Forum Discussion

2funky_105078's avatar
2funky_105078
Icon for Cirrus rankCirrus
Feb 13, 2013

oneconnect or not?

Hi,

 

 

I have a kind of hamletic doubt to use oneconnect or not on some vserver of Lync 2013 where we use HTTPS as probe, (so i would assume they are HTTPS).....

 

Based on:

 

http://support.f5.com/kb/en-us/solutions/public/7000/200/sol7208.html?sr=27310157

 

I should use it only where the HTTP packet is in clear, so that tcp connections can be re-used on the backend servers. In our case we dont do any SSL proxying for HTTPS.

 

Strange, i was under the impression that this was a TCP optimization only..

 

So, at the end, we are not using it at all this feature for Lync 2013 HTTPS servers but also on SIP TLS vservers, as it breaks our verification tool about certificates (VerifySSLCertififcate from Microsoft). Persistence is mainly Src_ip.

 

 

thanks

 

config
design

4 Replies

Sort By
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Feb 13, 2013
    i do not see oneconnect being used on ssl passthrough virtual server. so, i think it is not different. 

    [root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.252:443
   ip protocol 6
   profiles {
      oneconnect {}
      tcp {}
   }
}
[root@ve10:Active] config  b pool foo list
pool foo {
   members {
      200.200.200.101:443 {}
      200.200.200.111:443 {}
   }
}

 sending 100 requests

[root@ve10:Active] config  b profile oneconnect
PROFILE ONECONNECT oneconnect
|        (curr, max, reuse, new) = (0, 0, 0, 100)
  • 2funky_105078's avatar
    2funky_105078
    Icon for Cirrus rankCirrus
    Feb 13, 2013

    so you mean it is better not to use oneconnect for SSL connections non-proxied by LTM?

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Feb 13, 2013
    so you mean it is better not to use oneconnect for SSL connections non-proxied by LTM?since it is not used (reuse = 0), i think it is better to not use it.

     

     

    just my 2 cents.
  • maddox76_56722's avatar
    maddox76_56722
    Icon for Nimbostratus rankNimbostratus
    Feb 19, 2013

    If you use the oneconnect every req from the loadbalancer will take an new loadbalancing decision for each tcp req towards you servers behind the ltm. If you don't use the oneconnect in the way you plan, or the "lb detach" in an irule the loadbalancing decision will take place in the first tcp req in the session and all other req will use the same server.

     

     

    If you use Akamai for example who use some varios type of pipelineing and tcp optimization you must use either oneconnect or lb detach. Or you loadbalancing will be very wrong.

     

     

    BR Maddox