cancel
Showing results for 
Search instead for 
Did you mean: 

APM : CCU "Full" session VS Access "LTM_APM" session

Julzor
Altostratus
Altostratus

Hi guys,

 

We are NOT -yet- F5 expert and had to deploy APM ASAP.

 

Everything mainly works, but I still have some doubt about one thing.

We have 2500 licences for concurrent VPN access, and we see the number of Active Sessions rising far more than expected.

 

Mainly it concerns "LTM_APM" session type, which if i understood correctly corresponds to "Access Sessions".

On the other end, we have far less "Full" type sessions which corresponds to CCU session.

 

Can you confirm that the 2500 licences only apply to CCU session (type "Full" in GUI).

 

Can someone explains to me what is an "Access Session"?

With technical and logical words... I've been through multiple F5 documentation explaining it but it's still unclear to me what it does represents.

1 ACCEPTED SOLUTION

Hello Julzor,

 

Your network_access sessions correspond to users accesses through secure VPN connections.

https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-network-access-13-0-0/2.htm...

View solution in original post

4 REPLIES 4

Leonardo_Souza
Cirrocumulus
Cirrocumulus

First the session type just indicates the type of APM session:

 

0691T000008GdAYQA0.png

N/A: Still doing login for example.

network_access: A webtop with a network access resource (VPN)

web_application: A virtual server with APM profile and a rewrite profile (APM doing L7 reverse proxy)

full: A full webtop, can have multiple type of resources, including a network access resource (VPN)

ltm_apm: A virtual server with an APM profile, just for authentication for example.

 

In the list above I have 5 sessions:

 

0691T000008GdDcQAK.png

Those sessions may or may not count as one CCU, it will depend on resource used in the session:

https://support.f5.com/csp/article/K13267

 

You can see the number of CCUs used via command line:

https://support.f5.com/csp/article/K15032

 

Concluding, the tmsh command will tell you how many CCU you have used.

Looking the type of session does not directly indicate that is using a CCU, because you could have a session type full that is only doing Microsoft RDP and that does not use CCUs.

 

 

Julzor
Altostratus
Altostratus

Thank you very much for your answer.

 

We found out that all the LTM_APM were caused by a mistake in our policy.

It's now fixed and we can see almost "full" session only.

 

There is just one thing, we now observe a few (2~3 sessions out of 600) as "network_access".

 

In which case could you have such kind of session?

We only use APM.

 

Thanks again!

Hello Julzor,

 

Your network_access sessions correspond to users accesses through secure VPN connections.

https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-network-access-13-0-0/2.htm...

Leonardo_Souza
Cirrocumulus
Cirrocumulus

Lidev answered your question.

 

Just to add more information, based on the images above.

The network_access type in the image above is my access using BIG-IP Edge client.

However, the type would be the same if I connect via web browser to that URL.