Client Profile: controls connection between the BigIP LTM and the client

General rules for this are:

  • Have a proxy buffer higher than 64 KB but not too high.  131072 B for both works
  • Receive window should be at least 132 KB
  • Enable Rate Pace and Delay Window Control
  • By default, keep alive internal is 1800 seconds (30 minutes).  I prefer this much smaller.
  • Congestion control defaults to High Speed, which is fine.  Environments with mobile may want to try Woodside
ltm profile tcp /Common/tcp-highspeed-client {
 app-service none
 defaults-from /Common/tcp
 delay-window-control enabled
 early-retransmit enabled
 keep-alive-interval 30
 proxy-buffer-high 131072
 proxy-buffer-low 131072
 rate-pace enabled
 receive-window-size 524288
 selective-acks enabled
 send-buffer-size 1048576
 syn-max-retrans 10
 tail-loss-probe enabled

Server Profile: controls connection between the BigIP LTM and the backend server

In this case you’ll want to match the OS settings of the backend server.  Running “sysctl -a | grep net.ipv4.tcp” is a quick way to discover these.  Example for CentOS 6.5:

net.ipv4.tcp_keepalive_intvl = 75
net.ipv4.tcp_keepalive_time = 7200
net.ipv4.tcp_syn_retries = 5

Profile then matches it, with Congestion control and Slow Start disabled:

ltm profile tcp /Common/tcp-highspeed-server {
 app-service none
 congestion-control none
 defaults-from /Common/tcp
 idle-timeout 7200
 keep-alive-interval 75
 nagle disabled
 proxy-buffer-high 131072
 proxy-buffer-low 98304
 slow-start disabled
 syn-max-retrans 5