Forum Discussion
iRule + profiles driving up resources
Prior to introducing the iRule and the second service, the VS was configured simply with a TCP profile, and although the number of connections are high, around 80k, resource utilization was very low.
The iRule requires http inspection, so I enabled the http and OneConnect Host-based profiles on the VS.
The number of connections hasn't changed, still around 80k, but since enabling the iRule with the additional profiles, resource utilization has gone through the roof. TMM quickly rises to it's 90% cap and stays there all day. We're investigating some failover events and RST messages from the ltm logs, and performance is perceived to be degraded.
My question is: Can I modify any of the profile attributes, or the iRule to alleviate the high resource consumption?
Thanks!
The iRule:
when RULE_INIT {
Debug toggle- zero = off, one = on
set ::DEBUG 0
Bluecoat pool HTTP-PROXY_80
PITC pool HTTP-PROXY-IRONPORT
}
when HTTP_REQUEST {
if { [matchclass [IP::client_addr] equals ::Pilot_Subnets] } {
if {$::DEBUG} {log local0.info "MozyX-1.0 PITC Client [IP::client_addr]"}
if { [HTTP::header "User-Agent"] contains "mozycorp-windows/1.8" } {
if {$::DEBUG} {log local0.info "MozyX-1.1 Caught Old Mozy: [HTTP::header "User-Agent"]"}
if {$::DEBUG} {log local0.info "MozyX-1.2 Method [HTTP::method]"}
if {$::DEBUG} {log local0.info "MozyX-1.3 Host: [HTTP::host]"}
if {$::DEBUG} {log local0.info "MozyX-1.4 URI: [HTTP::uri]"}
pool HTTP-PROXY_80 member 3.56.142.241 80
} else {
if {$::DEBUG} {log local0.info "MozyX-2.0 [HTTP::uri]"}
pool HTTP-PROXY-IRONPORT
}
} else {
if {$::DEBUG} {log local0.info "MozyX-3.0 Not a PITC client [IP::client_addr] sent [HTTP::host]"}
pool HTTP-PROXY_80
}
}
when LB_SELECTED {
if {$::DEBUG} {log local0.info "MozyX-4.0 LB_Selected Chose [LB::server pool], [LB::server addr]"}
}
- hooleylistCirrostratusIf it's such a big performance hit, you could create a separate virtual server for the pilot subnets and not use an iRule on either virtual server. Else, you could optimize the iRule slightly by removing the debugging altogether:
when HTTP_REQUEST { if { [matchclass [IP::client_addr] equals Pilot_Subnets] } { if { [HTTP::header "User-Agent"] contains "mozycorp-windows/1.8" } { pool HTTP-PROXY_80 member 3.56.142.241 80 } else { pool HTTP-PROXY-IRONPORT } } else { pool HTTP-PROXY_80 } }
- frank_combopia1NimbostratusThanks for the quick reply. I neglected to mention I'm using one VS so I can reuse the existing PAC file installed on these 1000s of clients.
I see now there's a lot of conditionals applied with the debugging, even if disabled. I'll drop them immediately.
Thanks!
- Chris_MillerAltostratusFrank - did you have a chance to reconfigure the rule? I'm curious what kind of CPU reduction you saw.
- frank_combopia1NimbostratusThanks for following up. I did; I stripped to the bare minimum. Unfortunately, there's no difference in TMM utilization, it's pegged at 90% all day.
- Chris_MillerAltostratusPosted By frank combopiano on 02/16/2011 02:02 PM
- frank_combopia1NimbostratusThe ltm log has about 140 of these over the last 16 hours:
- hooleylistCirrostratusHi Frank,
when CLIENT_ACCEPTED { Only check once per TCP connection if the client IP is part of the datagroup if { [matchclass [IP::client_addr] equals Pilot_Subnets] } { set pilot 1 } else { Assign the standard pool now set pilot 0 pool HTTP-PROXY_80 } } when HTTP_REQUEST { Check if the client IP if {$pilot == 1 }{ if { [HTTP::header "User-Agent"] contains "mozycorp-windows/1.8" } { pool HTTP-PROXY_80 member 3.56.142.241 80 } else { pool HTTP-PROXY-IRONPORT } } }
- hooleylistCirrostratusOr you could squeeze out a few more cycles by disabling HTTP_REQUEST for matching IP addresses (assuming you don't have any other iRules running on the virtual server that use the HTTP_REQUEST event):
when CLIENT_ACCEPTED { Only check once per TCP connection if the client IP is part of the datagroup if { not [matchclass [IP::client_addr] equals Pilot_Subnets] } { Assign the standard pool now and prevent HTTP_REQUEST code from running pool HTTP-PROXY_80 event HTTP_REQUEST disable } } when HTTP_REQUEST { This code only gets executed if the client IP was in the datagroup if { [HTTP::header "User-Agent"] contains "mozycorp-windows/1.8" } { pool HTTP-PROXY_80 member 3.56.142.241 80 } else { pool HTTP-PROXY-IRONPORT } }
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com