether cookies used as criteria for routing those requests constitute all cookies or individual cookies that you specify. A value of Match All directs the system to forward HTTP requests based on all cookies. A value of Match Only directs the system to forward HTTP requests based on only those cookies you specify.
Specifies individual cookies to be used as criteria for routing HTTP requests. Using the Entry Type list, you must also identify each cookie as either a pattern string or a regular expression. This setting appears only when the value of Cookies is Match Only.
Note: When you use pattern strings, this list type is case-sensitive. For more information, see Configuring an HTTP Class profile.
Specifies the name of the pool to which you want to send classified traffic. This setting appears only when the value of the Send To setting is Pool.
Specifies the URI to which the system should send the traffic. You use this setting when you want the profile to redirect the client request from an HTTP virtual server to an HTTPS virtual server, instead of to a pool. For example, you can create an HTTP virtual server with the URL http://siterequest/, to listen on port 80. You can then assign an HTTP Class profile to the virtual server, to redirect client requests to the HTTPS virtual server, https://siterequest/. Note that the string you specify can be a Tcl expression, such as https://[HTTP::host][HTTP::uri].
Specifies the TCL expression that the system uses to rewrite the request URI that is forwarded to the server without sending an HTTP redirect to the client. Note that if you use static text for this setting instead of a TCL expression, the system maps the specified URI for every incoming request. Also, you cannot use this setting if the value of the Send To setting is Redirect To.
If the BIG-IP system includes the Application Security Manager or WebAccelerator system, you can configure the system to send HTTP traffic to that module before sending the traffic to its final destination. For example, you can use an HTTP Class profile to instruct a virtual server to send traffic through Application Security Manager before forwarding the traffic to a load balancing pool.
You can create an HTTP Class profile from the Local Traffic section of the Configuration utility or from within the Application Security Manager or WebAccelerator system. Note that when you classify traffic from within Application Security Manager, the HTTP Class profile is known as an application security class.
If you create the profile (or application security class) from within a module, the module is already enabled by default. Conversely, if you create an HTTP Class profile using the Local Traffic section of the Configuration utility, you must explicitly enable the Application Security or WebAccelerator setting from within the profile. If you do not explicitly enable this setting, you effectively disable the module for the associated virtual server.
For more information on configuring Application Security Manager application security classes and WebAccelerator HTTP Class profiles, see these documents:
Configuration Guide for BIG-IP® Application Security Management
Configuration Guide for the BIG-IP® WebAcceleratorTM System
TCP profiles are configuration tools that help you to manage TCP network traffic. Many of the configuration settings of TCP profiles are standard SYSCTL types of settings, while others are unique to the BIG-IP system.
TCP profiles are important because they are required for implementing certain types of other profiles. For example, by implementing TCP, HTTP, and OneConnect profiles, along with a persistence profile and a remote authentication profile, you can take advantage of these traffic management features:
The BIG-IP system contains three specific TCP profiles: the default TCP profile (tcp), and two custom TCP profiles (tcp-lan-optimized, and tcp-wan-optimized) that F5 Networks has created for you. You can implement any one of these profiles as is, or you can change the value of the settings to suit your needs.
You can use the default tcp profile as is, or create a custom TCP profile. Table 8.5 lists and describes the settings of a TCP profile.
Specifies the profile that you want to use as the parent profile. Your new profile inherits all non-custom settings and values from the parent profile specified.
If this setting is enabled and a TCP connection exceeds the timeout value for idle connections, sends a reset in addition to deleting the connection.
Enabled (Checked)
Enabled (Checked)
Advertises an option (such as timestamps) to the server only if it was negotiated with the client.
Specifies the number of seconds that a connection is idle before the connection is eligible for deletion. For background information on setting idle timeout values, see Chapter 1, Introducing Local Traffic Manager.
Specifies the length of time, in milliseconds, that the TCP connection can receive zero-length window probes before the system closes the connection. The timer starts when an effective window size becomes zero, and stops when the window size becomes greater than zero. If the timer elapses, the connection is terminated. This setting is useful for handling slow clients with small buffers, such as cell phones.
Specify: Specifies a number of milliseconds that the TCP connection can receive zero-length window probes before the system closes the connection.
Indefinite: Specifies that the system does not delete TCP connections based on zero-length window.
Specifies the number of milliseconds that a connection is in a TIME-WAIT state before entering the CLOSED state.
Specifies the number of seconds that a connection is in the FIN-WAIT or CLOSING state before quitting. A value of 0 represents a term of forever (or until the metrics of the FIN state).
Specifies the number of seconds that a connection remains in a LAST-ACK state before quitting. A value of 0 represents a term of forever (or until the metrics of the FIN state).
Causes the BIG-IP system to keep alive the probe interval, which is specified in seconds.
Maximum SYN Retransmissions
Specifies the maximum number of retransmissions of SYN segments that the BIG-IP system allows.
Maximum Segment Retransmissions
Specifies the maximum number of retransmissions of data segments that the BIG-IP system allows.
Specifies the Type of Service level that the BIG-IP system assigns to TCP packets when sending them to clients.
Specifies the Quality of Service level that the BIG-IP system assigns to TCP packets when sending them to clients.
Specifies, when checked (enabled), that the system processes data using selective ACKs whenever possible, to improve system performance. Enabling this setting improves packet flow in a lossy network because the system can acknowledge successfully received packets out of order. This is a negotiated option and is automatically disabled if not supported by a peer.
Note: F5 recommends that you use the default value.
Specifies, when checked (enabled), that the system uses the TCP flags CWR (congestion window reduction) and ECE (ECN-Echo) to notify its peer of congestion and congestion counter-measures.
Note: F5 recommends that you use the default setting. When enabled, this setting can interfere with overall congestion calculations. The setting also allows for potential security issues, whereby an intermediate device can stimulate poor performance by spoofing CWR packets.
Extensions for High Performance (RFC 1323)
Specifies, when checked (enabled), that the system uses the timestamp and window scaling extensions for TCP (as specified in RFC 1323) to enhance high-speed network performance. These options are used to help calculate the round trip time, as well as the available resources on a peer. They are fundamentally linked with congestion control. Also, these options are normally negotiated, and you should not need to disable them unless a network device or peer does not implement them correctly.
Specifies, when checked (enabled), that the system uses limited transmit recovery revisions for fast retransmits (as specified in RFC 3042), to reduce the recovery time for connections on a lossy network. Enabling this setting allows TCP to temporarily stretch the congestion window when first receiving a duplicate ACK packet. This in turn allows for faster retransmissions and a quicker recovery from the small congestion window. With this setting enabled, the aggressive transmit behavior is limited to the recovery period.
Specifies, when checked (enabled), that the system uses larger initial window sizes (as specified in RFC 3390) to help reduce round trip times. The setting ramps up the amount of data transmitted to a peer over a period of time. Enabling this setting avoids sudden and excessive congestion on the link. Also, the congestion metrics cache might provide historical data about the peer, allowing the slow start to be jump started.
If you disable this setting, the system initializes the congestion window to the maximum window scale and attempts to transmit as much data as possible until congestion occurs. Consequently, in networks with unlimited bandwidth (such as directly-connected local peers), more data can initially be transmitted.
Specifies, when checked (enabled), that the system defers allocation of the connection chain context until the system has received the payload from the client. Enabling this setting is useful in dealing with 3-way handshake denial-of-service attacks.
When enabled, verifies that a server is available to accept the connection (by actually sending the server a SYN) before responding to the client's SYN with a SYN-ACK. (Normally, the BIG-IP system accepts the client's connection before selecting a server with which to communicate.)
Specifies, when checked (enabled), that the system attempts to calculate the optimal bandwidth to use to the client, based on throughput and round-trip time, without exceeding the available bandwidth.
Specifies, when checked (enabled), that the system applies Nagle's algorithm to reduce the number of short segments on the network. When the system receives packets that are less than the maximum segment size (MSS), the packets are coalesced until the peer has sent the ACK packet for the previous segment. This helps to reduce congestion by creating fewer packets on the network.
Note that enabling this setting for interactive protocols such as Telnet might cause degradation on high-latency networks.
Specifies, when enabled, significantly improved performance to Windows® and Mac OS peers who are writing out on a very small send buffer.
Specifies, when enabled, to use RFC2385 TCP-MD5 signatures to protect TCP traffic against intermediate tampering.
Specifies, when enabled, a plaintext passphrase which may be between 1 and 80 characters in length, and is used in a shared-secret scheme to implement the spoof-prevention parts of RFC2385.
Specifies the congestion control mechanism that the BIG-IP system is to use. Possible values are:
None--No congestion control algorithm implemented. With you choose this value, any congestion will result in lost packets and potentially long recovery stalls during large data transfers.
High Speed--A more aggressive, loss-based algorithm. This algorithm improves on the behavior of the New Reno algorithm by progressively switching from the New Reno algorithm to the Scalable algorithm, based on the size of the congestion window. This allows the algorithm to make more aggressive changes when the window is small and make more conservative changes when the window is already large.
New Reno--A modification to the Reno algorithm that responds to partial acknowledgements when selective acknowledgements (SACKs) are unavailable. This algorithm sends missing data and exits the recovery period more aggressively than does the Reno algorithm. The New Reno algorithm produces reasonable results for scaling the window in mixed environments.
Reno--An implementation of the TCP Fast Recovery algorithm, based on the implementation in the BSD Reno release. During the slow-start period, this algorithm initially increases the congestion window exponentially.
Scalable--A TCP algorithm modification that adds a scalable, delay-based and loss-based component into the Reno algorithm. This algorithm improves on the behavior of the New Reno algorithm. The algorithm is more tolerant of partial losses; it cuts back and increases the congestion window more conservatively.
Specifies, when checked (enabled), that the system uses a cache for storing congestion metrics. Subsequently, because these metrics are already known and cached, the initial slow-start ramp for previously-encountered peers improves.
Increases the congestion window by basing the increase amount on the number of previously unacknowledged bytes that each ACK covers.
Note: F5 recommends that you use the default setting. When this setting is disabled, in situations with lost ACK packets, the congestion window remains small for a longer period of time.
Specifies the use of the Selective ACKs (SACK) option to acknowledge duplicate segments. If a peer does not send duplicate segments, the system disables SACK processing altogether. Note that when enabled, this setting requires more processing, to always populate the SACK with all duplicate segments.
Specifies the threshold of packets lost per million at which the system performs congestion control. Valid values range from 0 to 1,000,000. The default is 0, meaning the system performs congestion control if any packet loss occurs. If you set the ignore rate to 10 and packet loss for a TCP connection is greater than 10 per million, congestion control occurs.
Specifies the probability of performing congestion control when multiple packets are lost, even if the value of the Packet Lost Ignore Rate setting was not exceeded. Valid values range from 0 to 4,294,967,295. A value of 0 means that the system performs congestion control if any packets are lost. Higher values decrease the chance of performing congestion control.
For most of the TCP profile settings, the default values usually meet your needs. However, if the link that clients are using to access the virtual server is slow, or if server response time exceeds the request time of clients, you can increase the content spooling settings of the profile:
Increasing the byte values of the these settings increases the amount of data that the BIG-IP system can buffer while waiting for a specific connection to accept that data.
Note: If you are using a TCP profile in a test environment, you can improve performance by disabling the Slow Start, Bandwidth Delay, and Nagles Algorithm settings.
The tcp-lan-optimized profile is a TCP-type profile. This profile is effectively a custom profile that the BIG-IP system has already created for you, derived from the default tcp profile. This profile is useful for environments where a link has higher bandwidth and/or lower latency when paired with a slower link.
The tcp-lan-optimized profile inherits its settings and their default values from the tcp profile, but some of the setting values have been changed. By implementing the tcp-lan-optimized profile, you can optimize the performance of your local TCP traffic in certain ways, without having to create a custom profile to do so.
You can use the tcp-lan-optimized profile as is, or you can create another custom profile, specifying the tcp-lan-optimized profile as the parent profile.
The default setting values of the tcp-lan-optimized profile are the same as those of the tcp profile, except for those listed in Table 8.6.
Table 8.6 Values of a tcp-lan-optimized profile that are different from the tcp profile
Specifies the proxy buffer level at which the receive window was opened. The default value helps to optimize the well-connected device by bursting traffic less frequently.
Specifies the proxy buffer level at which the receive window was closed. The default value allows for more data to be queued between the TCP stacks. This in turn allows the BIG-IP system to more quickly off load the well-connected device in order to feed the slower-speed link over time.
This setting causes the BIG-IP system to send the buffer size, in bytes. The default value allows more data to travel across a higher-latency LAN link. Because loss is unlikely on a LAN, having more data in flight better utilizes the available bandwidth.
This setting causes the BIG-IP system to receive the window size, in bytes. The default value allows more data to travel across a higher-latency LAN link. Because loss is unlikely on a LAN, having more data in flight better utilizes the available bandwidth.
This setting specifies, when checked (enabled), that the system uses larger initial window sizes (as specified in RFC 3390) to help reduce round trip times. This setting is disabled by default because congestion on directly-connected networks is unlikely.
This setting specifies, when checked (enabled), that the system attempts to calculate the optimal bandwidth to use to the client, based on throughput and round-trip time, without exceeding the available bandwidth.
Specifies, when checked (enabled), that the system applies Nagle's algorithm to reduce the number of short segments on the network. Note that enabling this setting for interactive protocols such as telnet might cause degradation on high-latency networks. This setting is disabled by default because the high bandwidth of the link greatly diminishes the advantage of coalescing packets to reduce traffic.
Specifies, when enabled, significantly improved performance to Windows and MacOS peers who are writing out on a very small send buffer.
The tcp-wan-optimized profile is a TCP-type profile. This profile is effectively a custom profile that the BIG-IP system has already created for you, derived from the default tcp profile. This profile is useful for environments where a link has lower bandwidth and/or higher latency when paired with a faster link.
The tcp-wan-optimized profile inherits its settings and their default values from the tcp profile, but some of the setting values have been changed. By implementing the tcp-wan-optimized profile, you can optimize the performance of your wide-area TCP traffic in certain ways, without having to create a custom profile to do so.
You can use the tcp-wan-optimized profile as is, or you can create another custom profile, specifying the tcp-wan-optimized profile as the parent profile.
The default setting values of the tcp-wan-optimized profile are the same as those of the tcp profile, except for those listed in Table 8.7.
Table 8.7 Values of a tcp-wan-optimized profile that are different from the tcp profile
Specifies the proxy buffer level at which the receive window was opened. The default value allows for more data to be queued between the TCP stacks. This in turn allows a slower link to buffer more data on the BIG-IP system in order to feed a higher-speed link with more data, in bursts. When the Proxy Buffer Low and Proxy Buffer High values are the same, the buffer remains as full as possible.
Specifies the proxy buffer level at which the receive window was closed. The default value allows for more data to be queued between the TCP stacks. This in turn allows a slower link to buffer more data on the BIG-IP system in order to feed a higher speed link with more data, in bursts. When the Proxy Buffer Low and Proxy Buffer High values are the same, the buffer remains as full as possible.
This setting causes the BIG-IP system to send the buffer size, in bytes. The default value allows more data to travel across a higher-latency WAN link.
This setting causes the BIG-IP system to receive the window size, in bytes. The default value allows more data to travel across a higher-latency WAN link.
This setting specifies, when checked (enabled), that the system processes data using selective ACKs whenever possible, to improve system performance.
Because the BIG-IP system supports the OpenSSL implementation of datagram Transport Layer Security (TLS), you can optionally assign both a UDP and a Client SSL profile to certain types of virtual servers.
Table 8.8 lists and describes the settings of a UDP profile.
This setting specifies the profile that you want to use as the parent profile. Your new profile inherits all non-custom settings and values from the parent profile specified.
This setting specifies the number of seconds that a connection is idle before the connection flow is eligible for deletion. For background information on setting idle timeout values, see Chapter 1, Introducing Local Traffic Manager.
This setting specifies the Type of Service level that the BIG-IP system assigns to UDP packets when sending them to clients.
This setting specifies the Quality of Service level that the BIG-IP system assigns to UDP packets when sending them to clients.
This setting specifies, when checked (enabled), that the system load balances UDP traffic packet-by-packet.
Disabled (Unchecked)
This setting specifies, when checked (enabled), that the system passes datagrams that contain header information, but no essential data.
Disabled (Unchecked)
The BIG-IP system includes a profile type that you can use to manage Stream Control Transmission Protocol (SCTP) traffic. Stream Control Transmission Protocol (SCTP) is a general-purpose, industry-standard transport protocol, designed for message-oriented applications that transport signalling data. The design of SCTP includes appropriate congestion avoidance behavior, as well as resistance to flooding and masquerade attacks.
Unlike TCP, SCTP includes the ability to support several streams within a connection. While a TCP stream refers to a sequence of bytes, an SCTP stream represents a sequence of messages.
You can use SCTP as the transport protocol for applications that require monitoring and detection of session loss. For such applications, the SCTP mechanisms to detect session failure actively monitor the connectivity of a session.
You can tailor SCTP profile settings to your specific needs. For those settings that have default values, you can retain those default settings or modify them. You can modify any settings either when you create the profile, or at any time after you have created it. For specific procedures on configuring a profile, see Chapter 5, Understanding Profiles.
You can use the default sctp profile as is, or create a custom SCTP profile. Table 8.9 lists and describes the settings of an SCTP profile.
Specifies the profile that you want to use as the parent profile. Your new profile inherits all non-custom settings and values from the parent profile specified.
If this setting is enabled, SCTP instances emulate TCP closing. After receiving a SHUTDOWN message from an upper-layer user process, an SCTP instance initiates a graceful shutdown, by sending a SHUTDOWN chunk.
If this setting is enabled and an SCTP connection exceeds the timeout value for idle connections, the system sends a reset in addition to deleting the connection.
Specifies the number of bytes that a sender can transmit without receiving an acknowledgment (ACK).
Maximum Association Retransmit Limit
Specifies the number of seconds that a connection is idle before the connection is eligible for deletion. For background information on setting idle timeout values, see Chapter 1, Introducing Local Traffic Manager.
Specifies the Type of Service level that the BIG-IP system assigns to SCTP packets when sending them to a client.
Specifies the Quality of Service level that the BIG-IP system assigns to SCTP packets when sending them to a client.
Specifies the internal secret string used to calculate the key-hash method authentication code (HMAC) for cookie verification.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)