Forum Discussion
pjcampbell_7243
Feb 07, 2011Cirrus
Offload a specific outbound ssl request?
Hi all
We have an issue where when our code goes out to check a 3rd party vendor for product inventory via HTTPS directly from the Java/apache webserver, the load spikes.
We could have 100 users hitting the DB on a single web server, no problem. As soon as we have X (a VERY small number) users simultaneously checking 3rd party inventory, the server load spikes.
The problem seems to be linear, that the load gets higher and machine gets slower as the number goes up until it is too slow to accept a new connection and we get timeouts.
I cannot say for sure that this is an SSL issue but I wanted to try to have the programmers change their request to plaintext.
Could I setup a local VIP on the BIGIP with the pool member being the 3rd parties IP and use server SSL to connect?
I believe I have tried to use non-local IPs as pool members before and it does not seem to work (maybe strictly a configuration issue on our end). Is there any reason why and any other suggestions?
- hooleylistCirrostratusWhich load spikes? Is it LTM or the servers?
- Thank you and sorry, it's the web server load that spikes.
- hooleylistCirrostratusThat seems like a reasonable test to try. You can use the default server SSL profile as long as the remote pool member doesn't require a client cert. If that's the case, then you'd want to create a custom server SSL profile with the client cert configured.
- how do we determine which interface the outbound 3rd party request will go out of? on the bigip, we have 2 default routes?
- Active] ~ tracepath www.google.com/80
- Ok I got it so that I can connect to my remote IP from the BIGIP - now why does it not find that pool member (the remote IP) as "active" . my check is TCP_443 - which it responds to....
- Hi Again
- Michael_YatesNimbostratusHi pjcampbell,
- I cheated and called support
- Michael_YatesNimbostratusGetting the right answer to your problem is never cheating on here :-)
Recent Discussions
Related Content
Â
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects