Takashi1211
Contributor
Contributor

Does the nsx-t load balancer send RST packets to clients and servers?

I am considering migrating from big-ip to NSX-T LB.
big-ip has a function to send RST packets to both when communication between server / client is stagnant.

Does NSX-T LB have a similar function?
Where can I set it?

Thanks.

0 Kudos
3 Replies
p0wertje
Hot Shot
Hot Shot

What function are you referring to in F5 ?

Cheers,
p0wertje | VCIX6-NV | JNCIS-ENT
Please kudo helpful posts and mark the thread as solved if solved
0 Kudos
Takashi1211
Contributor
Contributor

Hi, p0wertje.

Thank you for your reply.
The following BIG-IP functions.

https://support.f5.com/csp/article/K9812
Profiles
Protocol profile idle timeouts (if the Reset On Timeout setting is enabled)
The BIG-IP system tracks connection flows by adding an entry to the connection table. When the connection flow becomes idle, the BIG-IP system starts a timer and closes the connection with a TCP RST packet when the connection reaches the idle session timeout. The TCP RST packet is sent on the client and server side of the connection, and the source IP address of the reset is the relevant virtual server IP address.

0 Kudos
p0wertje
Hot Shot
Hot Shot

Hi,

 

The only info i can find about it is in https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/administration/GUID-91F2D574-F469-481A-AA39-...

"To detect an inactive client or server communication, the load balancer uses the HTTP application profile response timeout feature set to 60 seconds. If the server does not send traffic during the 60 seconds interval, NSX-T Data Center ends the connection on the client and server side. Default application profiles cannot be edited. To edit HTTP application profile settings, create a custom profile."

and

Idle Timeout

Enter the time in seconds on how long the server can remain idle after a TCP connection is established.

Set the idle time to the actual application idle time and add a few more seconds so that the load balancer does not close its connections before the application does.

 

Maybe someone from vmware can say something about this ? I assume in a normal closing tcp session, a RST is sent.

 

nsx advanced loadbalancer has more options with rate-limiting on a per client basis

https://avinetworks.com/docs/20.1/application-profile/

 

 

Cheers,
p0wertje | VCIX6-NV | JNCIS-ENT
Please kudo helpful posts and mark the thread as solved if solved
0 Kudos