Forum Discussion
smp_86112
Cirrostratus
CirrostratusOneConnect and Persistence for HTTP App
We've got an HTTP web service which is getting really uneven load distribution, to the point of causing outage on some of the pool members. The clients of the web service do not support Cookies (they do not honor the Set-Cookie header), so we have been resigned to using Source Address. The problem is that much of the load is coming from multiple applications on a single source address, and I need to come up with a way to more evenly distribute the load with the LTM. So my thought is to use OneConnect. Since the documentation seems to be written for a different use case, I can't quite get a handle on how it works exactly so I'm not sure if it would resolve the issue or not.
When I apply a OneConnect profile to an HTTP VS, *my understanding* of the doc is that the LTM makes load-balancing decisions on a "per-request" basis. If that's true, what I can't figure out is how the LTM keep track of which pool member any particular request was sent to - what in the request does the LTM keep track of, and where is it stored?
nitass_89166Noctilucent
i don't think oneconnect will make even load distribution.
for oneconnect, i don't know where bigip keeps track of each request/response. anyway, when i am checking packet capture file, i usually use f5 internal fields, i.e. flow id, peer id, to map between client-side and server-side flow.
sachin_80710Nimbostratus
Hi Nitass, Pls can you explain how to map client-side and server-side flow in wireshark, i'm using f5ethtrailer.dll f5 plugin, also i can see addition f5 details in wireshark. But very hard to map client side request to server side request.- nitass_89166clientside's flow id will be serverside's peer id. you may try "f5ethtrailer.anyflowid == " as a filter. sol13637: Capturing internal TMM information with tcpdump https://support.f5.com/kb/en-us/solutions/public/13000/600/sol13637
- sachin_80710Thank you Nitass, I will try this.
nitassEmployee
i don't think oneconnect will make even load distribution.
for oneconnect, i don't know where bigip keeps track of each request/response. anyway, when i am checking packet capture file, i usually use f5 internal fields, i.e. flow id, peer id, to map between client-side and server-side flow.- sachin_80710Hi Nitass, Pls can you explain how to map client-side and server-side flow in wireshark, i'm using f5ethtrailer.dll f5 plugin, also i can see addition f5 details in wireshark. But very hard to map client side request to server side request.
- nitassclientside's flow id will be serverside's peer id. you may try "f5ethtrailer.anyflowid == " as a filter. sol13637: Capturing internal TMM information with tcpdump https://support.f5.com/kb/en-us/solutions/public/13000/600/sol13637
- sachin_80710Thank you Nitass, I will try this.
HamishCirrocumulus
What about persisting on something else in the XML? Such as userid? What sort of auth is the app using? If browser basic you could just use the HTTP authentication header...
H- HamishHmm... if the app doesn't support cookies (STrange), then there's no session information (No JSESSIONID etc). So no state. WHich means that it probably wouldn't care if you round-robined and didn't care about the persistence... Does it absolutely need it?
H 
smp_86112That is my understanding, yes, though there are details I have yet to understand about this app. But my uncertainty is really more related to the details of how OneConnect works. It seems to have a mechanism to differentiate between requests from different clients that are sent a single, shared TCP connection, or at least from a shared IP address. That's the detail I'd like to understand better.- Chris_Miller
Altostratus
OneConnect won't help you with load distribution if you're using source address persistence. As soon as a user makes a connection to LTM, we're going to make a load balancing decision and create a persistence entry for that user -> server mapping. When the user makes another request, we'll notice they have a persistence entry for that server and we'll choose an idle TCP connection over which to send their request.
OneConnect's value-add with load distribution is around non-persistence applications. Even if a VIP doesn't have a persistence profile, we'll still create an L4 connection that basically maps them to a server. With a OneConnect profile, the LTM will detach the server-side connection after every single request which means for HTTP traffic, we're load balancing L7 Requests rather than L4 connections.
Hopefully that makes a bit more sense? - smp_86112Thanks for responding. I was already committed to getting rid of Source Address persistence anyway, so I wasn't planning to use both.
we're load balancing L7 requests rather than L4 connections
So the LTM makes a load-balancing decision based on L7 request - conceptually I get that. How does that picture change when Cookie peristence is added? - smp_86112I don't know...this article seems to describe the behavior I'm looking to understand. But while the clients may have the same source address, I think the connections are coming on different TCP connections. So I'm thinking this won't help either:
http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_configuration_guide_10_1/ltm_persist_profiles.html?sr=17542426 - Chris_MillerWith OneConnect, we're seeing the persistence cookie in the HTTP request and are simply persisting the user to the right pool. Without OneConnect, we're technically only looking at the first L7 request for cookie persistence so could conceivably ignore subsequent ones as we're only looking at L4.
- smp_86112So without OneConnect, the LTM sets the cookie on the first L7 response, only looks at the cookie value in the next L7 request, and then ignores the persistence cookie for subsequent L7 requests? And with OneConnect, the persistence cookie value is evaluated in each L7 request?
