on 18-Mar-2020 12:32
With a significant increase in the number of remote workers (for example COVID-19), you may see an increase in the number of SSL VPN connections as well as increased CPU usage. This article covers techniques, from the F5 Sales and Support organizations, designed to optimize SSL VPN connections in order to help mitigate CPU performance issues.
Pete White created a script analysing the BIG-IP configuration and making optimization suggestions : https://devcentral.f5.com/s/articles/APM-Optimisation-Script
To make it more real, I did a video demonstrating the script : https://youtu.be/F0Z1AnM3L54
I've added a simple script to help with APM optimisation
https://devcentral.f5.com/s/articles/APM-Optimisation-Script
The same sort of thing but in an iApp which creates an iCall to run every 5 minutes and change the settings. I have tested that this works but not in a production platform.
https://devcentral.f5.com/s/articles/APM-VPN-Optimisation-iApp
When I try to run the client-traffic-classifier tmsh commands it errors out with this:
tmsh create apm resource client-traffic-classifier client-traffic-classifier-1 { entries add { entry { client-rate-class rate_class_1M dst-ip any dst-mask any dst-port https src-ip any src-mask any } entry0 { client-rate-class rate_class_2M dst-ip any dst-mask any dst-port any src-ip any src-mask any } } }
01071278:3: The client traffic classifier (/Common/client-traffic-classifier-1) has conflict entries ("entry0" rate "/Common/rate_class_2M" from any:0 to any:0 via vpn, "entry" rate "/Common/rate_class_1M" from any:0 to any:443 via vpn).