OneConnect & Multiple Request in the Same TCP Connection

Question

On an F5 VIP listening on port 443 and no ssl offloading, does the connection to the back end use connection re-use or this is only available when one connect is implemented. is it correct that if one connect is turned on and one tcp connection multiple http requests in it, will have those multiple requests load balanced between the servers in the pool? If this is true, how does the load balancer keep track of each request sent to the different servers but previously initiated by the same source under a single tcp connection. What I'm seeing is in a pool of 4 servers at different intervals of testing one of the servers in the pool will show 0 connections and then that changes with another server showing 0 but the rest getting the connections. I'm thinking One Connect will resolve this?

surgeon · Answer

if you are not offloading ssl and no http profile is not applied, oneconnect will not work as expected. if you want full functionality then you need to do ssl off-load and apply http profile. &nbsp;
if you apply oneconnect on the vip which uses ssl services then you may get an issue with that service.
In your case big-ip will not be able to track http flow since traffic is encrypted. it will use TCP connection only for tracking.&nbsp;
The problem is, your client tries to initiate ssl session with a pool member. In order to use oneconnect big-ip need to maintain ssl session on the back-end side, which it can not due due to ssl bypass&nbsp;

surgeon · Answer

OK, what oneconnect does it reuses the tcp session on the server side.
Assume next situation. There is no connection to the server side yet.
You are pipelining 5 concurrent http requests in one tcp connection. At this stage LB will be made based on HTTP requests, not TCP connection. The 1st request will go to pool 1, 2d to pool 3 etc.&nbsp;
Back-end servers replied for all the requests. Big-ip drops the connection on the client side, but keeps connection opened on the server side.&nbsp;
Now the 2d butch is arriving. Big-ip will not create new TCP connection, it will reuses existing, opened connection on the server side and will send HTTP request via the existing tcp connection, so reducing the time for establishing new TCP session.&nbsp;
Requirements for oneconnect - your back-end servers must support http piplining and keep-alive&nbsp;

surgeon · Answer

So, it is going to be in the next way.
HTTP pipeline of 5 requests comes in. Big-ip checks for persistence. No persistence check for the opened connection with the next pool member according LB algorithm. If there is opened connection, then re-use it for the 1st http request. Second HTTP request comes in using the same TCP connection on the client side. Now, LB algorithm takes HTTP request into account (not tcp connection). Checks for the next pool member according LB. If there is an opened tcp connection, reuse it, no connection - open a new one.&nbsp;
This is true until you apply persistence profile. In case of persistence all the requests from the same client will go to the same pool member.&nbsp;
Oneconnect marge http request from different client on the same tcp connection on the server side. In the packet capture in one tcp flow you can see multiple http requests and replies designed for several clients. This is why your servers need support HTTP pipeline to merge http requests into one tcp connection and http keep-alive to keep the server side connection opened.&nbsp;

Forum Discussion

OneConnect & Multiple Request in the Same TCP Connection

3 Replies

Recent Discussions

preserve client IP on layer 4 VIP

Failed to convert character dclid=%EDclid!

ASM - Parent policy vs OWASPcompliance

Rewrite uri translation not working

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

Related Content

Use F5 Distributed Cloud to Connect Apps Running in Multiple Clusters and Sites

What is HTTP Part VII - OneConnect

Lightboard Lessons: OneConnect

How OneConnect Profile's max-size works

Multiple Kubernetes Clusters and Path-Based Routing with F5 Distributed Cloud