cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.
Martin_Duke
Legacy Employee
Legacy Employee

0151T000003d6xuQAA.png[Update 3/17: Some representative performance results are at the bottom]

Longtime readers know that F5's built-in TCP profiles were in need of a refresh. I'm pleased to announce that in TMOS® version 13.0, available now, there are substantial improvements to the built-in profile scheme. Users expect defaults to reflect best common practice, and we've made a huge step towards that being true.

New Built-in Profiles

We've kept virtually all of the old built-in profiles, for those of you who are happy with them, or have built other profiles that derive from them. But there are four new ones to load directly into your virtual servers or use a basis for your own tuning.

The first three are optimized for particular network use cases: f5-tcp-wan, f5-tcp-lan, and f5-tcp-mobile are updated versions of tcp-wan-optimized, tcp-lan-optimized, and tcp-mobile-optimized. These adapt all settings to the appropriate link types, except that they don't enable the very newest features. If the hosts you're communicating with tend to use one kind of link, these are a great choice.

The fourth is f5-tcp-progressive. This is meant to be a general-use profile (like the tcp default), but it contains the very latest features for early adopters. In our benchmark testing,  we had the following criteria:

  • f5-tcp-wan, f5-tcp-lan, and f5-tcp-mobile achieved throughput at least as high, and often better, than the default tcp profile for that link type.
  • f5-tcp-progressive had equal or higher throughput than default TCP across all representative network types.

The relative performance of f5-tcp-wan/lan/mobile and progressive in each link type will vary given the new features that f5-tcp-progressive enables.

Living, Read-Only Profiles

These four new profiles, and the default 'tcp' profile, are now "living." This means that we'll continually update them with best practices as they evolve. Brand-new features, if they are generally applicable, will immediately appear in f5-tcp-progressive. For our more conservative users, these new features will appear in the other four living profiles after a couple of releases. The default tcp profile hasn't changed yet, but it will in future releases!

These five profiles are also now read-only, meaning that to make modifications you'll have to create a new profile that descends from these. This will aid in troubleshooting. If there are any settings that you like so much that you never want them to change, simply click the "custom" button in the child profile and the changes we push out in the future won't affect your settings.

How This Affects Your Existing Custom Profiles

If you've put thought into your TCP profiles, we aren't going to mess with it. If your profile descends from any of the previous built-ins besides default 'tcp,' there is no change to settings whatsoever.

Upgrades to 13.0 will automatically prevent disruptions to your configuration. We've copied all of the default tcp profile settings to tcp-legacy, which is not a "living" profile. All of the old built-in profiles (like tcp-wan-optimized), and any custom profiles descended from default tcp, will now descend instead from tcp-legacy, and never change due to upgrades from F5. tcp-legacy will also include any modifications you made to the default tcp profile, as this profile is not read-only.

Our data shows that few, if any, users are using the current (TMOS 12.1 and before) tcp-legacy settings.If you are, it is wise to make a note of those settings before you upgrade.

How This Affects Your Existing Virtual Servers

As the section above describes, if your virtual server uses any profile other than default 'tcp' or tcp-legacy, there will be no settings change at all. Given the weaknesses of the current default settings, we believe most users who use virtuals with the TCP default are not carefully considering their settings. Those virtuals will continue to use the default profile, and therefore settings will begin to evolve as we modernize the default profile in 13.1 and later releases.

If you very much like the default TCP profile, perhaps because you customized it when it wasn't read-only, you should manually change the virtual to use tcp-legacy with no change in behavior.

Use the New Profiles for Better Performance

The internet changes. Bandwidths increase, we develop better algorithms to automatically tune your settings, and the TCP standard itself evolves. If you use the new profile framework, you'll keep up with the state of the art and maximize the throughput your applications receive. 

Below, I've included some throughput measurements from our in-house testing. We used parameters representative of seven different link types and measured the throughput using some relevant built-in profiles. Obviously, the performance in your deployment may vary. Aside from LANs, where frankly tuning isn't all that hard, the benefits are pretty clear.

0151T000003d6xvQAA.png

0151T000003d6xwQAA.png

0151T000003d6xxQAA.png

0151T000003d6xyQAA.png

0151T000003d6xzQAA.png

0151T000003d6y0QAA.png

0151T000003d6y1QAA.png

Comments

Great stuff!

 

cjbarr1234
Nimbostratus
Nimbostratus

yes exciting! "In our benchmark testing, we had the following criteria:" Can you post the benchmark?

 

Martin_Duke
Legacy Employee
Legacy Employee

I cannot at this time.

 

cjbarr1234
Nimbostratus
Nimbostratus

Ok, just some feedback on your post then Martin. This is great material, but seems a bit "fluff" marketing. Some awesome information that We engineers love are details into how you depicted this information into this release of information. Some justification into statistics on how to determine profiles would be great. This in-itself generates a lot of business in and outside of F5 with these advancements in future networking optimization.

 

Martin_Duke
Legacy Employee
Legacy Employee

I put up some charts comparing throughput for various profiles.

 

If you want further insight "on how to determine profiles", as you put it, please read the other articles in the series.

 

Ismael_Goncalv1
Historic F5 Account

The settings for the new TCP profiles, could they be used on v11.x or v.12.x or are they exclusive for v.13.x onwards?

 

Martin_Duke
Legacy Employee
Legacy Employee

We're not backporting the built-in profiles, but there's no reason you couldn't copy the settings into a custom profile. Of course, you'd have to skip features that don't exist in earlier versions.

 

Kevin_Mason
Nimbostratus
Nimbostratus

There are a lot of details missing from the performance results, such as latency, loss rates, available bandwidth. These are needed to understand the results and to make a useful comparison

Version history
Last update:
‎01-Mar-2017 07:16
Updated by:
Contributors