Forum Discussion
NimbostratusDelay in application with port 443
Hi I have a delay of 21 seconds in my web application when I configured my VS.
Befor the architecture was
FW-->load balancer fortigate-->web servers
Now Fw-->F5 ASM-->load balancer fortigate-->web servers
I configure a standard vs with port 443, and my node is the fortigate, I don't know why have a delay of 21 s, I try to chenge one conect, or with tcp lan optimized protocol but always the result is the same.
I use a tcpdump and see that the response of the load balancer delay; I don't know if with this test I can think that the problem is the load balancer.
The IP: 10.80.100.4 is the ip of load balancer The IP: 10.80.100.1 is the self ip internal floating of f5
13:23:28.150328 IP 10.80.100.4.https > 10.80.100.1.51267: Flags [P.], seq 3637:4218, ack 1055, win 63421, options [nop,nop,TS val 1046480952 ecr 691152659], length 581 in slot1/tmm1 lis=/Common/vs_preproduccion
13:23:28.150345 IP 10.80.100.1.51267 > 10.80.100.4.https: Flags [.], ack 4218, win 8357, options [nop,nop,TS val 691152662 ecr 1046480952], length 0 out slot1/tmm1 lis=/Common/vs_preproduccion
13:23:28.154641 IP 10.80.100.1.51267 > 10.80.100.4.https: Flags [P.], seq 1055:1780, ack 4218, win 8357, options [nop,nop,TS val 691152666 ecr 1046480952], length 725 out slot1/tmm1 lis=/Common/vs_preproduccion
13:23:28.218485 IP 10.80.100.4.https > 10.80.100.1.51267: Flags [.], ack 1780, win 64296, options [nop,nop,TS val 1046480959 ecr 691152666], length 0 in slot1/tmm1 lis=/Common/vs_preproduccion
13:23:49.195053 IP 10.80.100.4.https > 10.80.100.1.51267: Flags [.], seq 4218:5586, ack 1780, win 64296, options [nop,nop,TS val 1046483056 ecr 691152666], length 1368 in slot1/tmm1 lis=/Common/vs_preproduccion
13:23:49.195067 IP 10.80.100.4.https > 10.80.100.1.51267: Flags [.], seq 5586:6954, ack 1780, win 64296, options [nop,nop,TS val 1046483056 ecr 691152666], length 1368 in slot1/tmm1 lis=/Common/vs_preproduccion
13:23:49.195071 IP 10.80.100.4.https > 10.80.100.1.51267: Flags [.], seq 6954:8322, ack 1780, win 64296, options [nop,nop,TS val 1046483056 ecr 691152666], length 1368 in slot1/tmm1 lis=/Common/vs_preproduccion
13:23:49.195074 IP 10.80.100.4.https > 10.80.100.1.51267: Flags [.], seq 8322:9690, ack 1780, win 64296, options [nop,nop,TS val 1046483056 ecr 691152666], length 1368 in slot1/tmm1 lis=/Common/vs_preproduccion
13:23:49.195077 IP 10.80.100.4.https > 10.80.100.1.51267: Flags [.], seq 9690:11058, ack 1780, win 64296, options [nop,nop,TS val 1046483056 ecr 691152666], length 1368 in slot1/tmm1 lis=/Common/vs_preproduccion
13:23:49.195079 IP 10.80.100.4.https > 10.80.100.1.51267: Flags [.], seq 11058:12426, ack 1780, win 64296, options [nop,nop,TS val 1046483056 ecr 691152666], length 1368 in slot1/tmm1 lis=/Common/vs_preproduccion
13:23:49.195105 IP 10.80.100.1.51267 > 10.80.100.4.https: Flags [.], ack 12426, win 16565, options [nop,nop,TS val 691173706 ecr 1046483056], length 0 out slot1/tmm1 lis=/Common/vs_preproduccion
13:23:49.196009 IP 10.80.100.4.https > 10.80.100.1.51267: Flags [P.], seq 12426:13199, ack 1780, win 64296, options [nop,nop,TS val 1046483057 ecr 691173706], length 773 in slot1/tmm1 lis=/Common/vs_preproduccion
13:23:49.196028 IP 10.80.100.1.51267 > 10.80.100.4.https: Flags [.], ack 13199, win 17338, options [nop,nop,TS val 691173707 ecr 1046483057], length 0 out slot1/tmm1 lis=/Common/vs_preproduccion
13:23:49.222566 IP 10.80.100.1.51287 > 10.80.100.4.https: Flags [S], seq 2386230381, win 4140, options [mss 1380,nop,nop,TS val 691173734 ecr 0,sackOK,eol], length 0 out slot1/tmm1 lis=/Common/vs_preproduccion
Thanks for you recommendations
JGCumulonimbus
Not directly answering your question, but I'd say that you could simplify your network topology and go End-User -> F5 ASM -> Web servers.
youssef1Hello Ricardo,
As Advise you Jie, you can begin to remove Fortigate LB from your chain. this will allow you to see if the latency originated from fortigate.
Then In your TCP profile can you disable "Nagle's Algorithm". I already had a similar problem with this algo which generated a lot of latency.
On F5 you can also check if you have some error on Network -> Interface -> Statistic...
Check also look at the speed of interfaces F5 and Fortigate...
Regards