NSX-T LB Fast TCP profile ideal timeout configured on the NSX-UI is not reflecting same in LB session table of Edge
search cancel

NSX-T LB Fast TCP profile ideal timeout configured on the NSX-UI is not reflecting same in LB session table of Edge

book

Article ID: 374832

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

From the Manager: NSX-T UI:

Application profile for LB virtual server is configured with  Fast TCP ideal timeout value as 65535

From the data plane: on the Edge cli:

The fast tcp ideal timeout is set as 65535

edge01> get version

VMware NSX Software, Version 3.1.3.8.0.20532391

 

edge01> get load-balancer ########-08ef-42de-a9f6-fdab0d2414e7 virtual-server ########-4730-480a-b5e6-fb5b360c1760
Thu Jul 26 2024 UTC 07:56:34.143
Virtual Server
Access Log Enabled                 : False
Application Profile Id             : ########-fe48-416a-8f96-b74895d5920b
Display Name                       : ####
Enabled                            : True
UUID                               : ########-4730-480a-b5e6-fb5b360c1760
Ip Address                         :
    Ipv4                           : 192.168.#.#
Ip Protocol                        : TCP
Log Significant Event Only         : False
Pool Id                            : ########8c7c-4738-9a2f-7d432aad9604
Port                               : 80
Revision                           : 6

Application Profile
Application Type                   : FAST_TCP
Display Name                       : Test-tcp-lb--app-profile <----------------Application profile
Fast Tcp Profile                   :
    Close Timeout                  : 8
    Flow Mirroring Enabled         : False
    Idle Timeout                   : 65535 <------------------------------------Ideal timeout
UUID                               : ########-fe48-416a-8f96-b74895d5920b

--However, LB session table shows max as 7200 seconds (2hours)

----------------------------------------
LB-session table 
-----------------------------------------

edge01> get load-balancer ########-08ef-42de-a9f6-fdab0d2414e7 session-tables l4
Thu Jul 26 2024 UTC 07:56:44.724
Session-Tables
TABLE   ID               PROTO CADDR           CPORT  VADDR           VPORT   SADDR           SPORT  DADDR           DPORT  EXP
l4lb-0  0000000000000007 tcp   192.168.#.#  49413  192.168.#.#   80      100.64.#.#     4099   172.16..#.#   80     7200<-----------Lb session table shows max as 7200

 

Environment

VMware NSX-T Datacenter

VMware NSX

Cause

This is due to default max_state_age  value is set to 7200s in 3.1.3.8 version.

max_stage_age value is identified by using command "edge-appctl -t /var/run/vmware/edge/dpd.ctl fw/get_param <logical router port UUID>"

Different NSX-T versions and default MAX_STATE_AGE value hard coded and configurable Fast TCP profile bit.

NSX-T VERSIONS

MAX_STATE_AGE value hard coded.

FAST TCP PROFILE (IDEAL timeout)

Session timeout =MAX_STATE_AGE

(Persistent)

By edge-appctl -t command can manually changing max_state_age value

(Non-persistent)

NSX-T 3.1.3.8 and <

7200 sec (2hours)

16 bit configurable

7200 sec (2hours)

65535 sec   Max_state_age can be set to any value manually using edge-appctl command, However session max timeout would be 65535 due to 16 bit limit

NSX-T 3.2.1 > and < 3.2.3

172800 (2days)

16 bit configurable

65535 sec  (due to 16 bit limit)

65535 sec 

NSX-T 3.2.3 >=

172800 (2days)

32 bit configurable

172800 sec

Any value >= 172800 , with in limit of 32 bit

 

Note: From 3.2.3 version the Fast TCP profile value is 32 bit configurable.

 

 

Resolution

If you running into this issue, please raise support request with Broadcom

Powered by Wolken Software