Forum Discussion

Stefan_Klotz's avatar
Stefan_Klotz
Icon for Cumulonimbus rankCumulonimbus
Aug 12, 2011

drawbacks of using OneConnect

Hi,

 

based on our experiences from the past we realized that it's very often necessary to have a OneConnect profile (especially with /32 mask) configured for the virtual server to run correctly or in some other situations to avoid server side access log error messages, because it reduces the amount of serverside TCP-connections.

 

Therefor I want to ask if there are any drawbacks (and if yes which ones), if we would decide to configure a /32-OneConnect profile for EVERY new virtual server.

 

Please let me know your thoughts about this.

 

Thank you!

 

 

Ciao Stefan :)

 

  • Hi Stefan,

     

     

    I try to do it by default for any HTTP/S based service. I guess some apps which validate requests based on TCP connection instead of HTTP tokens like cookies or headers might have authentication issues, but I've never run into one personally.

     

     

    I think there used to be an issue with OneConnect and NTLM auth but I haven't tested this on a current LTM version.

     

     

    Aaron
  • One extra benefit that I just thought of today (but haven't verified via traces yet) is that I believe OneConnect can help back end throughput as opposed to just helping with the setup/teardown overhead.

     

     

    If your're doing lots of quickly-served, short connections, it's possible that they don't stick around long enough to get out of the slow-start phase of a connection. But if you've got a OneConnect socket that has been around for a while and moved a bunch of data, you'll be well past the slow-start phase and pushing data optimally across that socket.

     

     

    Obviously HTTP 1.1 keep-alives should have the same effect...

     

     

    --Matt