1. IP Front End User Guide
  2. Introduction to IPFE
  3. IPFE Associations

IPFE Associations

The IPFE stores an Association record about each connection. The Association contains the information necessary to identify packets belonging to a connection and to identify the application server that the IPFE has selected for the connection. The IPFE forwards all packets associated with a particular connection to the selected application server.

The specific packet-identifying information is the source IP address and the source port number. For each target set, packets matching both by source address and source port are routed to the same target application server. SCTP verification tags are also used as identifiers since, with the SCTP protocol, the source IP address can change.

All association information is replicated between mated IPFEs, but not between IPFE pairs.

Association information is isolated to a target set so that the target sets behave independently.

Because returning packets bypass the IPFE, the IPFE has limited knowledge of the state of the connection. The IPFE cannot determine if a connection has reconnected from the same source port, nor whether the connection has been terminated. The IPFE attempts to use the available state information to make the best possible judgments about when an association is stale. A stale connection is removed and subsequent packets originating from the same IP address and from the same source port are treated as a new connection: the load balancing algorithm is freshly applied.

An association is considered stale if:
  • No packets have been received for the duration of the Delete Age setting in the Target Set configuration.
  • The transactions of the Connect-CER-CEA-Disconnect form are the only transactions to have taken place for a period of time of Delete Age.
  • The IPFE is able to track the TCP sequence numbers and determined if an authentic FIN and subsequence SYN are in evidence that a TCP connection has disconnected and reconnected. This tracking works for certain idealized TCP connections only.
  • The IPFE is able to track the SCTP verification tag and determined if an authentic SHUTDOWN and subsequence INIT are in evidence that a SCTP connection has disconnected and reconnected. This tracking works for certain idealized SCTP connections only.