What exactly does FastL4 profile do?

I found this in a askf5 solution

 

 

FastL4

 

 

Profile: FastL4

 

 

Advantage: Uses PVA to process packets

 

 

When to use: FastL4 is limited in functionality to socket level decisions (for example, src_ip:port dst_ip:port). Thus, you can use FastL4 only when socket level information for each connection is required for the virtual server.

 

 

What exactly does socket level decision mean? I don't think customer would need socket level information for each connection. Does that mean we should not use this profile?

It means that you can't be trying to process anything above Layer 4. So no iRules, no header insertions, no cookie persistence, etc.

 

 

But, on a virtual server that does not require any Layer 7 decision-making, using the FastL4 profile will cause the connection to be processed in the PVA (the Packet Velocity Accelerator ASIC on LTM) and can give you greater performance.

 

 

See SOL 4832 (Click here) for an explanation of the various configuration options that will cause the PVA to be in either Full or Assisted mode.

 

 

Hope that helps,

 

Denny

Just a clarification: limited iRules functionality is available with the FastL4 profile. We use the CLIENT_ACCEPTED event to not persist our legacy Cisco GSS keepalives so they fail when all the servers are down.

 

 

we see everywhere LTM has big performance because it has PVA2 and PVA10 but you know mostly peoples uses full proxy (standard vip) and we dont have any performance. i see f5 anonce new products only cpu based not asic (1600 3600 and news)

 

 

what do you think about this?

 

 

zafer

 

If you want to perform layer7 inspection and/or modification of traffic, it's going to take more time and potentially add latency versus just forwarding packets on. I'm not sure how you get around it. That said, if you compare performance stats on like-for-like functionality, I think F5 comes out ahead of the competitors.

 

 

Aaron

w/ CMP on the newer Intel/AMD CPUs the L4 capacity of the BIG-IP in software is the same or greater than the PVA, with more functionality (no more "this feature can't be done on the PVA"). The combination of CMP and Moore's law has allowed us to do L4 in software at the same or better rate than PVA, at less cost and less corner cases.

 

 

As far as Time to Last Byte and L4/L7, it's probably a configuration problem. Turn of nagling for starters (there's lots of threads on this in DevCentral btw). Try the "lan-optimized" TCP profile. When we measure Time To Last Byte (TTLB) of L4 verus L7 in a LAN setting it's very similar. In a WAN setting, TCPExpress (our TCP stack) can improve TTLB significantly.

 

 

BTW "faster" is a very confusing term, which is why I try to avoid using it. When someone means "faster", do they mean the capacity of the traffic manager or the time to last byte?. (The former affects the latter typically only if the traffic manager is maxed out). L4 is allows more capacity for traffic managers because we aren't doing as much useful work. But that should only matter in high throughput deployment cases (or you bought the wrong size box). TTLB is different measure.

 

 

Paul

Posted By berberz on 09/10/2008 12:09 AM

 

i see f5 anonce new products only cpu based not asic (1600 3600 and news)

 

 

 

 

This is not exactly correct. The new platforms do not have PVA (ASIC) but they do have FPGA's which are programmable at boot.

 

 

Denny

 

 

Hey guys, just to clarify.. Can you still have full iRule support using FastL4 with PVA in assisted mode vs full? are there any other limitations with assisted, other than the first packet being processed in software?

 

 

Also, are there any limitations on pool monitors, load balancing metrics, or performance monitors with fastL4 turned on in full and or assited? Should not be, correct?

 

 

Thanks!

Also someone clarify the last couple paragraphs in this doc;

 

 

https://support.f5.com/kb/en-us/solutions/public/4000/800/sol4832.html

 

 

 

"The In Packet Path column in the PDF files represents values that are displayed based on how the PVA Acceleration status is affected by a feature that is not based directly on the configuration of the virtual server, such as a SNAT or a packet filter.

 

 

For example, the existence of a SNAT does not demote a virtual server's displayed acceleration status to Assisted because there may not be any traffic that matches the SNAT's source address. In this case, the In Virtual Server UI column for SNAT is Full. However, traffic traversing the virtual server that does match the SNAT's source address, is demoted to Assisted. This is represented by the In Packet Path column in the PDF files."

 

 

So let say I'm using SNAT auto map on a VS with the default FastL4 profile enabled, is it operating in assisted mode? would iRules work? Or would I have to manually put it in assisted mode for irules to function...

 

 

Thanks!

Hello all,

 

 

@iRuleYou, I have taken a look at the doc you mention and I believe that if you use (as you describe) "SNAT auto map on a VS with the default FastL4 profile enabled" any traffic NOT matching the SNAT would be treated in FULL PVA mode (all packets accelerated) and any packets which DO match the SNAT will be treated as 'Assisted', meaning the first packet in each connection is processed in software, and each packet thereafter is accelerated.

 

 

From looking at the PDF, it seems that using an iRule with the VS will drop it to 'Assisted' PVA functionality, so the first packet can be dealt with in software. I hope this clears things up for you, if not drop a reply and I'll do my best to respond soon (or perhaps after the weekends debauchery).

 

 

@Yiu Tong Daniel Lo, I've seen problems like this and as Paul Szabo mentioned, profiles are the best place to start - for example using 'wan optimised' profile where a 'lan optimized' profile should be can have a dramatic performance impact.

 

 

Thanks,

 

 

Chris