The TCP proxy terminates client connections to the virtual service, processes the payload, and then opens a new TCP connection to the destination server. Any application data from the client that is destined for a server is forwarded to that server over the new server-side TCP connection. Separating (or proxying) the client-to-server connections enables the Avi Load Balancer to provide enhanced security, such as TCP protocol sanitization and denial of service (DoS) mitigation.



The TCP proxy mode also provides better client and server performance, such as maximizing client and server TCP maximum segment size (MSS) or window sizes independently, and buffering server responses.

Each connection negotiates the optimal TCP settings for the connecting device. For example, consider a client connecting to the Avi Load Balancer with a 1400-byte MTU, while the server is connected to it with a 1500-byte MTU. In this case, the Avi Load Balancer buffers the 1500-byte server responses and sends them back to the client separately as 1400-byte responses.

If the client connection drops a packet, the Avi Load Balancer handles re-transmission, as the server might have already finished the transmission and moved on to handling the next client request. This optimization is particularly useful in environments with high-bandwidth, low-latency connectivity to the servers and low-bandwidth, high-latency connectivity to the clients (as is typical of Internet traffic).

Use a TCP/UDP profile with the type set to Proxy for application profiles such as HTTP.

To create a TCP proxy network profile,

  1. In the New TCP/UDP Profile screen, enter the Name of the network profile.

  2. Select TCP Proxy as the Type.

  3. Under TCP Proxy, select the mode (Auto Learn or Custom) to set the configurations for this profile.

  4. Click Save.

TCP Parameters

The Avi Load Balancer exposes only the configurable parameters of the TCP protocol that might have tangible benefits on application performance. More configuration options are available through the Avi Load Balancer CLI or REST API.



Auto Learn

Auto-learn mode sets all parameters to default values and dynamically changes the buffer size.

In practice, many Avi Load Balancer administrators have found that manual TCP tweaking is rarely needed. The default TCP Profile in Avi Load Balancer is set to Auto Learn and a majority of its customers might never have to deviate from this top level setting. This approach is for reducing the complexity involved in managing application delivery platforms and simplifying service consumption by application owners.

With the TCP Proxy profile, enabling Auto Learn makes the Avi Load Balancer set the configuration parameters. The Avi Load Balancer can make changes to the TCP settings at any point in time. For example, if an SE is running low on memory, it might reduce buffers or window sizes to ensure application availability.

On selecting the auto learn mode, the default values configured in each field are as shown in the following table:

Settings

Default Value

TCP Keep Alive

Enabled

Idle Duration

10 minutes.

After 10 minutes idle time, the Avi Load Balancer initiates the TCP keep alive protocol. If the other side responds, the connection continues to live.

Max Retransmissions

8

Max SYN Retransmissions

8

IP DSCP

No special DSCP values used.

Enable Nagles Algorithm

Disabled.

Buffer Management

The receive window advertised to the client and on the server dynamically change. It starts small (2kb) and can increase when needed up to 64mb for a single TCP connection. The algorithm also takes into account the amount of memory available in the system and the number of open TCP connections.