Client Profile: controls connection between the BigIP LTM and the client

General rules for this are:

  • Have a proxy buffer higher than 64 KB but not too high.  131072 B for both works
  • Receive window should be at least 132 KB
  • Enable Rate Pace and Delay Window Control
  • Increase Max Syn Retransmissions from the default of 3 to at least 7
  • By default, keep alive internal is 1800 seconds (30 minutes).  I prefer this much smaller (10-60 seconds), as it can come in to play with loss recovery
  • Congestion control defaults to High Speed, which is fine.  Environments with mobile may want to try Woodside
ltm profile tcp /Common/tcp-highspeed-client {
 app-service none
 defaults-from /Common/tcp
 delay-window-control enabled
 early-retransmit enabled
 keep-alive-interval 30
 proxy-buffer-high 131072
 proxy-buffer-low 131072
 rate-pace enabled
 receive-window-size 524288
 selective-acks enabled
 send-buffer-size 1048576
 syn-max-retrans 10
 tail-loss-probe enabled

Server Profile: controls connection between the BigIP LTM and the backend server

In this case you’ll want to match the OS settings of the backend server.  Running “sysctl -a | grep net.ipv4.tcp” is a quick way to discover these.  Example for CentOS 6.5:

net.ipv4.tcp_keepalive_intvl = 75
net.ipv4.tcp_keepalive_time = 7200
net.ipv4.tcp_syn_retries = 5

Profile then matches it.  Also, Congestion control and Slow Start are disabled since we can assume the connection between the LTM and backend servers will be very fast, low latency, and no loss:

ltm profile tcp /Common/tcp-highspeed-server {
 app-service none
 congestion-control none
 defaults-from /Common/tcp
 idle-timeout 7200
 keep-alive-interval 75
 nagle disabled
 proxy-buffer-high 131072
 proxy-buffer-low 98304
 slow-start disabled
 syn-max-retrans 5