Forum Discussion

Mahantesh_Bisur's avatar
Mahantesh_Bisur
Icon for Nimbostratus rankNimbostratus
Dec 14, 2015

VIP Slow response time

Hi,

 

We have created 2 VIP's for sftp services and when both of these VIP's are added on monitoring server, We are getting different response time for both of these VIP's.

 

One VIP is taking 2/3 sec for the response and another VIP is taking 5/6 sec. Both of these VIP's are configured on 2 different load balancers, But both VIP's are hvaing similar configuration.

 

VIP which is responding slowly is on same environment as Monitoring server.

 

Also when we started monitoring backend sftp servers directly we are getting good response(around 2/3sec).

 

Is F5 introduing any delay to this response? We already took tcpdump on F5 and we do not see delay caused by the F5.

 

Could anyone please assist on this issue.

 

4 Replies

  • Hi,

     

    sftp is provided by SSH deamon which do a reverse dns lookup of the client IP.

     

    if there is no dns PTR for the F5 self IP used by SNAT, the SSH service will wait for DNS timeout before requesting authentication password.

     

    it is not a F5 issue but the default behavior of every SSH services.

     

  • Hi,

     

    Thanks for the update. But we are not using SNAT as F5 is gateway for backend servers. Source address translation is set to None for this VIP.

     

    Regards, Mahantesh

     

  • From the same IP source, you have different connection delay if you connect with VS or without?

     

    Did you define any profile in LTM virtual server?

     

    Isn't it a DNS timeout depending of the client IP knowledge by the DNS server?

     

    Can you try by adding the IP address in your server hosts file to check if it is the cause?

     

  • Hi,

     

    Please see below for the answers.

     

    From the same IP source, you have different connection delay if you connect with VS or without?

     

    Ans: Yes that's correct. With VS response time is 5sec and without VS it is 2/3 sec.

     

    Did you define any profile in LTM virtual server?

     

    Ans: We have setup 2 VIP's(one is responding in 2/3sec and another is responding in 5sec) for sftp services in two differnet load blancers. For both VIP's we are using client protocol profile as tcp and server protocol profile as (use client profile).

     

    We also tested by changing these client/server protocol profile to tcp wan/lan optimized profiles respectively. but we didn't observe any difference.

     

    Isn't it a DNS timeout depending of the client IP knowledge by the DNS server? Can you try by adding the IP address in your server hosts file to check if it is the cause?

     

    Ans: we tried this by adding VIP address to monitoring server instead of VIP name, But response time still the same.

     

    Regards, Mahantesh.