How to: Configure L3 DSR to bypass BIG-IP Next and route traffic directly to client

Use the Layer 3 (L3) Direct Server Return (DSR) to bypass BIG-IP Next and route outgoing traffic directly to the client, even when the servers and routers are on different networks. This increases outbound throughput because traffic does not need to be transmitted to the BIG-IP Next and then forwarded to the client.


  • Deploy an application, refer Manage applications using BIG-IP Next Central Manager and FAST templates..

  • You must have Administrator or Application Manager user credentials to manage application services. Users with Instance Manager or Auditor credentials have read-only access to application services.

  • Parameter details (for example, server names or addresses, pool names, and pool member addresses or names) that are required for this application service.


Important: These steps configure only the BIG-IP Next device, to configure other devices in your network for L3 DSR, refer the respective device manufacturer’s documentation.

Configure Direct Server Return

Use the following procedure to deploy an application with L3 DSR.

  1. Log in to BIG-IP Next Central Manager, click the workspace menu near the F5 icon, and navigate to Applications > My Application Services.

  2. Click on the application name to which DSR must be applied.

  3. Click the Edit icon (upper-right corner).

  4. Click the Edit icon under Protocols & Profiles.

  5. Select Enable FastL4.

  6. In Idle Timeout, enter the time in seconds, this specifies that a connection can remain idle (has no traffic) before the system deletes the connection.

  7. Select Loose Close, this allows the system to remove a connection when it receives the first FIN packet. This helps trim connection table entries because the system can remove the connection entry as soon as the connection officially closes, and the system does not need to maintain the connection table entry.

  8. Select Loose initialization, this allows the system to start a connection when it receives any TCP packet, rather than requiring a SYN packet to start a connection.
    Note: F5 recommends that if you enable the Loose initialization field, you also enable the Loose Close field.

  9. Select Reset on Timeout, this allows the system to send a reset packet (RST) and delete the connection when the connection exceeds the idle timeout value. The system sends an RST from the virtual server address to the client and from the client address (or SNAT address when configured) to the server.

  10. In TCP Close Timeout, enter the time in seconds, this specifies how long a connection can stay idle before being deleted. This setting helps quickly close a connection once the system receives the first FIN packet. It also controls when the system removes a connection from the connection table. If a connection remains idle for too long, it is removed from the table. Then, when one end or the other eventually closes the connection, the system drops the packets (FIN/FINACK/ACK) because there is no connection table entry to specify the load balancing destination. Ensure the TCP Close Timeout must be less than the Idle Timeout and is valid only if you enable the Loose Initialization or the Loose Close fields.

  11. In TCP Handshake Timeout, enter the time in seconds, this specifies the system can try to establish a TCP handshake before timing out. If the TCP handshake takes longer than the specified timeout, the system automatically closes the connection.

  12. Select Enable FastL4 DSR (Direct Server Return).

  13. In IP ToS to Server Value, enter a number between 0 and 255, this specifies the IP ToS setting that the system inserts in the IP packet header.

  14. Click Save, the Application Service Properties screen displays.

  15. Click Review & Deploy, the Deploy page displays.

  16. Click Validate All, the system validates and indicates that the given parameters are valid.
    Note: Click View Results to review the deployment details.

  17. Click Deploy Changes, a pop-up displays confirming to deploy, click Yes, Deploy.


The application is deployed with L3 DSR enabling outgoing traffic to directly route to client.