Forum Discussion

Stefan_Klotz's avatar
Icon for Cumulonimbus rankCumulonimbus
Aug 12, 2011

drawbacks of using OneConnect



based on our experiences from the past we realized that it's very often necessary to have a OneConnect profile (especially with /32 mask) configured for the virtual server to run correctly or in some other situations to avoid server side access log error messages, because it reduces the amount of serverside TCP-connections.


Therefor I want to ask if there are any drawbacks (and if yes which ones), if we would decide to configure a /32-OneConnect profile for EVERY new virtual server.


Please let me know your thoughts about this.


Thank you!



Ciao Stefan :)


2 Replies

  • Hi Stefan,



    I try to do it by default for any HTTP/S based service. I guess some apps which validate requests based on TCP connection instead of HTTP tokens like cookies or headers might have authentication issues, but I've never run into one personally.



    I think there used to be an issue with OneConnect and NTLM auth but I haven't tested this on a current LTM version.



  • One extra benefit that I just thought of today (but haven't verified via traces yet) is that I believe OneConnect can help back end throughput as opposed to just helping with the setup/teardown overhead.



    If your're doing lots of quickly-served, short connections, it's possible that they don't stick around long enough to get out of the slow-start phase of a connection. But if you've got a OneConnect socket that has been around for a while and moved a bunch of data, you'll be well past the slow-start phase and pushing data optimally across that socket.



    Obviously HTTP 1.1 keep-alives should have the same effect...