Forum Discussion
NimbostratusOne connect profile query.
Hello All,
Just for a better understanding of Oneconnect profile function, from the KB5911 I learned following line :
" OneConnect applies a mask (much like applying an independent subnet mask) to client source IP addresses on server-side connections."
My query: As soon as say Client (IP: 10.10.10.1) connects to a VS a source mask of 255.255.255.255 is assigned?
OR
It will evaluate the number of Client source IPs (say the second connection is from 10.10.10.2 or 10.20.20.1 ) and based on that source, the subnet mask will be calculated whether to apply 255.255.0.0 or 0.0.0.0.
Regards,
Dayesh
Dayesh_381792Just to add , or is the subnet mask is on the basis of source prefix length we configure in the profile?
Thanks.
I_R_101_110Cirrus
I may need correction - especially on the third point, but to my understanding:
A broad one connect mask such as all zeros informs the bigip to never load balance but to reuse the same idle tcp connection to the same backend server.This is especially the case when SNAT is enabled on the VIP because the decision to make a new backend tcp connection is applied after SNAT occurs.
A mask of 255.255.255.255 instructs the bigip to only reuse the same backend tcp connection for the same source ip. In this case, it opens an additional backend tcp connection for each new source ip connection.
A mask of 255.255.0.0 would only open a new backend tcp connection if the new source ip connection was not in the same /16 network as the source ip of the existing backend tcp connection.
wlopezCirrocumulus
As far as the oneconnect profile goes:
A mask of 0 (default value) causes the system to share reused connections across all source addresses.
A host mask of /32 (that is, all 1 values in binary) causes the system to share only those reused connections originating from the same source address.
You also need to take into account that persistence profiles and SNATs can affect if connections will be reused. When you are using a SNAT or SNAT pool, the server-side source address is translated first and then the OneConnect mask is applied to the translated address.
- Dayesh_381792
Thanks for your response Wlopez and Ngutierrez31
Hi Wlopez,
In that case, will the subnet mask of the OC profile will be decided on the basis of Original client source IP or on the basis of the SNAT IP/Pool as the source address will be changed after the SNAT?
Thanks
Regards,
Dayesh
- wlopez
If you have the both SNAT Automap or SNAT pool on the virtual server, and a oneconnect profile active on the virtual server, the egressing SNAT address on the server side will be the one that the BigIP will apply the oneconnect mask to.
Haven't done any captures of that configuration to validate this.
But that's what I would expect to happen.
- wlopez_98779
As far as the oneconnect profile goes:
A mask of 0 (default value) causes the system to share reused connections across all source addresses.
A host mask of /32 (that is, all 1 values in binary) causes the system to share only those reused connections originating from the same source address.
You also need to take into account that persistence profiles and SNATs can affect if connections will be reused. When you are using a SNAT or SNAT pool, the server-side source address is translated first and then the OneConnect mask is applied to the translated address.
- Dayesh_381792
Thanks for your response Wlopez and Ngutierrez31
Hi Wlopez,
In that case, will the subnet mask of the OC profile will be decided on the basis of Original client source IP or on the basis of the SNAT IP/Pool as the source address will be changed after the SNAT?
Thanks
Regards,
Dayesh
- wlopez_98779
If you have the both SNAT Automap or SNAT pool on the virtual server, and a oneconnect profile active on the virtual server, the egressing SNAT address on the server side will be the one that the BigIP will apply the oneconnect mask to.
Haven't done any captures of that configuration to validate this.
But that's what I would expect to happen.