The main reason for the session timeout is to be able to clear the inactive sessions from clients that improperly disconnected (people that unplugged their PC before logging out, people that lost their network connection, …). Without it, we'll keep these sessions for ever and our SLB table sessions will grow infinitely. By setting the session timers higher the sessions will take longer to time out, so the DX will keep track of them which requires memory to be allocated. You can use 'netstat' on the command line to view the state of connections to the DX.
As well as the global setting the SLB active session timeout can be changed per SLB group.
For the specific applications that require long active timeout (like FTP for instance), you can change the SLB active session timeout from 1 to 604800 (7 days) per SLB group:
In CLI: "set slb group <name> session timeout active [1-604800]"
Or in WebUI: In the SLB Group – "Override Default Settings" section.
Yes, with that setting the DX will terminate the session if it is still connected after 600s. You can set the expiry time for the SLB group up to 604800s (7 days), so depending on the application you can tweak the value to what you expect as the maximum allowed session length. When the session is terminated a TCP reset is sent by defauly, governed by the DX setting:
% show slb advanced
SLB Advanced Settings ---------------------- Reset to Client: enabled Reset to Server: enabled
The other timeout values can also be set per SLB group or globally are:
The Close timer is for when a client initiates the session termination, in case the TCP close does not complete gracefully then the DX removes the session after this timeout value, so this has no correlation with the Active session timer and does not ned to be modified if you change the Active timer.
The Ack wait timer is similar but relates to the client initiating a session. If the client does not send the expected Ack to complete the three-way TCP handshake, the connection is then not in an established state and is taking up resources. After waiting for the Ack Wait period the embryonic connection is then removed.
Generally these other values can be left as default, if you find that stale connections are building up and causing issues then lowering these values would cause the DX to reap those connections quicker. Note that lowering the Ack Wait too low could cause 'slow' clients to fail to establish connections.
As you found out, the main timer is the Active session one which determines the maximum length of time a connection can be in an established state and can need altering if you have long-lived sessions through the SLB group.