Forum Discussion
NimbostratusHTTP traffic slow when access via LTM
I am trying to put together a POC to replace our ELB's in AWS with some f5 LTM's.
Whilst i have been able to set up two VS's (one http->http the other https->http) i have found that the performance is significantly slower when using the f5 compared to the ELB.
Changing profiles to Performance L4 on the http->http VS has netted some gains, but as this is ultimately meant to host an irule to redirect http to https this is not really useful. Further to this it does not help on the https VS.
To give you an indication of the slow down, a ~20kb file takes over 7 seconds to transfer, 158ms of that is in the connection, the rest is receiving.
To rule it out i have disabled all Irules and i am just trying to get a basic HTTPS offload to perform to an acceptable level, but i cant see that happening while http->http runs so slow.
7 Replies
JGCumulonimbus
I hope this is not a typical phenomenon, although I wouldn't be surprised if it is. How is CPU and memory usage on the system? Is the system licensed?
Yann_DesmarestCirrus
Hello,
You can see some slowness behavior when you have standard VS and custom TCP profiles.
Please check that Nagle Algorithm is disabled.
What_Lies_Bene1Cirrostratus
There's a huge number of TCP related parameters we can tweak but in the first instance can I ask you do a traceroute and confirm the path the traffic takes from client to LB to server and ensure its optimal and as expected?
Also, as @Jie indicated, some detail on resource usage would be useful, as well as an idea of the EC2 instance setup around CPU, instance type, memory etc.
SimonBeckett_17Thanks all. I did some googling prior to posting and saw the suggestions to disable nagle so i had done that prior to posting.
As for resources: Instance type m3.xlarge (4 vCPU, 15G ram, SSD's with provisioned 3000 iops) There is little to no traffic on this instance currently as i am the only one using it for testing purposes. Current system Stats 0% CPU 14% Mem
Config and network design Located in AWS VPC 1 management + 2 Self IP's Elastic IP --> External VLAN Self IP (10.0.10.250) --> VS --> Internal VLAN Self IP (10.0.8.253) --> nodes (10.0.6/7.0/24) Routes 0.0.0.0 to external VLAN 10.0.0.0/16 to internal VLAN via 10.0.8.1 (default gateway)
As the network design in very simple there doesnt appear to be unwanted hops route wise.
Test VS.
ltm virtual www-au-prod { description "AU Homepage NO SSL" destination 10.0.10.250:http ip-protocol tcp mask 255.255.255.255 pool myaccount-prod profiles { tcp-lan-optimized { } } source 0.0.0.0/0 source-address-translation { pool Web-SNAT type snat } vs-index 2 } ltm pool myaccount-prod { description "My Account Prod" load-balancing-mode least-connections-member members { myaccountprod01:webcache { address 10.0.6.152 monitor myaccount-home session monitor-enabled state up } myaccountprod02:webcache { address 10.0.7.197 monitor myaccount-home session monitor-enabled state up } } monitor myaccount-home } ltm node myaccountprod01 { address 10.0.6.152 description "My Account Prod 01" session monitor-enabled state up } ltm node myaccountprod02 { address 10.0.7.197 description "My Account Prod 02" session monitor-enabled state up }- antienho_01_141Hi Simon, Can you share the TMOS version you have? I try to simulate your setting but with mine 11.4.1; I have protocol profile tcp but not in your tmsh cli cfg. Thanks Antien Ho
- SimonBeckett_17VersionBIG-IP 11.5.1 Build 0.4.110 Engineering Hotfix CPU Count4 Active CPUs4 That ok?
- What_Lies_Bene1
Thanks for the info Simon. Sorry its taken me so long to respond. Can I suggest a few things;
- Can you measure the RTT from wherever you are testing - is that an issue?
- Can you test from a host also attached to the external subnet, within the VPC?
- Can you try switching to a FastL4 or FastHTTP VS?
- Can you try with the wan-optimized profile instead, on the client facing side?
What's the server routing look like?
Why are you using SNAT?
