Hi Stanislas,
you can easily detect connection parking/suspending situations by measuring the
[clock clicks]
needed to execute the individual
ACCESS::session
commands. If the connection gets suspended it will take way more than 50 clicks and if not it will take less clicks...
I've once reverse engineered the connection suspending behavior for
[table]
and
[ACCESS::*]
commands on a CMP-enabled plattform and came to the following conclusion.
General rules for TMM distribution:
- The underlying TCP/UDP connection will use the CMP-hash settings (IP or IP+Port) to select the owning TMM instance.
- The
[table]
command will use a hash of the KEY value to select the owning TMM instance. - The
[table -subtable]
command will use a hash of the subtable-label to select the owning TMM instance. - The
[ACCESS::*]
commands will use a hash of the SID to select the owning TMM instance.
General rule for connection suspending:
- A connection suspending situation will ocour if the TMM instance where the
[table]
or [ACCESS::*]
command is executed is not the owning TMM instance.
APM specific behavior:
- The underlying TCP session of the HTTP request that initiates a new APM session will be CMP-hash distributed to a given TMM (lets say TMM0)
- The
ACCESS_SESSION_STARTED
will be processed on the TMM core of the underlying TCP session (still TMM0) - During
ACCESS_SESSION_STARTED
a (slightly pseudo) random SID will be generated, where the hash of the just created SID always routes the responsibility for that APM session to the local TMM (still TMM0 in this case) - In a non-clientless mode, the client may open multiple keep-alive TCP session to fetch the login pages where each TCP session may be CMP-hash distributed to a different TMM (TMM0, TMM1, ect.)
- From here it depends on the underlying TCP session the client has used to POST-back login page information.
- If the underlying TCP session is handled by the TMM which has processed the
ACCESS_SESSION_STARTED
event no connection parking situations will happen while executing [ACCESS::*]
commands. - If the underlying TCP session is handled by a different TMM a connection parking situations will happen everytime while executing
[ACCESS::*]
commands.
How to repro my observations:
Create a VPE with a pattern like that:
START -> iRule Action -> MSGBox -> iRule Action -> MSGBox -> iRule Action -> DENY
Use the following iRule to measure the time needed and to output the used TMM instance.
when CLIENT_ACCEPTED {
ACCESS::restrict_irule_events disable
}
when HTTP_REQUEST {
log local0.debug "Path: [HTTP::path]"
}
when ACCESS_SESSION_STARTED {
set start [clock clicks]
set test [ACCESS::session data get "blub"]
set stop [clock clicks]
log local0.debug "APM session initialized on TMM[TMM::cmp_unit]. ACCESS command took [expr { $stop - $start }] clicks"
}
when ACCESS_POLICY_AGENT_EVENT {
set start [clock clicks]
set test [ACCESS::session data get "blub"]
set stop [clock clicks]
log local0.debug "We are on TMM[TMM::cmp_unit] now. ACCESS command took [expr { $stop - $start }] clicks"
}
when ACCESS_POLICY_COMPLETED {
set start [clock clicks]
set test [ACCESS::session data get "blub"]
set stop [clock clicks]
log local0.debug "We are on TMM[TMM::cmp_unit] now. ACCESS command took [expr { $stop - $start }] clicks"
}
Log outputs on a test system with 2 TMM cores:
tmm[13406]: Rule /Common/Test : Path: /
tmm[13406]: Rule /Common/Test : APM session initialized on TMM0. ACCESS command took 15 clicks
tmm[13406]: Rule /Common/Test : Path: /my.policy
tmm[13406]: Rule /Common/Test : Path: /renderer/agent_irule_event_form.eui
tmm[13406]: Rule /Common/Test : We are on TMM0 now. ACCESS command took 15 clicks
tmm[13406]: Rule /Common/Test : Path: /renderer/agent_message_box_form.eui
tmm1[13406]: Rule /Common/Test : Path: /my.policy
tmm1[13406]: Rule /Common/Test : Path: /renderer/agent_irule_event_form.eui
tmm1[13406]: Rule /Common/Test : We are on TMM1 now. ACCESS command took 201 clicks
tmm1[13406]: Rule /Common/Test : Path: /renderer/agent_message_box_form.eui
tmm[13406]: Rule /Common/Test : Path: /my.policy
tmm[13406]: Rule /Common/Test : Path: /renderer/agent_irule_event_form.eui
tmm[13406]: Rule /Common/Test : We are on TMM0 now. ACCESS command took 16 clicks
tmm[13406]: Rule /Common/Test : We are on TMM0 now. ACCESS command took 14 clicks
tmm[13406]: Rule /Common/Test : Path: /vdesk/hangup.php3
tmm1[13406]: Rule /Common/Test : Path: /
tmm1[13406]: Rule /Common/Test : APM session initialized on TMM1. ACCESS command took 14 clicks
tmm1[13406]: Rule /Common/Test : Path: /my.policy
tmm1[13406]: Rule /Common/Test : Path: /renderer/agent_irule_event_form.eui
tmm1[13406]: Rule /Common/Test : We are on TMM1 now. ACCESS command took 12 clicks
tmm1[13406]: Rule /Common/Test : Path: /renderer/agent_message_box_form.eui
tmm1[13406]: Rule /Common/Test : Path: /my.policy
tmm1[13406]: Rule /Common/Test : Path: /renderer/agent_irule_event_form.eui
tmm1[13406]: Rule /Common/Test : We are on TMM1 now. ACCESS command took 16 clicks
tmm1[13406]: Rule /Common/Test : Path: /renderer/agent_message_box_form.eui
tmm[13406]: Rule /Common/Test : Path: /my.policy
tmm[13406]: Rule /Common/Test : Path: /renderer/agent_irule_event_form.eui
tmm[13406]: Rule /Common/Test : We are on TMM0 now. ACCESS command took 611 clicks
tmm[13406]: Rule /Common/Test : We are on TMM0 now. ACCESS command took 564 clicks
tmm[13406]: Rule /Common/Test : Path: /vdesk/hangup.php3
tmm[13406]: Rule /Common/Test : Path: /
tmm[13406]: Rule /Common/Test : APM session initialized on TMM0. ACCESS command took 12 clicks
tmm[13406]: Rule /Common/Test : Path: /my.policy
tmm[13406]: Rule /Common/Test : Path: /renderer/agent_irule_event_form.eui
tmm[13406]: Rule /Common/Test : We are on TMM0 now. ACCESS command took 16 clicks
tmm[13406]: Rule /Common/Test : Path: /renderer/agent_message_box_form.eui
tmm1[13406]: Rule /Common/Test : Path: /my.policy
tmm1[13406]: Rule /Common/Test : Path: /renderer/agent_irule_event_form.eui
tmm1[13406]: Rule /Common/Test : We are on TMM1 now. ACCESS command took 205 clicks
tmm1[13406]: Rule /Common/Test : Path: /renderer/agent_message_box_form.eui
tmm1[13406]: Rule /Common/Test : Path: /my.policy
tmm1[13406]: Rule /Common/Test : Path: /renderer/agent_irule_event_form.eui
tmm1[13406]: Rule /Common/Test : We are on TMM1 now. ACCESS command took 193 clicks
tmm1[13406]: Rule /Common/Test : We are on TMM1 now. ACCESS command took 105 clicks
tmm1[13406]: Rule /Common/Test : Path: /vdesk/hangup.php3
Note: Keep in mind that those informations are based on reverse engineerings. They may or may not be 100% acurate, but for now it seems they are at least 99% correct... 😉
Cheers, Kai