Forum Discussion
NimbostratusF5 Bigip 2000s
Hi,
What is the max open tcp session on bigip2000s? On tech data sheet it only shows tcp connections per second. I need the max open tcp connection that the device can handle. On 3900 after 100k open sessions with 1.8 Gbps prod traffic. It hits %100 cpu and dispatched the traffic to passive node with failover. Note: 120 Nodes, 60 pools, 40 irules, 35 vservers used.
So I need to know the max tcp session to purchase new one and divide the lan and wan side load balancing. Any help will be appriciated.
13 Replies
- That figure will depend a lot on what you are doing. For example, irules need CPU cycles to execute. Each connection is kept in the connection table needs memory.. the amount of memory you have will matter here. TCP buffers, will use memory... persistence records... so it is hard to arrive at a hard figure here. the 3900 and the 2000s look pretty identical in terms of hardware, barring any architectural improvements that might mean slightly higher performance from the newer 2000s, so you might expect the same or better from the 2000s.
- I would expect the 2000s to fare better. YOu should check your memory usage too and see if you're maxing out... if you are, you might be better served with a platform that supports more memory.
That figure will depend a lot on what you are doing. For example, irules need CPU cycles to execute. Each connection is kept in the connection table needs memory.. the amount of memory you have will matter here. TCP buffers, will use memory... persistence records... so it is hard to arrive at a hard figure here.
The 3900 and the 2000s look pretty identical in terms of hardware, barring any architectural improvements that might mean slightly higher performance from the newer 2000s, so you might expect the same or better from the 2000s
maximillean_953Memory is not maxing out but the cpu and once its maxed out it switches the passive as active.
- what software version? Also when you peek at "top" output, what processes are the top 8?
- Usually, when cpu maxes out, the process that triggers a failover kicks in because the traffic management module (tmm) is too busy processing traffic that it doesn't get the cpu cycles needed to update it's heartbeats, until the system watchdog decides to kill in order to force a failover. This is what happens in most cases. If you are using big irules, you might be able to see if there is any opportunity to optimize. Also make sure that all four CPU cores are being maxxed (and a lot of traffic is not being pinned to one CPU core due to irules performing operations that cause CMP to be demoted) -- Load your qkview into https://ihealth.f5.com to see if it mentions any CMP demotion under the diagnostics tab. Also, look at your configuration and see if you can be served by plain FastL4 profiles for some virtual servers -- basically any virtuals where you don't need to do any irule processing or for instance persistence on any high-level protocols than Layer 4 will benefit from being converted to fastL4
eey0reCirrostratus
The F5 specifications spreadsheet I have from April 2013 rates the 2000s at: 5M max concurrent connections, 75k L4 cps, 25k L7 cps, 5Gbps L4/L7 throughput.
(That's overall bit less than the 3900, which is 6M concurrent, 175k L4 cps, 50k L7 cps, though only 4Gbps L4/L7 throughput.)
These are raw TCP numbers, and likely under ideal conditions: everything using PVA where possible, no SNAT, minimal processing. There are various reasons you might see 100% CPU well before the above numbers - all do to with what you're doing with those connections such as HTTP profiles, iRules, compression (there is no hardware compression on 3900), etc.
Some more information on your configuration around these connections might help to size the right replacement appliance.
Also in V11.x, it's reasonably easy to split the load by moving a few virtual servers into a different traffic group and making that traffic group active on the peer unit. This way you split the load.
If you do this, you have to consider that fact that if anything happens to one of the units, then the full load falls back on the other one.
I would consider a 2000s to be a replacement for a 1600 for instance, and a 4000s to be a more suitable replacement for a 3900 (this is just my thinking though).
- eey0re_68979
Altocumulus
You still really need to look at the nature of your traffic though - SSL for example (3900: 15k tps, 4000s: 4.5k tps, 4200v: 45k tps). As always in IT - "it depends" :)
- maximillean_953
eey0re: thanks thats what i wanted to learn. 5M as stated but its impossible number when you run it on a production environment to reach this number. Packets has to be empty and has to do no processing and such to stay at the number 5M..!
That 5M number lowers to 100k concurrent before it switches to passive node.
I wrote here again and additional Note: 120 Nodes, 60 pools, 40 irules, 35 vservers used. 4k cps L4, 4k http req per second, 5/5-10 tps/session ssl per second.ALL Runs with snat automap. No compression set http profiles are default. No cache set. No ramcache usage. One connect is on for multiplexing. Only Http / mysql load balancing done. on the device.! All configured via F5 for best available usage. Irules are only for http - https switch I get the Irule from f5 too to bee best optimised. ASM is totally disabled when its on device does not see above 60k concurrent.
- eey0re_68979Datasheet figures are always idealised. The 5M is certainly achievable, but you would likely need to remove anything that causes CPU processing: in your case HTTP profiles and iRules and maybe SNAT. If your only iRule is the HTTPS redirect then I'd doubt it factors at all. 100k concurrent connections on a 3900 does not sound right though. On the CPU charts, are the cores showing equal load? Have you uploaded a QKView snapshot to iHealth?
hoolioWe can all speculate but with sizing production units, it helps to see a qkview uploaded to iHealth and see the exact configuration/traffic profile.
I'd contact your F5 or partner SE and ask for assistance as this should be a faster method for getting feedback.
Aaron
- maximillean_953
Thanks alot I leave from other company that has this 3900 issue so I don't know what they did. I work for different company now and we purchase 4200 for lan and 7200 for wan side of load balancing. Going to set in new year I think there will be alot of stuff to discuss.
Thanks friends for your opinions. Apologize to write so late.
