oneconnect profile use

Question

Hi all,&nbsp;
I am  looking to make some changes to our oneconnect profile, and testing isn't going quite how I was expecting it too. &nbsp;
When I disable a node I am expecting to be able to reconnect while the oneconnect profile is valid, but once the Max Age is reached I would expect the connection to have to refresh so to speak and then see that the node is disabled and not be able to connect. However, this doesn't seem to be happening and I can just keep using it, even after some time. &nbsp;
New sessions see (or don't see as it may be) that the node is disabled and cannot connect. &nbsp;
Is my assumption on this incorrect? Any help or advice is greatly appreciated. &nbsp;
Thanks
Anthony&nbsp;

nathe · Answer

I don't know specifically with oneconnect but....&nbsp;
If you disable a node existing connections and persistent connections are maintained. i.e. if a node has a persistence entry and a client returns within the timeout then they will still go to the node, even if it is disabled. &nbsp;
With oneconnect as it's keeping open a serverside connection i would imagine this would be the case too.&nbsp;
Force Offline would help with persistent connections but I'm not sure about with oneconnect as, again, existing connections are maintained.&nbsp;
Interesting one, hopefully i've helped and others can confirm/expand on this.&nbsp;
Rgds
N&nbsp;

anthony · Answer

Hi Nathan, thanks for the reply. I will be taking a look at the persistance settings today. I know I have cookie persistance in place, so maybe I need to look at a more widespread change. &nbsp;
The end goal here is that I want to timeout connections within say 30 minutes, regardless of persistance. If you, or anyone else who pops along has info on how I can acheive that I would be very interested to hear it!&nbsp;
Thanks,&nbsp;
Ant&nbsp;

stephanmanthey · Answer

Hi,
the current implementation of OneConnect is designed to be used in combination with HTTP traffic and http profile.
It will respect the tcp idle-timeout settings of assigned tcp-profiles both on client- and serverside  (be aware of default "keepalive timer" settings in your tcp-profile).
As it will "re-cycle" a serverside connection by multiplexing multiple clientside connections into a single serverside connection it might make sense to modify the OneConnect profile mask to 32 bit. Now connections from same client IP will be aggregated/pooled on serverside.
Table based persistence records will be updated with new incoming connections/requests only. Watch them by using tmsh:   
watch tmsh show ltm persist persist-records

Configuration changes apply to new connections only. Especially with OneConnect applied this may have confusing effects. I use to clean up the connection table before running new tests with modified config:  
tmsh delete sys connection

Thanks, Stephan

Forum Discussion

oneconnect profile use

3 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

iRule causing requests to be duplicated (sometimes)

SSL Bridging and FQDN rewrite Policy

How can I get started with iCall

Checking for X-Forwarded-For against an Address Data-Group

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

Related Content

How OneConnect Profile works with Cookie Persistence

How OneConnect Profile's max-size works

Oneconnect profile

Lightboard Lessons: OneConnect

What is HTTP Part VII - OneConnect

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS