Forum Discussion
pagema1_69881
Mar 08, 2010Nimbostratus
Very Slow Application performance behind F5
We have one application that performs very poorly behind F5. There is a 9 second delay on the initial GET request going through the VIP. If we bypass the F5 to the servers directly there is no delay. Wireshark shows a lot of reassembled PDU's. I'm no guru with captures so I'm not sure what this means. Here is our setup:
SSL Offloading VIP.
one http pool with 2 members.
TCP lan/wan Optimized profiles on VIP, with one connect profile.
We are using SNAT
We tried disabling Nagle's, no effect
Tried enabling proxy max segment, no effect
tried going thru F5 using HTTP only, no effect
If we connect to the servers directly that 9 second initial delay vanishes.
No packet loss on NIC's.
Switch is set to 100MB Full as are F5 Nics.
2 HA LTM 3400 vers 10.0.1.
We do have a case open with support but they have not been able to identify the issue within our TCP Dumps. Has anyone seen this type of delay only on the initial GET Request? Any tips on improving performance? Our other applications behind F5 don't have this delay.
Thanks,
Marc
- hooleylistCirrostratusHi Marc,
- L4L7_53191NimbostratusA 9-second delay sounds a lot like a couple of DNS timeouts may be happening (perhaps there are a few domain suffixes set up somewhere that don't resolve when hitting the VIP?).
- pagema1_69881NimbostratusThanks and I will look at these posts. I will also follow-up once we get a resolution to this. The delay occurs by VIP IP as well as FQDN so I don't think it is DNS related.
- hooleylistCirrostratusNow that Matt mentions it, I remember a customer who was running a Windows based app where the app was trying to do a netbios lookup of the client IP. The netbios query was failing but took a few seconds to time out. A stab in the dark, but something to check on.
- L4L7_53191NimbostratusYep the stuff I've run into was a reverse-stye lookup as well, so even if forward resolution works to the VIP it may be worth checking, esp. with SNAT enabled.
- pagema1_69881NimbostratusUpdated info:
- hooleylistCirrostratusOut of curiosity, is it LTM or on the serverside when the last/next packet is sent during the nine second hang?
- L4L7_53191Nimbostratus@pagema1: note that if it were DNS related it wouldn't affect the ACK coming back from the server at layer 4. The look up that I am referring to happens up the stack on the server side (usually a domain suffix list that is being traversed) and would very likely be a call off-box from the server to some remote system. Speaking of that, have you done a capture on the server side to see what is going on? That would be a solid data point to have if you've not done so already.
- pagema1_69881NimbostratusFollowing up on the second round of packet captures - the file Wireshark_173_030910.pcap (taken on the webserver) shows that the difference in the connection response time is due to some unknown issue within the server itself.
- naladar_65658AltostratusThe only things that pop in my mind are to try turning on source based persistence and and turning off Netbios over DNS on those servers NIC's like what hoolio mentioned. I did that on some Citrix boxes recently and it made a big difference.
Recent Discussions
Related Content
Â
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects