Forum Discussion

Cristian_Gal's avatar
Cristian_Gal
Icon for Nimbostratus rankNimbostratus
Nov 28, 2014

SNAT with oneconnect

I have the following scenario, standard HTTPS VS with snat pool (4 ip addresses) that load balance to 4 servers in the back end (ssl offload). Oneconnect profile is applied with 255.255.255.255. All idle timeouts are set to 60seconds. Load balance is round robin and persistence is based on ssl. The setup works fine, 1000 inbound connections and about 50 back end connections.

 

Now the issue is that when from one client I open 500 connections I get around 500 new back end connections, on each connection I only perform one GET. I cannot explain this since oneconnect should minimize the number of back end connections, and it does, but not for this specific test. Does anyone has an idea why this is happening ?

 

application delivery
LTM
performance

2 Replies

Sort By
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Nov 28, 2014

    Now the issue is that when from one client I open 500 connections I get around 500 new back end connections, on each connection I only perform one GET.

     

    did you fire them in parallel or sequential?

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Nov 30, 2014

    it seems okay here. do you have any special configuration?

     configuration

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:80
    ip-protocol tcp
    mask 255.255.255.255
    pool foo
    profiles {
        http { }
        myoneconnect { }
        tcp { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 3
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm profile one-connect myoneconnect
ltm profile one-connect myoneconnect {
    app-service none
    source-mask 255.255.255.255
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
    members {
        200.200.200.101:80 {
            address 200.200.200.101
        }
    }
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
    when CLIENT_ACCEPTED {
  log local0. [IP::client_addr]:[TCP::client_port]
}
when SERVER_CONNECTED {
  log local0. [IP::local_addr]:[TCP::local_port]
}
}

 test by generating 500 requests from 1 client (ab -n 500 -c 1 http://172.28.24.10/)

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) show ltm profile one-connect myoneconnect

-------------------------------------
Ltm::OneConnect Profile: myoneconnect
-------------------------------------
Virtual Server Name  N/A

Connections
  Current Idle         2
  Maximum              4
  Total Reuses       494
  New                  6

[root@ve11a:Active:In Sync] config  grep -i client_accepted /var/log/ltm | grep 172.28.24.8 | wc -l
500

[root@ve11a:Active:In Sync] config  grep -i server_connected /var/log/ltm | wc -l
6