Topic
3 replies Latest Post - ‏2014-06-09T14:49:27Z by Trey
MichaelFranek
MichaelFranek
34 Posts
ACCEPTED ANSWER

Pinned topic Datapower XI52 - Time-wait settings

‏2014-06-02T20:33:20Z |

Is it possible to change the amount of time that a tcp port remains in time-wait before being returned back to be re-used?

10.7.211.139  30002  10.7.208.16  23113  time-wait  TPGateway  HTTP Front Side Handler  Gateway_FrontSideHandler 

 

10.7.211.139  30000  10.7.208.14  16990  time-wait  Security  XML Firewall Service  SecurityGateway 
10.7.211.139  30000  10.7.208.15  10759  time-wait  Security  XML Firewall Service  SecurityGateway 
10.7.211.139  30000  10.7.208.15  16894  time-wait  Security  XML Firewall Service  SecurityGateway 
10.7.211.139  30000  10.7.208.15  17099  time-wait  Security  XML Firewall Service  SecurityGateway 
10.7.211.139  30000  10.7.208.15  21753  time-wait  Security  XML Firewall Service  SecurityGateway 
10.7.211.139  30000  10.7.208.15  21764  time-wait  Security  XML Firewall Service  SecurityGateway 
10.7.211.139  30000  10.7.208.16  16879  time-wait  Security  XML Firewall Service  SecurityGateway 
10.7.211.139  30000  10.7.208.16  16934  time-wait  Security  XML Firewall Service  SecurityGateway 
10.7.211.139  30000  10.7.208.16  21721  time-wait  Security  XML Firewall Service  SecurityGateway 
10.7.211.139  30000  10.7.208.16  21774  time-wait  Security  XML Firewall Service  SecurityGateway 

Thanks.

  • Trey
    Trey
    224 Posts
    ACCEPTED ANSWER

    Re: Datapower XI52 - Time-wait settings

    ‏2014-06-09T01:07:53Z  in response to MichaelFranek

    Michael,

      Current the time-wait hold is not accessible.  To be honest the few times I have had work done on this timer it always comes back to bite me or someone.  I am sure you know what you are doing Michael but this setting would be appliance wide not per protocol/socket.  While a quick http server may handle the closure rapidly some remote or noisy network shared virtual endpoint thats running high on cpu use due to testing may need a bit more time.  Just giving an example.

    The hold time on the time-wait is really just a grace period to make sure the other side received the fin and closed out completely.

    The actual time-wait socket holds a very tiny chunk of memory and even in extreme cases of high time-waits I have never seen this impact the appliance other than causing large TCP state tables to be listed. 

    If you have a lot of time-waits I would tend to want to ask why are the connection not reusable?  Persistent connections are normally a good thing in most cases.

    If you have an issue or problem please let me know.

    • MichaelFranek
      MichaelFranek
      34 Posts
      ACCEPTED ANSWER

      Re: Datapower XI52 - Time-wait settings

      ‏2014-06-09T13:58:07Z  in response to Trey

      Thanks for the update Trey..  Yes I totally understand your reluctance... ;)

      We have identified some interaction between the F5 LoadBalancer and the Datapowers. Even though we have the Datapowers set to process HTTP 1.1 functionality, so that we can as you outline, utilize persistent connections, the F5 is terminating the connection going BACK to the Client, but that leaves this connection open on the Datapowers.. At best, even if the F5 does send us a close, we have tons of the items above.

      So in short, this interaction with the F5 turns off all of our 1.1 functionality, and we act like we are on 1.0.

      We are testing a fix to the F5 this week, so hopefully that will alleviate this issue.

       

      Thanks again!

      • Trey
        Trey
        224 Posts
        ACCEPTED ANSWER

        Re: Datapower XI52 - Time-wait settings

        ‏2014-06-09T14:49:27Z  in response to MichaelFranek

        Michael,

          If you do run ingot any problems like an ephemeral port reuse issue or anything please let me know.  We have been keeping an eye out for this should it actually happen to anyone but so far no problems or limits on the appliance due to this. 
        I have a lot of folks using F5s so I hope you can get that fixed.

        Thanks for sharing the source I am always interested to know.  I hope this helps but if you need anything else let me know.