Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Stefan_Klotz's avatar
Stefan_Klotz
Icon for Cumulonimbus rankCumulonimbus
Jan 13, 2021

OneConnect with /32

Hi there, sorry for bringing up this topic with another new thread, but all the official F5 documentations as well as several devcentral posts doesn't 100% answer my question. Is there any "special...
application delivery
LTM
oneconnect
cjunior's avatar
cjunior
Icon for Nacreous rankNacreous
Jan 21, 2021

Hi, 

As far as I know, OneConnect profile "solve persistence issues" when you are working with CDN and multiple requests over a single connection (HTTP pipelining or else).

Before sending a request to the server, OneConnect tells to BIG-IP to first detach server-side previous used to that source mask, then decide to reuse a connection or perform a load balance and persistence when needed. In another words, with a OneConnect profile, BIG-IP process each HTTP request individually and without it, BIG-IP performs load-balancing only once for each connection.

 

In my understanding, since a CDN is a proxy source for many clients (acting as SNAT), the host source mask /32 is a way to tell to BIG-IP to only reuse connections from same source IP to load balancing the traffic better.

Because as more generic the OneConnect are in source mask, as more server connection reuses it will have, consequently less load balancing will be necessary or performed.

 

When I don't need all benefits from OneConnect within CDN topologies, I use to write an iRule to detach server-side connections as described here:

https://support.f5.com/csp/article/K7964

 

I hope it helps.

 

Best regards