This section describes configuration of TCP Fast Path through the Avi Load Balancer UI.

Procedure

  1. Navigate to Templates > > Profiles > > TCP/UDP and click Create.
  2. Enter the Name of the network profile.
  3. Select TCP Fast Path from the drop-down menu.
  4. Configure Direct Server Return (DSR) if required.
    1. Click Enable DSR.
    2. Click the DSR Type (L2 or L3) to select the mode.
    3. Select IPinip as the DSR Encapsulation Type.
  5. Configure the TCP Fast Path Settings .
    1. Click Enable Syn Protection.

      Avi Load Balancer will complete the three-way handshake with the client before forwarding any packets to the server. It will protect the server from SYN flood and half open SYN connections.

    2. Enter the Session Idle Timeout (between 5-14400 seconds).

      This is the time for which a connection needs to be idle before it is eligible to be deleted.

      Note:

      Enter 0 to make the session idle timeout infinite.

  6. Click Save.

    Disabled by default, the timeout parameter SYN Protection, modifies the connection setup behavior slightly. The initial three-way handshake of client is first proxied by the Avi Load Balancer SE. On completion of the three-way handshake, the SE replays this process on the server side of the SE, including passing through client TCP supported options. This enables the Avi Load Balancer to provide TCP DoS mitigation and validation of the connection before handing off the connection to the server.