Forum Discussion
Stefan_Klotz
Cumulonimbus
Cumulonimbusdrawbacks of using OneConnect
Hi,
based on our experiences from the past we realized that it's very often necessary to have a OneConnect profile (especially with /32 mask) configured for the virtual server to run correctly or in some other situations to avoid server side access log error messages, because it reduces the amount of serverside TCP-connections.
Therefor I want to ask if there are any drawbacks (and if yes which ones), if we would decide to configure a /32-OneConnect profile for EVERY new virtual server.
Please let me know your thoughts about this.
Thank you!
Ciao Stefan :)
2 Replies
hoolioCirrostratus
Hi Stefan,
I try to do it by default for any HTTP/S based service. I guess some apps which validate requests based on TCP connection instead of HTTP tokens like cookies or headers might have authentication issues, but I've never run into one personally.
I think there used to be an issue with OneConnect and NTLM auth but I haven't tested this on a current LTM version.
Aaron
L4L7_53191Nimbostratus
One extra benefit that I just thought of today (but haven't verified via traces yet) is that I believe OneConnect can help back end throughput as opposed to just helping with the setup/teardown overhead.
If your're doing lots of quickly-served, short connections, it's possible that they don't stick around long enough to get out of the slow-start phase of a connection. But if you've got a OneConnect socket that has been around for a while and moved a bunch of data, you'll be well past the slow-start phase and pushing data optimally across that socket.
Obviously HTTP 1.1 keep-alives should have the same effect...
--Matt
