Virtual server using a TCP profile with a high idle timeout-f5-False

error
false
best-practices
f5
Virtual server using a TCP profile with a high idle timeout-f5-False
0

#1

Virtual server using a TCP profile with a high idle timeout-f5-False

Vendor: f5

OS: False

Description:
Having very long TCP idle timeouts for virtual servers could make the load balancer keep too many connections open, which in turn could potentially cause memory exhaustion. indeni will alert when the idle timeout appears too high.

Remediation Steps:
Investigate why the high idle timeout is being used and lower it if possible.

How does this work?
This alert logs into the F5 through SSH and retrieves a list of tcp profiles and virtual servers and finds if any tcp profiles with long timeouts has been used.

Why is this important?
Having very long tcp idle timeouts for virtual servers could make the load balancer keep too many connections open, which in turn could potentially cause memory exhaustion.

Without Indeni how would you find this?
Log into the device through SSH. Enter TMSH and issue the command “list ltm profile tcp idle-timeout;list ltm virtual profiles”. Look through each tcp profile definition for the use idle timeouts equal to, or over 1800 seconds and then match that to the profile use of each virtual server.

f5-tmsh-list-ltm-profile-tcp-idle-timeout-list-ltm-virtual-profiles

 #! META
name: f5-tmsh-list-ltm-profile-tcp-idle-timeout-list-ltm-virtual-profiles
description: Find use of tcp profiles with too high timeout
type: monitoring
monitoring_interval: 60 minutes
requires:
    vendor: "f5"
    product: "load-balancer"
    linux-based: "true"
    shell: "bash"

#! COMMENTS
f5-virtualserver-tcp-profile-idle-timeout:
    why: |
        Having very long tcp idle timeouts for virtual servers could make the load balancer keep too many connections open, which in turn could potentially cause memory exhaustion.
    how: |
        This alert logs into the F5 through SSH and retrieves a list of tcp profiles and virtual servers and finds if any tcp profiles with long timeouts has been used.
    without-indeni: |
        Log into the device through SSH. Enter TMSH and issue the command "list ltm profile tcp idle-timeout;list ltm virtual profiles". Look through each tcp profile definition for the use idle timeouts equal to, or over 1800 seconds and then match that to the profile use of each virtual server.
    can-with-snmp: false
    can-with-syslog: false

#! REMOTE::SSH
tmsh -q -c "list ltm profile tcp idle-timeout;list ltm virtual profiles"

#! PARSER::AWK

#ltm profile tcp mptcp-mobile-optimized {
/^ltm profile tcp/{

    section = "tcpProfile"
    tcpProfileName = $4

}

#    idle-timeout 300
/^\s+idle-timeout\s[0-9]+$/{

    idleTimeout = $2
    tcpProfileIdleTimeouts[tcpProfileName] = idleTimeout

}

#ltm virtual compression-level-6-vip-443 {
/^ltm virtual/{

    section = "virtualserver"
    virtualName = $3

}

#        wam-tcp-lan-optimized {
/^\s+[^\s]+\s\{$/{

    #Filter out only the profile names
    if(section == "virtualserver" && $1 in tcpProfileIdleTimeouts){
        virtualTags["name"] = "Virtual Server: " virtualName " TCP Profile: " $1
        writeComplexMetricString("f5-virtualserver-tcp-profile-idle-timeout", virtualTags, tcpProfileIdleTimeouts[$1])
    }

}

f5_high_idle_timeout

package com.indeni.server.rules.library.templatebased.f5

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.ThresholdDirection
import com.indeni.server.rules.library.templates.NumericThresholdOnComplexMetricWithItemsTemplateRule

/**
  *
  */
case class f5_high_idle_timeout() extends NumericThresholdOnComplexMetricWithItemsTemplateRule(
  ruleName = "f5_high_idle_timeout",
  ruleFriendlyName = "F5 Devices: Virtual server using a TCP profile with a high idle timeout",
  ruleDescription = "Having very long TCP idle timeouts for virtual servers could make the load balancer keep too many connections open, which in turn could potentially cause memory exhaustion. indeni will alert when the idle timeout appears too high.",
  metricName = "f5-virtualserver-tcp-profile-idle-timeout",
  threshold = 1800.0,
  thresholdDirection = ThresholdDirection.ABOVE,
  applicableMetricTag = "name",
  alertItemsHeader = "Affected Profiles",
  alertDescription = "Having very long TCP idle timeouts for virtual servers could make the load balancer keep too many connections open, which in turn could potentially cause memory exhaustion.\n\nThis alert was added per the request of <a target=\"_blank\" href=\"https://se.linkedin.com/in/patrik-jonsson-6527932\">Patrik Jonsson</a>.",
  alertItemDescriptionFormat = "The idle timeout used is %.0f",
  baseRemediationText = "Investigate why the high idle timeout is being used and lower it if possible.")()