SNAT vs Inline in high performance scenario

Hi Vikky,

I'm supporting LTMs for an Affiliate Ressource provider with pretty much comparable RPS.

It makes absolutely sense for me to inline those rather agressive workloads. In generall the prefered choice should be allways to inline LTM if possible, and only use SNAT if inline is (for whatever silly reason) not possible. By doing so you will remove the max-connection hard limits of an SNAT pool completely...

Note: I'm even wondering how large your SNAT pool must currently be to support 200k/s connections? Did you reserved an entire Class-B subnet for SNAT? ;-)

Removing one iRule (x-forward) would be enough for small speed improvements, but what are others?

Try to avoid iRules if possible for those heavy workloads. LTM policies are executed much faster.

If SSL-offloading is involved you may check your Cipher-Strings and prefer those stuff which is supported by your Cavium SSL-Offload Cards. Switching to Eliptic-Curve may also save lots of cycles...

Also optimize your TCP profiles, to get rid of idle connections much faster. We have noticed, that lots of long living connection hurts the system more than having frequent new connections setups.

Cheers, Kai