Virtual server using a TCP profile with a high idle timeout-f5-all

Virtual server using a TCP profile with a high idle timeout-f5-all
0

Virtual server using a TCP profile with a high idle timeout-f5-all

Vendor: f5

OS: all

Description:
Having very long TCP idle timeouts for virtual servers could make the load balancer keep too many connections open, which in turn could potentially cause memory exhaustion. indeni will alert when the idle timeout appears too high.

Remediation Steps:
Investigate why the high idle timeout is being used and lower it if possible.

How does this work?
This alert logs into the F5 through SSH and retrieves a list of tcp profiles and virtual servers and finds if any tcp profiles with long timeouts has been used.

Why is this important?
Having very long tcp idle timeouts for virtual servers could make the load balancer keep too many connections open, which in turn could potentially cause memory exhaustion.

Without Indeni how would you find this?
Log into the device through SSH. Enter TMSH and issue the command “list ltm profile tcp idle-timeout;list ltm virtual profiles”. Look through each tcp profile definition for the use idle timeouts equal to, or over 1800 seconds and then match that to the profile use of each virtual server.

f5-tmsh-list-ltm-profile-tcp-idle-timeout-list-ltm-virtual-profiles

name: f5-tmsh-list-ltm-profile-tcp-idle-timeout-list-ltm-virtual-profiles
description: Find use of tcp profiles with too high timeout
type: monitoring
monitoring_interval: 60 minutes
requires:
    vendor: f5
    product: load-balancer
    linux-based: 'true'
    shell: bash
comments:
    f5-virtualserver-tcp-profile-idle-timeout:
        why: |
            Having very long tcp idle timeouts for virtual servers could make the load balancer keep too many connections open, which in turn could potentially cause memory exhaustion.
        how: |
            This alert logs into the F5 through SSH and retrieves a list of tcp profiles and virtual servers and finds if any tcp profiles with long timeouts has been used.
        without-indeni: |
            Log into the device through SSH. Enter TMSH and issue the command "list ltm profile tcp idle-timeout;list ltm virtual profiles". Look through each tcp profile definition for the use idle timeouts equal to, or over 1800 seconds and then match that to the profile use of each virtual server.
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: tmsh -q -c "list ltm profile tcp idle-timeout;list ltm virtual profiles"
    parse:
        type: AWK
        file: tmsh-list-ltm-profile-tcp-idle-timeout-list-ltm-virtual-profiles.parser.1.awk

f5_high_idle_timeout

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.f5

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.NumericThresholdOnComplexMetricWithItemsTemplateRule
import com.indeni.server.rules.ThresholdDirection

/**
  *
  */
case class f5_high_idle_timeout() extends NumericThresholdOnComplexMetricWithItemsTemplateRule(
  ruleName = "f5_high_idle_timeout",
  ruleFriendlyName = "F5 Devices: Virtual server using a TCP profile with a high idle timeout",
  ruleDescription = "Having very long TCP idle timeouts for virtual servers could make the load balancer keep too many connections open, which in turn could potentially cause memory exhaustion. indeni will alert when the idle timeout appears too high.",
  metricName = "f5-virtualserver-tcp-profile-idle-timeout",
  threshold = 1800.0,
  thresholdDirection = ThresholdDirection.ABOVE,
  applicableMetricTag = "name",
  alertItemsHeader = "Affected Profiles",
  alertDescription = "Having very long TCP idle timeouts for virtual servers could make the load balancer keep too many connections open, which in turn could potentially cause memory exhaustion.\n\nThis alert was added per the request of <a target=\"_blank\" href=\"https://se.linkedin.com/in/patrik-jonsson-6527932\">Patrik Jonsson</a>.",
  alertItemDescriptionFormat = "The idle timeout used is %.0f",
  baseRemediationText = "Investigate why the high idle timeout is being used and lower it if possible.")()