Forum Discussion
Tim_Pearson_917
Nimbostratus
NimbostratusOne HTTPS virtual to several HTTPS pools
I am trying to write an iRule to take traffic from an HTTPS virtual (SSL terminated on the F5) and distribute the traffic to the correct pool based on the URI information. Currently, there are only 2...
Try enabling a OneConnect profile on the virtual server.
Without OneConnect enabled, only the first request in a Keep-Alive connection is parsed for persistence data, so if multiple requests are sent on the same clientside Keep-Alive connection, LTM will persist them all to the same destination as the first.
OneConnect configured with the default mask of 0.0.0.0 will result in the most efficient connection pooling, allowing any idle serverside connection to be re-used for any new clientside request, significantly reducing the number of serverside connections. However, re-used serverside connections retain the source IP of the original client, which results in some very misleading server log entries unless you are also SNATing all connections.
A OneConnect profile with host mask (255.255.255.255) will allow parsing of all requests and serverside connections will only be re-used for the same client. Without SNAT, OneConnect with a host mask (255.255.255.255) keeps the source address info in the server logs consistent with reality.
OneConnect with any mask will be more efficient than none at all, since handshake overhead for your servers will be reduced (unless all your clients are using Keepalives,in which case it's a wash).
HTH
/deb
