Forum Discussion

voxbox's avatar
voxbox
Icon for Nimbostratus rankNimbostratus
Oct 08, 2024

LTM - Connection limit not respected

Hi,   I setup a very basic LTM. Type Standard. TCP + HTTP + OneConnect default profiles. Going to 2 different pools in the backend.   I set a connection limit of 10.   When doing some tests, I ...
  • Heath_Parrott's avatar
    Oct 08, 2024

    Hi,

    F5 BIG-IP is based on Clustered Multiprocessing where traffic needs to be distributed across the CPUs, this is referred to as disaggregation. The connection limit is divided across the number of TMMs running in the system.   If you set a connection limit of 16 and your system has 16 TMMs you can hit the connection limit if all your traffic lands on the same TMM.  Traffic is distributed to the different TMMs based on the disaggregation hash.   If your testbed is using a limited number of servers to generate traffic you will also only leverage a limited number of TMMs.  Other behavior that can impact how traffic flows is many load generators are based on the linux kernel, many kernels have a source port stride of 2 (IE if the first connection is on an odd port the rest of the outgoing connections will be on an odd port, same pattern if you start on an even port).    The behavior you are seeing is expected and you will need to increase the distribution of entropy (IP address and source ports) to create an accurate test as the system is designed to handle a large number of clients and a large number of connections creating a large array of entropy in how the connections present on the client side.  For example my own test bed consisted of a a locust web traffic array that runs on 5 servers with 360 CPUs to generate traffic entropy.  For a non-production system you can disable the CMP processing on a virtual server with the following commands : tmsh modify ltm virtual <virtual server name> cmp-enabled no  then tmsh save /sys config